programs: place TMPDIR on ephemeral storage for select programs which demand a lot of it

hosts/common/programs/fractal.nix

@@ -26,6 +26,16 @@ in
     # stock fractal once used to take 2+hr to link: switch back to fractal-nixified should that happen again
     # packageUnwrapped = pkgs.fractal-nixified.optimized;
 
+    configOption = with lib; mkOption {
+      default = {};
+      type = types.submodule {
+        options.autostart = mkOption {
+          type = types.bool;
+          default = true;
+        };
+      };
+    };
+
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [ "user" ];  # notifications
@@ -44,16 +54,7 @@ in
       "Videos/servo"
       "tmp"
     ];
-
+    sandbox.tmpDir = ".cache/fractal/tmp";  # 10MB+ avatar caches (grows seemingly unbounded during runtime)
-    configOption = with lib; mkOption {
-      default = {};
-      type = types.submodule {
-        options.autostart = mkOption {
-          type = types.bool;
-          default = true;
-        };
-      };
-    };
 
     persist.byStore.ephemeral = [
       ".cache/fractal" # ~3MB matrix-sdk-event-cache.sqlite3

hosts/common/programs/signal-desktop.nix

@@ -35,6 +35,8 @@ in
     #   ;
     # });
 
+    name = "Signal";  #< it places its files in ~/.config/Signal, etc
+
     sandbox.net = "clearnet";
     sandbox.whitelistAudio = true;
     sandbox.whitelistDbus = [
@@ -54,6 +56,7 @@ in
       "Videos/servo"
       "tmp"
     ];
+    sandbox.tmpDir = ".cache/Signal/tmp";  # 60MB+ sqlite database(s)
 
     # persist.byStore.ephemeral = [
     #   ".cache/fontconfig"  # 1.3 MB  #< TODO: place the fontconfig cache in ~/.cache/Signal/fontconfig

modules/programs/default.nix

@@ -557,6 +557,14 @@ let
           persisted to disk to (1) reduce ram consumption and (2) massively improve loading speed.
         '';
       };
+      sandbox.tmpDir = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          configure TMPDIR to some home-relative path when running the program.
+          useful if the program uses so much tmp space that you'd prefer to back it by disk instead of force it to stay in RAM.
+        '';
+      };
 
       sandbox.extraConfig = mkOption {
         type = types.listOf types.str;
@@ -607,8 +615,9 @@ let
 
       sandbox.whitelistDbus = lib.mkIf config.sandbox.whitelistSystemctl [ "system" ];
 
-      sandbox.extraEnv = lib.optionalAttrs (config.sandbox.mesaCacheDir != null) {
+      sandbox.extraEnv = {
-        MESA_SHADER_CACHE_DIR = "$HOME/${config.sandbox.mesaCacheDir}";
+        MESA_SHADER_CACHE_DIR = lib.mkIf (config.sandbox.mesaCacheDir != null) "$HOME/${config.sandbox.mesaCacheDir}";
+        TMPDIR = lib.mkIf (config.sandbox.tmpDir != null) "$HOME/${config.sandbox.tmpDir}";
       };
 
       sandbox.extraPaths =
@@ -714,6 +723,8 @@ let
         ++ lib.optionals (mainProgram != null) (whitelistDir ".local/share/${mainProgram}")
         ++ lib.optionals (config.sandbox.mesaCacheDir != null) [
           config.sandbox.mesaCacheDir
+        ] ++ lib.optionals (config.sandbox.tmpDir != null) [
+          config.sandbox.tmpDir
         ]
       ;
     };
@@ -791,6 +802,9 @@ let
           # but allow the user to override that.
           byPath."${p.sandbox.mesaCacheDir}".store = lib.mkDefault "private";
         })
+        (lib.optionalAttrs (p.sandbox.tmpDir != null) {
+          byPath."${p.sandbox.tmpDir}".store = lib.mkDefault "ephemeral";
+        })
       ];
     }) p.enableFor.user;