ac94bf46a6
* zramSwap: during reindexing, geesefs can be pushed to the boundaries of what the new overaggressive OOM killer accepts, and I don't want to bother configuring that thing instead. * umount: geesefs dying unexpectedly leaves broken mounts around, clean these up before proceeding This bakes in the assumption that there's only ever one geesefs service, but that assumption is baked in anyways. Change-Id: Id85c2f5bc2312a7246ea20229eb36d2cc1bd82c0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9500 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
38 lines
1.1 KiB
Nix
38 lines
1.1 KiB
Nix
{ depot, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
(depot.third_party.agenix.src + "/modules/age.nix")
|
|
];
|
|
|
|
age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age";
|
|
programs.fuse.userAllowOther = true;
|
|
|
|
systemd.services.geesefs = {
|
|
description = "geesefs @ tazjins-files";
|
|
wantedBy = [ "multi-user.target" ];
|
|
path = [ pkgs.fuse ];
|
|
|
|
serviceConfig = {
|
|
# TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why?
|
|
|
|
Restart = "always";
|
|
LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files";
|
|
StateDirectory = "geesefs";
|
|
ExecStartPre = "/run/wrappers/bin/umount -a -t fuse.geesefs";
|
|
};
|
|
|
|
script = ''
|
|
set -u # bail out if systemd is misconfigured ...
|
|
set -x
|
|
|
|
mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache
|
|
|
|
${depot.third_party.geesefs}/bin/geesefs \
|
|
-f -o allow_other \
|
|
--cache $STATE_DIRECTORY/cache \
|
|
--shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \
|
|
tazjins-files $STATE_DIRECTORY/tazjins-files
|
|
'';
|
|
};
|
|
}
|