From 9204b58f158cedb1cff7746c7d465573952e1c4f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 1 Apr 2024 00:36:08 +0300 Subject: feat(automatic-gc): robust way to disable automatic-gc We just had a minor incident where apparently our build cache for the critical security fix was deleted by automatic-gc (which I had stopped manually) being reenabled by an unrelated whitby deploy. This adds a new mechanism where by touching a file called `/run/stop-automatic-gc` the GC can be prevented from running. We might want to configure an occasional alert or something if this file exists, so we don't forget about it when we are using it. Change-Id: I041e57e24b2b684696164a2d516581d7f5696ef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/11326 Tested-by: BuildkiteCI Autosubmit: tazjin Reviewed-by: flokli --- ops/modules/automatic-gc.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'ops') diff --git a/ops/modules/automatic-gc.nix b/ops/modules/automatic-gc.nix index ad53a63f7f16..003f160919f6 100644 --- a/ops/modules/automatic-gc.nix +++ b/ops/modules/automatic-gc.nix @@ -13,6 +13,11 @@ let gcScript = pkgs.writeShellScript "automatic-nix-gc" '' set -ueo pipefail + if [ -e /run/stop-automatic-gc ]; then + echo "GC is disabled through /run/stop-automatic-gc" + exit 0 + fi + readonly MIN_THRESHOLD_KIB="${toString (GiBtoKiB cfg.diskThreshold)}" readonly MAX_FREED_BYTES="${toString (GiBtoBytes cfg.maxFreed)}" readonly GEN_THRESHOLD="${cfg.preserveGenerations}" -- cgit 1.4.1