From 2b4e18d16f2eb650e97487f258465df827076b65 Mon Sep 17 00:00:00 2001
From: Adon Metcalfe <adonm@fastmail.fm>
Date: Sat, 26 Apr 2025 21:59:21 +0800
Subject: [PATCH] Only update sysctl settings if needed

If running in a constrained environment (e.g. an incus / systemd container), setting sysctl limits is constrained, this tweak just checks existing settings and if large enough continues instead of applying
---
 cmdeploy/src/cmdeploy/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 91d8921c..11da2e17 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -13,6 +13,7 @@ from chatmaild.config import Config, read_config
 from pyinfra import facts, host
 from pyinfra.api import FactBase
 from pyinfra.facts.files import File
+from pyinfra.facts.server import Sysctl
 from pyinfra.facts.systemd import SystemdEnabled
 from pyinfra.operations import apt, files, pip, server, systemd
 
@@ -363,6 +364,10 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
     # it is recommended to set the following inotify limits
     for name in ("max_user_instances", "max_user_watches"):
         key = f"fs.inotify.{name}"
+        if host.get_fact(Sysctl)[key] > 65535:
+            # Skip updating limits if already sufficient
+            # (enables running in incus containers where sysctl readonly)
+            continue 
         server.sysctl(
             name=f"Change {key}",
             key=key,