feat(automatic-gc): robust way to disable automatic-gc r/7835

We just had a minor incident where apparently our build cache for the
critical security fix was deleted by automatic-gc (which I had stopped
manually) being reenabled by an unrelated whitby deploy.

This adds a new mechanism where by touching a file called
`/run/stop-automatic-gc` the GC can be prevented from running.

We might want to configure an occasional alert or something if this
file exists, so we don't forget about it when we are using it.

Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>

1 files changed, 5 insertions, 0 deletions

diff --git a/ops/modules/automatic-gc.nix b/ops/modules/automatic-gc.nix
index ad53a63f7f..003f160919 100644
--- a/ops/modules/automatic-gc.nix
+++ b/ops/modules/automatic-gc.nix
@@ -13,6 +13,11 @@ let
   gcScript = pkgs.writeShellScript "automatic-nix-gc" ''
     set -ueo pipefail
 
+    if [ -e /run/stop-automatic-gc ]; then
+      echo "GC is disabled through /run/stop-automatic-gc"
+      exit 0
+    fi
+
     readonly MIN_THRESHOLD_KIB="${toString (GiBtoKiB cfg.diskThreshold)}"
     readonly MAX_FREED_BYTES="${toString (GiBtoBytes cfg.maxFreed)}"
     readonly GEN_THRESHOLD="${cfg.preserveGenerations}"