diff --git a/hosts/by-name/servo/fs.nix b/hosts/by-name/servo/fs.nix index 089166ba0..88f74a692 100644 --- a/hosts/by-name/servo/fs.nix +++ b/hosts/by-name/servo/fs.nix @@ -14,7 +14,7 @@ # show zfs datasets: `zfs list` (will be empty if haven't imported) # show zfs properties (e.g. compression): `zfs get all pool` # set zfs properties: `zfs set compression=on pool` -{ ... }: +{ lib, pkgs, ... }: { # hostId: not used for anything except zfs guardrail? @@ -131,6 +131,20 @@ the contents should be a subset of what's in ../media/datasets. ''; + systemd.services.dedupe-media = { + description = "transparently de-duplicate /var/media entries by using block-level hardlinks"; + script = '' + ${lib.getExe' pkgs.util-linux "hardlink"} /var/media --reflink=always --ignore-time --verbose + ''; + }; + systemd.timers.dedupe-media = { + wantedBy = [ "multi-user.target" ]; + timerConfig = { + OnStartupSec = "23min"; + OnUnitActiveSec = "720min"; + }; + }; + # btrfs doesn't easily support swapfiles # swapDevices = [ # { device = "/nix/persist/swapfile"; size = 4096; } diff --git a/hosts/by-name/servo/services/transmission/default.nix b/hosts/by-name/servo/services/transmission/default.nix index 460438947..2166ce2b4 100644 --- a/hosts/by-name/servo/services/transmission/default.nix +++ b/hosts/by-name/servo/services/transmission/default.nix @@ -31,7 +31,6 @@ let "coreutils" "findutils" "rsync" - "util-linux" ]; }; in @@ -107,16 +106,31 @@ in script-torrent-done-filename = "${torrent-done}/bin/torrent-done"; }; - systemd.services.transmission.after = [ "wireguard-wg-ovpns.service" ]; - systemd.services.transmission.partOf = [ "wireguard-wg-ovpns.service" ]; - systemd.services.transmission.serviceConfig = { + systemd.services.transmission = { + after = [ "wireguard-wg-ovpns.service" ]; + partOf = [ "wireguard-wg-ovpns.service" ]; + environment.TR_DEBUG = "1"; # run this behind the OVPN static VPN - NetworkNamespacePath = "/run/netns/ovpns"; - ExecStartPre = [ "${lib.getExe pkgs.sane-scripts.ip-check} --no-upnp --expect ${config.sane.netns.ovpns.netnsPubIpv4}" ]; # abort if public IP is not as expected + serviceConfig.NetworkNamespacePath = "/run/netns/ovpns"; + serviceConfig.ExecStartPre = [ "${lib.getExe pkgs.sane-scripts.ip-check} --no-upnp --expect ${config.sane.netns.ovpns.netnsPubIpv4}" ]; # abort if public IP is not as expected - Restart = "on-failure"; - RestartSec = "30s"; - BindPaths = [ "/var/media" ]; #< so it can move completed torrents into the media library + serviceConfig.Restart = "on-failure"; + serviceConfig.RestartSec = "30s"; + serviceConfig.BindPaths = [ "/var/media" ]; #< so it can move completed torrents into the media library + serviceConfig.SystemCallFilter = lib.mkForce [ + # the torrent-done script does stuff which fails the nixos default syscall filter. + # allow a bunch of stuff, speculatively, to hopefully fix that: + "@aio" + "@basic-io" + "@chown" + "@file-system" + "@io-event" + "@process" + "@sandbox" + "@sync" + "@system-service" + "quotactl" + ]; }; # service to automatically backup torrents i add to transmission diff --git a/hosts/by-name/servo/services/transmission/torrent-done b/hosts/by-name/servo/services/transmission/torrent-done index 253461412..32c817aed 100755 --- a/hosts/by-name/servo/services/transmission/torrent-done +++ b/hosts/by-name/servo/services/transmission/torrent-done @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i bash -p acl -p bash -p coreutils -p findutils -p rsync -p util-linux +#!nix-shell -i bash -p acl -p bash -p coreutils -p findutils -p rsync # transmission invokes this with no args, and the following env vars: # - TR_TORRENT_DIR: full path to the folder i told transmission to download it to. @@ -7,7 +7,6 @@ # optionally: # - TR_DRY_RUN=1 # - TR_DEBUG=1 -# - TR_NO_HARDLINK=1 DOWNLOAD_DIR=/var/media/torrents @@ -67,10 +66,3 @@ destructive find "$MEDIA_DIR/" -type f \(\ -o -iname 'YIFY*.com.txt' \ -o -iname 'YTS*.com.txt' \ \) -exec rm {} \; - -if ! [ -n "${TR_NO_HARDLINK}" ]; then - # dedupe the whole media library. - # yeah, a bit excessive: move this to a cron job if that's problematic - # or make it run with only 1/N probability, etc. - destructive hardlink /var/media --reflink=always --ignore-time --verbose -fi