Compare commits
2 Commits
65c13babac
...
eeab5de886
| Author | SHA1 | Date | |
|---|---|---|---|
eeab5de886
|
|||
|
9392749e66
|
@@ -69,6 +69,8 @@
|
||||
|
||||
./services/ntfy.nix
|
||||
./services/ntfy-alerts.nix
|
||||
|
||||
./services/mollysocket.nix
|
||||
];
|
||||
|
||||
services.kmscon.enable = true;
|
||||
|
||||
@@ -88,5 +88,11 @@
|
||||
file = ../secrets/firefox-syncserver-env.age;
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
# MollySocket env (MOLLY_VAPID_PRIVKEY + MOLLY_ALLOWED_UUIDS)
|
||||
mollysocket-env = {
|
||||
file = ../secrets/mollysocket-env.age;
|
||||
mode = "0400";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -23,13 +23,48 @@
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
# HDD I/O tuning for torrent seeding workload (high-concurrency random reads).
|
||||
#
|
||||
# mq-deadline sorts requests into elevator sweeps, reducing seek distance.
|
||||
# Aggressive deadlines (15s) let the scheduler accumulate more ops before dispatching,
|
||||
# maximizing coalescence — latency is irrelevant since torrent peers tolerate 30-60s.
|
||||
# fifo_batch=128 keeps sweeps long; writes_starved=16 heavily favors reads.
|
||||
# 4 MiB readahead matches libtorrent piece extent affinity for sequential prefetch.
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="mq-deadline", ATTR{queue/read_ahead_kb}="4096", ATTR{queue/nr_requests}="512"
|
||||
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ENV{ID_ATA_ROTATION_RATE_RPM}!="0", RUN+="${pkgs.bash}/bin/bash -c 'echo 15000 > /sys$devpath/queue/iosched/read_expire; echo 15000 > /sys$devpath/queue/iosched/write_expire; echo 128 > /sys$devpath/queue/iosched/fifo_batch; echo 16 > /sys$devpath/queue/iosched/writes_starved; echo 4096 > /sys$devpath/queue/max_sectors_kb 2>/dev/null || true'"
|
||||
'';
|
||||
#
|
||||
# This runs as a systemd oneshot rather than udev rules because the NixOS ZFS module
|
||||
# hardcodes a udev rule that forces scheduler="none" on all ZFS member partitions'
|
||||
# parent disks, overriding any scheduler set via udev on the disk event.
|
||||
systemd.services.hdd-io-tuning = {
|
||||
description = "HDD I/O scheduler and queue tuning";
|
||||
after = [
|
||||
"zfs-import.target"
|
||||
"systemd-udev-settle.service"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
for dev in /sys/block/sd*; do
|
||||
[ -f "$dev/queue/rotational" ] || continue
|
||||
[ "$(cat "$dev/queue/rotational")" = "1" ] || continue
|
||||
|
||||
# skip removable devices (USB sticks report removable=1)
|
||||
[ "$(cat "$dev/removable")" = "0" ] || continue
|
||||
|
||||
echo mq-deadline > "$dev/queue/scheduler"
|
||||
echo 4096 > "$dev/queue/read_ahead_kb"
|
||||
echo 512 > "$dev/queue/nr_requests"
|
||||
|
||||
echo 15000 > "$dev/queue/iosched/read_expire"
|
||||
echo 15000 > "$dev/queue/iosched/write_expire"
|
||||
echo 128 > "$dev/queue/iosched/fifo_batch"
|
||||
echo 16 > "$dev/queue/iosched/writes_starved"
|
||||
|
||||
echo 4096 > "$dev/queue/max_sectors_kb" 2>/dev/null || true
|
||||
|
||||
echo "Tuned $(basename "$dev"): mq-deadline, 4M readahead, 15s deadlines"
|
||||
done
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
BIN
secrets/mollysocket-env.age
Normal file
BIN
secrets/mollysocket-env.age
Normal file
Binary file not shown.
@@ -149,6 +149,10 @@ rec {
|
||||
port = 5000;
|
||||
proto = "tcp";
|
||||
};
|
||||
mollysocket = {
|
||||
port = 8020;
|
||||
proto = "tcp";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -219,6 +223,10 @@ rec {
|
||||
domain = "ntfy.${https.domain}";
|
||||
};
|
||||
|
||||
mollysocket = {
|
||||
domain = "mollysocket.${https.domain}";
|
||||
};
|
||||
|
||||
livekit = {
|
||||
domain = "livekit.${https.domain}";
|
||||
};
|
||||
|
||||
36
services/mollysocket.nix
Normal file
36
services/mollysocket.nix
Normal file
@@ -0,0 +1,36 @@
|
||||
{
|
||||
config,
|
||||
service_configs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
(lib.serviceMountWithZpool "mollysocket" service_configs.zpool_ssds [
|
||||
"/var/lib/private/mollysocket"
|
||||
])
|
||||
(lib.serviceFilePerms "mollysocket" [
|
||||
"Z /var/lib/private/mollysocket 0700 root root"
|
||||
])
|
||||
];
|
||||
|
||||
services.mollysocket = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
host = "127.0.0.1";
|
||||
port = service_configs.ports.private.mollysocket.port;
|
||||
|
||||
# Explicitly allow our self-hosted ntfy instance.
|
||||
# Local-network endpoints are denied by default for security.
|
||||
allowed_endpoints = [ "https://${service_configs.ntfy.domain}" ];
|
||||
# allowed_uuids set via MOLLY_ALLOWED_UUIDS in environmentFile
|
||||
};
|
||||
|
||||
environmentFile = config.age.secrets.mollysocket-env.path;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."${service_configs.mollysocket.domain}".extraConfig = ''
|
||||
reverse_proxy h2c://127.0.0.1:${builtins.toString service_configs.ports.private.mollysocket.port}
|
||||
'';
|
||||
}
|
||||
Reference in New Issue
Block a user