From cf6ef5e9cad9516d88c04a10968c51aa75220f60 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 17 Jun 2025 21:55:12 +0200 Subject: [PATCH 1/3] Create per service debug logging toggles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enabling the rspamd debug log drowns out everything else and should be selected explicitly as needed. The external test does not require it and removing it makes it much (~40.5%) faster, since it now does not block on terminal output anymore. Before: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 151.737 s ± 1.074 s [User: 0.310 s, System: 0.289 s] Range (min … max): 150.321 s … 153.512 s 10 runs ``` After: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 90.531 s ± 0.557 s [User: 0.054 s, System: 0.045 s] Range (min … max): 89.579 s … 91.278 s 10 runs ``` --- default.nix | 36 ++++++++++++++++++++++++++++-------- mail-server/dovecot.nix | 2 +- mail-server/rspamd.nix | 2 +- tests/external.nix | 2 +- 4 files changed, 31 insertions(+), 11 deletions(-) diff --git a/default.nix b/default.nix index 60d9cec..e10bd92 100644 --- a/default.nix +++ b/default.nix @@ -1026,14 +1026,34 @@ in }; }; - debug = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable verbose logging for mailserver related services. This - intended be used for development purposes only, you probably don't want - to enable this unless you're hacking on nixos-mailserver. - ''; + debug = { + all = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable verbose logging for all mailserver related services. + This intended be used for development purposes only, you probably + don't want to enable this unless you're hacking on nixos-mailserver. + ''; + }; + + dovecot = mkOption { + type = types.bool; + default = cfg.debug.all; + defaultText = lib.literalExpression "config.mailserver.debug.all"; + description = '' + Whether to enable verbose logging for Dovecot. + ''; + }; + + rspamd = mkOption { + type = types.bool; + default = cfg.debug.all; + defaultText = lib.literalExpression "config.mailserver.debug.all"; + description = '' + Whether to enable verbose logging for Rspamd. + ''; + }; }; maxConnectionsPerUser = mkOption { diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index d2da51b..da9f569 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -262,7 +262,7 @@ in extraConfig = '' #Extra Config - ${lib.optionalString cfg.debug '' + ${lib.optionalString cfg.debug.dovecot '' mail_debug = yes auth_debug = yes verbose_ssl = yes diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix index 7ed2a0e..257cac7 100644 --- a/mail-server/rspamd.nix +++ b/mail-server/rspamd.nix @@ -67,7 +67,7 @@ in services.rspamd = { enable = true; - inherit (cfg) debug; + debug = cfg.debug.rspamd; locals = { "milter_headers.conf" = { text = '' diff --git a/tests/external.nix b/tests/external.nix index 82abb65..c01f9ac 100644 --- a/tests/external.nix +++ b/tests/external.nix @@ -39,7 +39,7 @@ mailserver = { enable = true; - debug = true; + debug.dovecot = true; # enabled for sieve script logging fqdn = "mail.example.com"; domains = [ "example.com" From f08ee8da38f6a475e05b71da44dde8f3a0d22de9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 17 Jun 2025 21:58:10 +0200 Subject: [PATCH 2/3] tests: provide a second cpu core MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Provides a small (~7.5%) reduction in the test runtime measured for the external test: Before: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 151.737 s ± 1.074 s [User: 0.310 s, System: 0.289 s] Range (min … max): 150.321 s … 153.512 s 10 runs ``` After: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 140.647 s ± 1.092 s [User: 0.331 s, System: 0.296 s] Range (min … max): 138.536 s … 142.298 s 10 runs ``` --- tests/lib/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/lib/config.nix b/tests/lib/config.nix index fe66875..6708f50 100644 --- a/tests/lib/config.nix +++ b/tests/lib/config.nix @@ -1,4 +1,12 @@ +{ + lib, + ... +}: + { # Testing eval failures that result from stateVersion assertion is out of scope mailserver.stateVersion = 999; + + # Enable second CPU core + virtualisation.cores = lib.mkDefault 2; } From 0774c93ae638ac8e486d857544e16e37281cdb48 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 17 Jun 2025 22:00:34 +0200 Subject: [PATCH 3/3] tests: make rspamd not block on dns queries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These will never suceed while running the tests in the Nix sandbox, and skipping them leads to very noticable (~51%) speedups. Before: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 151.737 s ± 1.074 s [User: 0.310 s, System: 0.289 s] Range (min … max): 150.321 s … 153.512 s 10 runs ``` After: ``` Benchmark 1: nix build .#hydraJobs.x86_64-linux.external-unstable --rebuild Time (mean ± σ): 74.010 s ± 0.746 s [User: 0.269 s, System: 0.266 s] Range (min … max): 72.814 s … 75.190 s 10 runs ``` --- tests/lib/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/lib/config.nix b/tests/lib/config.nix index 6708f50..f13f15a 100644 --- a/tests/lib/config.nix +++ b/tests/lib/config.nix @@ -9,4 +9,13 @@ # Enable second CPU core virtualisation.cores = lib.mkDefault 2; + + # Don't make tests block on DNS requests that will never succeed + services.rspamd.locals."options.inc".text = '' + dns { + nameservers = ["127.0.0.1"]; + timeout = 0.0s; + retransmits = 0; + } + ''; }