galadriel update

2024-03-22 12:55:22 +01:00 · 2024-03-22 12:55:22 +01:00 · 0c34bf52aa
parent 631b2e116b
commit 0c34bf52aa
10 changed files with 190 additions and 37 deletions
--- a/machines/galadriel/backup.nix
+++ b/machines/galadriel/backup.nix
@ -0,0 +1,24 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    rsync
  ];
  systemd.timers."backupData" = {
  wantedBy = [ "timers.target" ];
  timerConfig = {
      OnCalendar="*-*-* 8:00:00";
      Unit = "backupData.service";
    };
 };
 systemd.services."backupData" = {
  path = [
        pkgs.rsync
      ];
  script = ''rsync --archive /Data /Main'';
  serviceConfig = {
    Type = "oneshot";
    User = "root";
  };
 };
 }
--- a/machines/galadriel/backup.nix.bak
+++ b/machines/galadriel/backup.nix.bak
@ -0,0 +1,31 @@
 { pkgs, ... }:
 {
  systemd.user.services = {
    dataBackup = {
      path = [
        pkgs.rsync
      ];
      Unit = {
        Description = "/Data backup to /Main";
        After = [ "network.target" ];
      };
      Service = {
        Type = "oneshot";
        ExecStart = "rsync --archive /Data/ /Main/Data";
      };
      Install.WantedBy = [ "default.target" ];
    };
  };
  systemd.user.timers = {
    dataBackup = {
      Unit.Description = "/Data backup schedule";
      Timer = {
        Unit = "dataBackup";
        OnCalendar = "06:00";
      };
      Install.WantedBy = [ "timers.target" ];
    };
  };
 }
--- a/machines/galadriel/configuration.nix
+++ b/machines/galadriel/configuration.nix
@ -14,6 +14,9 @@
     ../../profiles/base.nix
     ../../profiles/sops.nix
     ./zfs.nix
     ./backup.nix
     ../../services/stableDiffusion.nix
     #../../services/freshrrs.nix 
     #../../services/torrent.nix
    ];
@ -72,6 +75,9 @@
      sonixd
      unpackerr
      qbittorrent-nox
      python310
      python310Packages.torchWithCuda
      ollama
  ];
  # Some programs need SUID wrappers, can be configured further or are
@ -101,25 +107,9 @@
  services.podgrab.enable = true;
  services.podgrab.port = 4242;
  services.calibre-web.enable = true;
  #services.calibre-server.enable = true;
  # services.freshrss.enable = true; #rss aggregator
  # services.freshrss.baseUrl = "http://127.0.0.1";
  # services.freshrss.passwordFile = "/run/secrets/freshrss";
 ##downloading
  #autodownload
  # services.sonarr.enable = true;
  # services.radarr.enable = true;
  # services.lidarr.enable = true;
  # services.bazarr.enable = true;
 #indexing
  # services.prowlarr.enable = true;
  #services.jackett.enable = true;
 ##networking
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
--- a/machines/galadriel/hardware-configuration.nix
+++ b/machines/galadriel/hardware-configuration.nix
@ -28,6 +28,7 @@
      fsType = "ext4";
    };
  boot.initrd.luks.devices."luks-028e05b0-f079-41f6-b244-eb7ceda4f315".device = "/dev/disk/by-uuid/028e05b0-f079-41f6-b244-eb7ceda4f315";
  swapDevices =
--- a/machines/galadriel/nvidia.nix
+++ b/machines/galadriel/nvidia.nix
@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 {
  imports = [ ./cachix.nix ]; # Import the cachix cache for cuda packages
  # Enable OpenGL
  hardware.opengl = {
    enable = true;
@ -30,25 +29,25 @@
    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
    # Only available from driver 515.43.04+
    # Currently alpha-quality/buggy, so false is currently the recommended setting.
-    open = false;
+      open = false;
-    # Enable the Nvidia settings menu,
+      # Enable the Nvidia settings menu,
-	# accessible via `nvidia-settings`.
+          # accessible via `nvidia-settings`.
-    nvidiaSettings = true;
+      #nvidiaSettings = true;
-    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+      # Optionally, you may need to select the appropriate driver version for your specific GPU.
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
+      package = config.boot.kernelPackages.nvidiaPackages.stable;
-  };
+    };
-  # Enable the CUDA toolkit
+    # Enable the CUDA toolkit
-  #install packages 
+    #install packages 
-  environment.systemPackages = with pkgs; [
+    environment.systemPackages = with pkgs; [
-    cudaPackages.cudnn
+      cudaPackages.cudnn
-    cudaPackages.cudatoolkit
+      cudaPackages.cudatoolkit
-    cudaPackages.tensorrt
+      cudaPackages.tensorrt_8_6_0
-  ];
+    ];
-}
+  }
--- a/machines/galadriel/zfs.nix
+++ b/machines/galadriel/zfs.nix
@ -8,7 +8,7 @@
  services.zfs.autoSnapshot.enable = true;
  services.zfs.autoSnapshot.flags = "-k -p --utc";
-  environment.packages = with pkgs; [
+  environment.systemPackages = with pkgs; [
    zfs
    zfsnap
    zfstools
--- a/profiles/base.nix
+++ b/profiles/base.nix
@ -34,6 +34,7 @@ imports =
  '';
  #nix stuff
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.gc.automatic = true;
  system.autoUpgrade.enable = true;
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -0,0 +1,92 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.nextcloud;
  hostName = "nextcloud.lauterer.it";
 in {
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud28;
    inherit hostName;
    home = "/var/lib/nextcloud";
    https = true;
    webfinger = true;
    config = {
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql";
      dbname = "nextcloud";
      adminuser = "ncadmin";
      adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
      trustedProxies = [ "100.101.17.39" ]; # elrond
      defaultPhoneRegion = "NO";
    };
    phpOptions = {
      "opcache.interned_strings_buffer" = "16";
      "upload_max_filesize" = lib.mkForce "8G";
      "post_max_size" = lib.mkForce "8G";
      "memory_limit" = lib.mkForce "8G";
    };
    poolSettings = {
      "pm" = "ondemand";
      "pm.max_children" = 32;
      "pm.process_idle_timeout" = "10s";
      "pm.max_requests" = 500;
    };
  };
  environment.systemPackages = [ cfg.occ ];
  sops.secrets."nextcloud/adminpass" = {
    mode = "0440";
    owner = "nextcloud";
    group = "nextcloud";
    restartUnits = [ "phpfpm-nextcloud.service" ];
  };
  services.postgresql = {
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [ {
      name = "nextcloud";
      ensureDBOwnership = true;
    } ];
  };
  systemd.services."nextcloud-setup" = {
    requires = [ "postgresq:l.service" ];
    after = [ "postgresql.service" ];
  };
  systemd.services."phpfpm-nextcloud" = {
    requires = [ "var-lib-nextcloud.mount" ];
    serviceConfig = {
      WorkingDirectory = "/var/lib/nextcloud";
      NoNewPrivileges = true;
      PrivateDevices = true;
      PrivateMounts = true;
      PrivateTmp = true;
      ProtectClock = true;
      ProtectHome = true;
      ProtectHostname = true;
      ProtectKernelLogs = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
      ProtectProc = "invisible";
      ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
      RemoveIPC = true;
      RestrictSUIDSGID = true;
      UMask = "0007";
      SystemCallArchitectures = "native";
      SystemCallFilter = "@system-service";
      CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
    };
  };
  fileSystems."/var/lib/nextcloud" = {
    device = "/tank/nextcloud";
    options = [ "bind "];
  };
 }
--- a/services/podman.nix
+++ b/services/podman.nix
@ -5,7 +5,7 @@
  virtualisation.docker.enable = false;
  virtualisation.podman.enable = true;
  virtualisation.podman.dockerSocket.enable = true;
-  virtualisation.podman.defaultNetwork.dnsname.enable = true;
+  virtualisation.podman.defaultNetwork.settings = { dns_enabled = true; };
  # Use your username instead of `myuser`
  users.extraUsers.gunalx.extraGroups = ["podman"];
--- a/services/stableDiffusion.nix
+++ b/services/stableDiffusion.nix
@ -0,0 +1,15 @@
 { config, pkgs, lib, ... }:
 {
  imports = [
    ./podman.nix
  ];
  environment.systemPackages = [
  ];
  virtualisation.oci-containers.containers."stableDiffusion" = {
    #cmd = ["invokeai-web" "--host" "0.0.0.0"];
    ports = ["9090:9090" "9000:80" ];
    #enviroment = { };
    #image = "invokeai/invokeai";
    image = "goolashe/automatic1111-sd-webui";
  };
 }