mailserver: ignore vmail user for garbage collection scan

This also introduces the ability to exclude specific users from scanning them for automatic garbage collection roots - which can reduce load drastically. Re PL-132331
flyingcircusio · Jun 14, 2024 · 93a52a9 · 93a52a9
1 parent be77ec6
commit 93a52a9
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 1 deletion.
diff --git a/nixos/platform/collect-garbage.nix b/nixos/platform/collect-garbage.nix
@@ -16,12 +16,20 @@ in {
       collect-garbage =
         mkEnableOption
         "automatic scanning for Nix store references and garbage collection";
+      userscan-ignore-users = lib.mkOption {
+        default = [];
+        type = types.listOf types.str;
+        description = "Users to ignore while scanning for store references.";
+      };
     };
   };
 
   config = lib.mkMerge [
     {
       environment.etc."userscan/exclude".source = ./collect-garbage-userscan.exclude;
+      environment.etc."userscan/ignore-users".text = (
+        lib.concatStringsSep "\n" config.flyingcircus.agent.userscan-ignore-users
+      );
       systemd.tmpfiles.rules = [
         "f ${log}"
       ];

diff --git a/nixos/services/mail/default.nix b/nixos/services/mail/default.nix
@@ -233,6 +233,8 @@ in {
         vmailUserName = "vmail";
       };
 
+      flyingcircus.agent.userscan-ignore-users = [ "vmail" ];
+
       services.dovecot2.extraConfig = ''
         passdb {
           driver = passwd-file

diff --git a/pkgs/fc/agent/fc/manage/collect_garbage.py b/pkgs/fc/agent/fc/manage/collect_garbage.py
@@ -3,6 +3,7 @@
 import pwd
 import subprocess
 from pathlib import Path
+from typing import List, Optional
 
 import fc.util.lock
 import structlog
@@ -56,17 +57,30 @@ def collect_garbage(
         default="/run/lock",
         help="Where the lock file for exclusive operations should be placed.",
     ),
+    ignore_users_file: Path = Option(
+        exists=True,
+        file_okay=True,
+        dir_okay=False,
+        readable=True,
+        default="/etc/userscan/ignore-users",
+        help="File with names of users to ignore for fc-userscan",
+    ),
 ):
     init_logging(verbose, syslog_identifier="fc-collect-garbage")
     log = structlog.get_logger()
 
     log.debug("collect-garbage-start")
 
     return_codes = []
+
+    with ignore_users_file.open("r") as f:
+        ignore_users = set([x.strip() for x in f])
     users_to_scan = [
         user
         for user in pwd.getpwall()
-        if user.pw_uid >= 1000 and user.pw_dir != "/var/empty"
+        if user.pw_uid >= 1000
+        and user.pw_dir != "/var/empty"
+        and user.pw_name not in ignore_users
     ]
     log.info(
         "userscan-start",

diff --git a/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py b/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py
@@ -28,6 +28,8 @@ def test_invoke(locked, getpwall: Mock, run, popen, tmpdir, log, logger):
     runner = typer.testing.CliRunner()
     exclude_file = tmpdir / "fc-userscan.exclude"
     exclude_file.write_text("ignorethis", encoding="utf8")
+    ignore_user_file = tmpdir / "fc-userscan.ignore_users"
+    ignore_user_file.write_text("notthisuser", encoding="utf8")
 
     args = (
         "--verbose",
@@ -37,6 +39,8 @@ def test_invoke(locked, getpwall: Mock, run, popen, tmpdir, log, logger):
         tmpdir,
         "--exclude-file",
         exclude_file,
+        "--ignore-users-file",
+        ignore_user_file,
     )
     result = runner.invoke(fc.manage.collect_garbage.app, args)