From 93a52a9d7b3eb50918a5f672d20815c92a2bc438 Mon Sep 17 00:00:00 2001 From: Christian Theune Date: Fri, 14 Jun 2024 10:55:36 +0200 Subject: [PATCH] mailserver: ignore vmail user for garbage collection scan This also introduces the ability to exclude specific users from scanning them for automatic garbage collection roots - which can reduce load drastically. Re PL-132331 --- nixos/platform/collect-garbage.nix | 8 ++++++++ nixos/services/mail/default.nix | 2 ++ pkgs/fc/agent/fc/manage/collect_garbage.py | 16 +++++++++++++++- .../fc/manage/tests/test_collect_garbage.py | 4 ++++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/nixos/platform/collect-garbage.nix b/nixos/platform/collect-garbage.nix index 4f60e44e2..99583774a 100644 --- a/nixos/platform/collect-garbage.nix +++ b/nixos/platform/collect-garbage.nix @@ -16,12 +16,20 @@ in { collect-garbage = mkEnableOption "automatic scanning for Nix store references and garbage collection"; + userscan-ignore-users = lib.mkOption { + default = []; + type = types.listOf types.str; + description = "Users to ignore while scanning for store references."; + }; }; }; config = lib.mkMerge [ { environment.etc."userscan/exclude".source = ./collect-garbage-userscan.exclude; + environment.etc."userscan/ignore-users".text = ( + lib.concatStringsSep "\n" config.flyingcircus.agent.userscan-ignore-users + ); systemd.tmpfiles.rules = [ "f ${log}" ]; diff --git a/nixos/services/mail/default.nix b/nixos/services/mail/default.nix index edbaa3725..8acd98a0b 100644 --- a/nixos/services/mail/default.nix +++ b/nixos/services/mail/default.nix @@ -233,6 +233,8 @@ in { vmailUserName = "vmail"; }; + flyingcircus.agent.userscan-ignore-users = [ "vmail" ]; + services.dovecot2.extraConfig = '' passdb { driver = passwd-file diff --git a/pkgs/fc/agent/fc/manage/collect_garbage.py b/pkgs/fc/agent/fc/manage/collect_garbage.py index 595ecdd7a..87cceb8e6 100644 --- a/pkgs/fc/agent/fc/manage/collect_garbage.py +++ b/pkgs/fc/agent/fc/manage/collect_garbage.py @@ -3,6 +3,7 @@ import pwd import subprocess from pathlib import Path +from typing import List, Optional import fc.util.lock import structlog @@ -56,6 +57,14 @@ def collect_garbage( default="/run/lock", help="Where the lock file for exclusive operations should be placed.", ), + ignore_users_file: Path = Option( + exists=True, + file_okay=True, + dir_okay=False, + readable=True, + default="/etc/userscan/ignore-users", + help="File with names of users to ignore for fc-userscan", + ), ): init_logging(verbose, syslog_identifier="fc-collect-garbage") log = structlog.get_logger() @@ -63,10 +72,15 @@ def collect_garbage( log.debug("collect-garbage-start") return_codes = [] + + with ignore_users_file.open("r") as f: + ignore_users = set([x.strip() for x in f]) users_to_scan = [ user for user in pwd.getpwall() - if user.pw_uid >= 1000 and user.pw_dir != "/var/empty" + if user.pw_uid >= 1000 + and user.pw_dir != "/var/empty" + and user.pw_name not in ignore_users ] log.info( "userscan-start", diff --git a/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py b/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py index 8595f2b36..441a603ca 100644 --- a/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py +++ b/pkgs/fc/agent/fc/manage/tests/test_collect_garbage.py @@ -28,6 +28,8 @@ def test_invoke(locked, getpwall: Mock, run, popen, tmpdir, log, logger): runner = typer.testing.CliRunner() exclude_file = tmpdir / "fc-userscan.exclude" exclude_file.write_text("ignorethis", encoding="utf8") + ignore_user_file = tmpdir / "fc-userscan.ignore_users" + ignore_user_file.write_text("notthisuser", encoding="utf8") args = ( "--verbose", @@ -37,6 +39,8 @@ def test_invoke(locked, getpwall: Mock, run, popen, tmpdir, log, logger): tmpdir, "--exclude-file", exclude_file, + "--ignore-users-file", + ignore_user_file, ) result = runner.invoke(fc.manage.collect_garbage.app, args)