cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-18 15:18:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

lxc: dovecot sysctl: warn but skip when running in shared-kernel container

Browse Source 
Replace the CHATMAIL_NOSYSCTL guard with an explicit systemd-detect-virt -c check.
This commit is contained in:
holger krekel
2026-03-08 18:13:00 +01:00
parent 783904f244
commit 6c95eeea80
1 changed files with 19 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
cmdeploy/src/cmdeploy/dovecot/deployer.py
View File

@@ -1,9 +1,8 @@
import os
import urllib.request import urllib.request
from chatmaild.config import Config from chatmaild.config import Config
from pyinfra import host from pyinfra import host
from pyinfra.facts.server import Arch, Sysctl from pyinfra.facts.server import Arch, Command, Sysctl
from pyinfra.facts.systemd import SystemdEnabled from pyinfra.facts.systemd import SystemdEnabled
from pyinfra.operations import apt, files, server, systemd from pyinfra.operations import apt, files, server, systemd
@@ -137,23 +136,25 @@ def _configure_dovecot(config: Config, debug: bool = False) -> (bool, bool):
# as per https://doc.dovecot.org/2.3/configuration_manual/os/ # as per https://doc.dovecot.org/2.3/configuration_manual/os/
# it is recommended to set the following inotify limits # it is recommended to set the following inotify limits
if not os.environ.get("CHATMAIL_NOSYSCTL"): can_modify = host.get_fact(Command, "systemd-detect-virt -c || true") == "none"
for name in ("max_user_instances", "max_user_watches"): for name in ("max_user_instances", "max_user_watches"):
key = f"fs.inotify.{name}" key = f"fs.inotify.{name}"
if host.get_fact(Sysctl)[key] > 65535: value = host.get_fact(Sysctl)[key]
# Skip updating limits if already sufficient if value > 65534:
# (enables running in incus containers where sysctl readonly) continue
continue if not can_modify:
# in containers the following can fail see also print(
# https://docs.pyinfra.com/en/3.x/arguments.html#operation-meta-callbacks "\n!!!! refusing to attempt sysctl setting in shared-kernel containers\n"
server.sysctl( f"!!!! dovecot: sysctl {key!r}={value}, should be >65535 for production setups\n"
name=f"Change {key}", "!!!!"
key=key,
value=65535,
persist=True,
_ignore_errors=True,
_continue_on_error=True,
) )
continue
server.sysctl(
name=f"Change {key}",
key=key,
value=65535,
persist=True,
)
timezone_env = files.line( timezone_env = files.line(
name="Set TZ environment variable", name="Set TZ environment variable",