programs: place TMPDIR on ephemeral storage for select programs which demand a lot of it

2024-12-17 10:26:34 +00:00
parent ebd55cdf3b
commit bc15a876ff
3 changed files with 30 additions and 12 deletions
--- a/hosts/common/programs/fractal.nix
+++ b/hosts/common/programs/fractal.nix
@@ -26,6 +26,16 @@ in
    # stock fractal once used to take 2+hr to link: switch back to fractal-nixified should that happen again
    # packageUnwrapped = pkgs.fractal-nixified.optimized;

+    configOption = with lib; mkOption {
+      default = {};
+      type = types.submodule {
+        options.autostart = mkOption {
+          type = types.bool;
+          default = true;
+        };
+      };
+    };
+
    sandbox.net = "clearnet";
    sandbox.whitelistAudio = true;
    sandbox.whitelistDbus = [ "user" ];  # notifications
@@ -44,16 +54,7 @@ in
      "Videos/servo"
      "tmp"
    ];
-
-    configOption = with lib; mkOption {
-      default = {};
-      type = types.submodule {
-        options.autostart = mkOption {
-          type = types.bool;
-          default = true;
-        };
-      };
-    };
+    sandbox.tmpDir = ".cache/fractal/tmp";  # 10MB+ avatar caches (grows seemingly unbounded during runtime)

    persist.byStore.ephemeral = [
      ".cache/fractal" # ~3MB matrix-sdk-event-cache.sqlite3
--- a/hosts/common/programs/signal-desktop.nix
+++ b/hosts/common/programs/signal-desktop.nix
@@ -35,6 +35,8 @@ in
    #   ;
    # });

+    name = "Signal";  #< it places its files in ~/.config/Signal, etc
+
    sandbox.net = "clearnet";
    sandbox.whitelistAudio = true;
    sandbox.whitelistDbus = [
@@ -54,6 +56,7 @@ in
      "Videos/servo"
      "tmp"
    ];
+    sandbox.tmpDir = ".cache/Signal/tmp";  # 60MB+ sqlite database(s)

    # persist.byStore.ephemeral = [
    #   ".cache/fontconfig"  # 1.3 MB  #< TODO: place the fontconfig cache in ~/.cache/Signal/fontconfig
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -557,6 +557,14 @@ let
          persisted to disk to (1) reduce ram consumption and (2) massively improve loading speed.
        '';
      };
+      sandbox.tmpDir = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          configure TMPDIR to some home-relative path when running the program.
+          useful if the program uses so much tmp space that you'd prefer to back it by disk instead of force it to stay in RAM.
+        '';
+      };

      sandbox.extraConfig = mkOption {
        type = types.listOf types.str;
@@ -607,8 +615,9 @@ let

      sandbox.whitelistDbus = lib.mkIf config.sandbox.whitelistSystemctl [ "system" ];

-      sandbox.extraEnv = lib.optionalAttrs (config.sandbox.mesaCacheDir != null) {
-        MESA_SHADER_CACHE_DIR = "$HOME/${config.sandbox.mesaCacheDir}";
+      sandbox.extraEnv = {
+        MESA_SHADER_CACHE_DIR = lib.mkIf (config.sandbox.mesaCacheDir != null) "$HOME/${config.sandbox.mesaCacheDir}";
+        TMPDIR = lib.mkIf (config.sandbox.tmpDir != null) "$HOME/${config.sandbox.tmpDir}";
      };

      sandbox.extraPaths =
@@ -714,6 +723,8 @@ let
        ++ lib.optionals (mainProgram != null) (whitelistDir ".local/share/${mainProgram}")
        ++ lib.optionals (config.sandbox.mesaCacheDir != null) [
          config.sandbox.mesaCacheDir
+        ] ++ lib.optionals (config.sandbox.tmpDir != null) [
+          config.sandbox.tmpDir
        ]
      ;
    };
@@ -791,6 +802,9 @@ let
          # but allow the user to override that.
          byPath."${p.sandbox.mesaCacheDir}".store = lib.mkDefault "private";
        })
+        (lib.optionalAttrs (p.sandbox.tmpDir != null) {
+          byPath."${p.sandbox.tmpDir}".store = lib.mkDefault "ephemeral";
+        })
      ];
    }) p.enableFor.user;