From 3aaebdb1c4bd9ec1b4a7564afd826acbeff0bf0a Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 27 Nov 2025 12:50:00 +0100
Subject: [PATCH] fix: filebot

---
 hosts/fw/modules/pyload/filebot-process.nix | 20 ++++++++++++++------
 hosts/fw/modules/pyload/pyload.nix          | 14 +++++++++++++-
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/hosts/fw/modules/pyload/filebot-process.nix b/hosts/fw/modules/pyload/filebot-process.nix
index 404a3fb..b1055ff 100644
--- a/hosts/fw/modules/pyload/filebot-process.nix
+++ b/hosts/fw/modules/pyload/filebot-process.nix
@@ -54,6 +54,7 @@ pkgs.writeShellScriptBin "filebot-process" ''
   echo "$(date): Starting FileBot processing" >> "$LOG_FILE"
 
   # Run FileBot AMC script
+  set +e  # Temporarily disable exit on error to capture exit code
   ${pkgs.filebot}/bin/filebot \
     -script fn:amc \
     --output "$OUTPUT_DIR" \
@@ -68,14 +69,21 @@ pkgs.writeShellScriptBin "filebot-process" ''
       ut_dir="$DOWNLOAD_DIR" \
       ut_kind=multi \
       clean=y \
-      skipExtract=y || {
-        echo "$(date): FileBot processing failed with exit code $?" >> "$LOG_FILE"
-        exit 0  # Don't fail the hook even if FileBot fails
-      }
+      skipExtract=y
 
-  # Clean up empty directories
-  find "$DOWNLOAD_DIR" -type d -empty -delete 2>/dev/null || true
+  FILEBOT_EXIT_CODE=$?
+  set -e  # Re-enable exit on error
+
+  if [ $FILEBOT_EXIT_CODE -ne 0 ]; then
+    echo "$(date): FileBot processing failed with exit code $FILEBOT_EXIT_CODE" >> "$LOG_FILE"
+    exit 0  # Don't fail the hook even if FileBot fails
+  fi
 
   echo "$(date): FileBot processing completed successfully" >> "$LOG_FILE"
+
+  # Clean up any remaining empty directories
+  find "$DOWNLOAD_DIR" -type d -empty -delete 2>/dev/null || true
+
+  echo "$(date): All processing completed" >> "$LOG_FILE"
   exit 0
 ''
diff --git a/hosts/fw/modules/pyload/pyload.nix b/hosts/fw/modules/pyload/pyload.nix
index c4c9401..402e65b 100644
--- a/hosts/fw/modules/pyload/pyload.nix
+++ b/hosts/fw/modules/pyload/pyload.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 {
   environment.systemPackages = with pkgs; [
     unrar    # Required for RAR archive extraction
@@ -52,6 +52,18 @@
       ];
       # Bind mount multimedia directory as writable for FileBot hook scripts
       BindPaths = [ "/multimedia" ];
+
+      # Override SystemCallFilter to allow @resources syscalls
+      # FileBot (Java) needs resource management syscalls like setpriority
+      # during cleanup operations. Still block privileged syscalls for security.
+      # Use mkForce to completely replace the NixOS module's default filter.
+      SystemCallFilter = lib.mkForce [
+        "@system-service"
+        "@resources"       # Explicitly allow resource management syscalls
+        "~@privileged"     # Still block privileged operations
+        "fchown"           # Re-allow fchown for FileBot file operations
+        "fchown32"         # 32-bit compatibility
+      ];
     };
   };
 }