From 3e900ed9cdd628dc8e9de15e495fa4878191f4fa Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 29 Nov 2022 22:43:59 +0000
Subject: [PATCH] Convert nginx to use a systemd timer for cleanup

---
 cookbooks/nginx/metadata.rb                   |  1 +
 cookbooks/nginx/recipes/default.rb            | 25 ++++++++++++++++---
 .../default/nginx-old-cache-cleanup.erb       |  6 +++--
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/cookbooks/nginx/metadata.rb b/cookbooks/nginx/metadata.rb
index cd321f6da..6534c587e 100644
--- a/cookbooks/nginx/metadata.rb
+++ b/cookbooks/nginx/metadata.rb
@@ -11,3 +11,4 @@ depends           "munin"
 depends           "networking"
 depends           "prometheus"
 depends           "ssl"
+depends           "systemd"
diff --git a/cookbooks/nginx/recipes/default.rb b/cookbooks/nginx/recipes/default.rb
index 7053cb1b5..72f93e849 100644
--- a/cookbooks/nginx/recipes/default.rb
+++ b/cookbooks/nginx/recipes/default.rb
@@ -74,9 +74,26 @@ template "/usr/local/bin/nginx-old-cache-cleanup" do
   mode "755"
 end
 
-cron_d "nginx-old-cache-cleanup" do
-  minute "15"
-  hour "23"
+systemd_service "nginx-old-cache-cleanup" do
+  description "Cleanup nginx cache"
+  exec_start "/usr/local/bin/nginx-old-cache-cleanup"
   user "www-data"
-  command "/usr/bin/timeout 6h /usr/local/bin/nginx-old-cache-cleanup"
+  nice 19
+  io_scheduling_class "idle"
+  runtime_max_sec 6 * 60 * 60
+  sandbox true
+  read_write_paths "/var/cache/nginx"
+end
+
+systemd_timer "nginx-old-cache-cleanup" do
+  description "Cleanup nginx cache"
+  on_calendar "23:15"
+end
+
+service "nginx-old-cache-cleanup.timer" do
+  action [:enable, :start]
+end
+
+cron_d "nginx-old-cache-cleanup" do
+  action :delete
 end
diff --git a/cookbooks/nginx/templates/default/nginx-old-cache-cleanup.erb b/cookbooks/nginx/templates/default/nginx-old-cache-cleanup.erb
index a67931bff..7bd158fc6 100644
--- a/cookbooks/nginx/templates/default/nginx-old-cache-cleanup.erb
+++ b/cookbooks/nginx/templates/default/nginx-old-cache-cleanup.erb
@@ -1,10 +1,12 @@
 #!/bin/bash
+
 set -e
-/usr/bin/renice -n 19 $$ >/dev/null
-/usr/bin/ionice -c 3 -p $$ >/dev/null
+
 [[ -d "/var/cache/nginx/fastcgi-cache" ]] && /usr/bin/find /var/cache/nginx/fastcgi-cache/?/??/ -maxdepth 1 -type f -delete 2>/dev/null || /bin/true
 [[ -d "/var/cache/nginx/fastcgi-cache" ]] && /usr/bin/find /var/cache/nginx/fastcgi-cache/ -maxdepth 2 -mindepth 2 -type d -wholename '*/?/??' -delete
 [[ -d "/var/cache/nginx/fastcgi-cache" ]] && /usr/bin/find /var/cache/nginx/fastcgi-cache/ -maxdepth 1 -mindepth 1 -type d -wholename '*/?' -delete
 [[ -d "/var/cache/nginx/proxy-cache" ]] && /usr/bin/find /var/cache/nginx/proxy-cache/?/??/ -maxdepth 1 -type f -delete 2>/dev/null || /bin/true
 [[ -d "/var/cache/nginx/proxy-cache" ]] && /usr/bin/find /var/cache/nginx/proxy-cache/ -maxdepth 2 -mindepth 2 -type d -wholename '*/?/??' -delete
 [[ -d "/var/cache/nginx/proxy-cache" ]] && /usr/bin/find /var/cache/nginx/proxy-cache/ -maxdepth 1 -mindepth 1 -type d -wholename '*/?' -delete
+
+exit 0
-- 
2.43.2