tvl-depot/users/tazjin/nixos/modules/geesefs.nix
Vincent Ambo ac94bf46a6 fix(tazjin/koptevo): minor reliability fixes for music setup
* zramSwap: during reindexing, geesefs can be pushed to the boundaries
  of what the new overaggressive OOM killer accepts, and I don't want
  to bother configuring that thing instead.

* umount: geesefs dying unexpectedly leaves broken mounts around,
  clean these up before proceeding

This bakes in the assumption that there's only ever one geesefs
service, but that assumption is baked in anyways.

Change-Id: Id85c2f5bc2312a7246ea20229eb36d2cc1bd82c0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9500
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-10-01 14:26:41 +00:00

38 lines
1.1 KiB
Nix

{ depot, pkgs, ... }:
{
imports = [
(depot.third_party.agenix.src + "/modules/age.nix")
];
age.secrets.geesefs-tazjins-files.file = depot.users.tazjin.secrets."geesefs-tazjins-files.age";
programs.fuse.userAllowOther = true;
systemd.services.geesefs = {
description = "geesefs @ tazjins-files";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.fuse ];
serviceConfig = {
# TODO: can't get fusermount to work for non-root users (e.g. DynamicUser) here, why?
Restart = "always";
LoadCredential = "geesefs-tazjins-files:/run/agenix/geesefs-tazjins-files";
StateDirectory = "geesefs";
ExecStartPre = "/run/wrappers/bin/umount -a -t fuse.geesefs";
};
script = ''
set -u # bail out if systemd is misconfigured ...
set -x
mkdir -p $STATE_DIRECTORY/tazjins-files $STATE_DIRECTORY/cache
${depot.third_party.geesefs}/bin/geesefs \
-f -o allow_other \
--cache $STATE_DIRECTORY/cache \
--shared-config $CREDENTIALS_DIRECTORY/geesefs-tazjins-files \
tazjins-files $STATE_DIRECTORY/tazjins-files
'';
};
}