galadriel update

machines/galadriel/backup.nix

@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    rsync
+  ];
+  systemd.timers."backupData" = {
+  wantedBy = [ "timers.target" ];
+  timerConfig = {
+      OnCalendar="*-*-* 8:00:00";
+      Unit = "backupData.service";
+    };
+};
+
+systemd.services."backupData" = {
+  path = [
+        pkgs.rsync
+      ];
+  script = ''rsync --archive /Data /Main'';
+  serviceConfig = {
+    Type = "oneshot";
+    User = "root";
+  };
+};
+}

machines/galadriel/backup.nix.bak

@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+{
+  systemd.user.services = {
+    dataBackup = {
+      path = [
+        pkgs.rsync
+      ];
+      Unit = {
+        Description = "/Data backup to /Main";
+        After = [ "network.target" ];
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "rsync --archive /Data/ /Main/Data";
+      };
+      Install.WantedBy = [ "default.target" ];
+    };
+  };
+
+  systemd.user.timers = {
+    dataBackup = {
+      Unit.Description = "/Data backup schedule";
+      Timer = {
+        Unit = "dataBackup";
+        OnCalendar = "06:00";
+      };
+      Install.WantedBy = [ "timers.target" ];
+    };
+  };
+
+}

machines/galadriel/configuration.nix

@@ -14,6 +14,9 @@
      ../../profiles/base.nix
      ../../profiles/sops.nix
      ./zfs.nix
+     ./backup.nix
+     ../../services/stableDiffusion.nix
+     #../../services/freshrrs.nix 
      #../../services/torrent.nix
     ];
 
@@ -72,6 +75,9 @@
       sonixd
       unpackerr
       qbittorrent-nox
+      python310
+      python310Packages.torchWithCuda
+      ollama
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -101,25 +107,9 @@
   services.podgrab.enable = true;
   services.podgrab.port = 4242;
   
-  
   services.calibre-web.enable = true;
   #services.calibre-server.enable = true;
 
-  # services.freshrss.enable = true; #rss aggregator
-  # services.freshrss.baseUrl = "http://127.0.0.1";
-  # services.freshrss.passwordFile = "/run/secrets/freshrss";
-
-##downloading
-  #autodownload
-  # services.sonarr.enable = true;
-  # services.radarr.enable = true;
-  # services.lidarr.enable = true;
-  # services.bazarr.enable = true;
-  
-#indexing
-  # services.prowlarr.enable = true;
-  #services.jackett.enable = true;
-  
 ##networking
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;

machines/galadriel/hardware-configuration.nix

@@ -28,6 +28,7 @@
       fsType = "ext4";
     };
   
+
   boot.initrd.luks.devices."luks-028e05b0-f079-41f6-b244-eb7ceda4f315".device = "/dev/disk/by-uuid/028e05b0-f079-41f6-b244-eb7ceda4f315";
 
   swapDevices =

machines/galadriel/nvidia.nix

@@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 {
-  imports = [ ./cachix.nix ]; # Import the cachix cache for cuda packages
   # Enable OpenGL
   hardware.opengl = {
     enable = true;
@@ -34,7 +33,7 @@
 
       # Enable the Nvidia settings menu,
           # accessible via `nvidia-settings`.
-    nvidiaSettings = true;
+      #nvidiaSettings = true;
 
       # Optionally, you may need to select the appropriate driver version for your specific GPU.
       package = config.boot.kernelPackages.nvidiaPackages.stable;
@@ -46,7 +45,7 @@
     environment.systemPackages = with pkgs; [
       cudaPackages.cudnn
       cudaPackages.cudatoolkit
-    cudaPackages.tensorrt
+      cudaPackages.tensorrt_8_6_0
       
     ];
 

machines/galadriel/zfs.nix

@@ -8,7 +8,7 @@
   services.zfs.autoSnapshot.enable = true;
   services.zfs.autoSnapshot.flags = "-k -p --utc";
 
-  environment.packages = with pkgs; [
+  environment.systemPackages = with pkgs; [
     zfs
     zfsnap
     zfstools

profiles/base.nix

@@ -34,6 +34,7 @@ imports =
   '';
 
   #nix stuff
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nix.gc.automatic = true;
   system.autoUpgrade.enable = true;
   

services/nextcloud.nix

@@ -0,0 +1,92 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.nextcloud;
+  hostName = "nextcloud.lauterer.it";
+in {
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud28;
+    inherit hostName;
+    home = "/var/lib/nextcloud";
+    https = true;
+    webfinger = true;
+
+    config = {
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql";
+      dbname = "nextcloud";
+      adminuser = "ncadmin";
+      adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
+      trustedProxies = [ "100.101.17.39" ]; # elrond
+      defaultPhoneRegion = "NO";
+    };
+
+    phpOptions = {
+      "opcache.interned_strings_buffer" = "16";
+      "upload_max_filesize" = lib.mkForce "8G";
+      "post_max_size" = lib.mkForce "8G";
+      "memory_limit" = lib.mkForce "8G";
+    };
+
+    poolSettings = {
+      "pm" = "ondemand";
+      "pm.max_children" = 32;
+      "pm.process_idle_timeout" = "10s";
+      "pm.max_requests" = 500;
+    };
+  };
+
+  environment.systemPackages = [ cfg.occ ];
+
+  sops.secrets."nextcloud/adminpass" = {
+    mode = "0440";
+    owner = "nextcloud";
+    group = "nextcloud";
+    restartUnits = [ "phpfpm-nextcloud.service" ];
+  };
+
+  services.postgresql = {
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [ {
+      name = "nextcloud";
+      ensureDBOwnership = true;
+    } ];
+  };
+
+  systemd.services."nextcloud-setup" = {
+    requires = [ "postgresq:l.service" ];
+    after = [ "postgresql.service" ];
+  };
+
+  systemd.services."phpfpm-nextcloud" = {
+    requires = [ "var-lib-nextcloud.mount" ];
+    serviceConfig = {
+      WorkingDirectory = "/var/lib/nextcloud";
+      NoNewPrivileges = true;
+      PrivateDevices = true;
+      PrivateMounts = true;
+      PrivateTmp = true;
+      ProtectClock = true;
+      ProtectHome = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
+      RemoveIPC = true;
+      RestrictSUIDSGID = true;
+      UMask = "0007";
+      SystemCallArchitectures = "native";
+      SystemCallFilter = "@system-service";
+      CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
+    };
+  };
+
+  fileSystems."/var/lib/nextcloud" = {
+    device = "/tank/nextcloud";
+    options = [ "bind "];
+  };
+}
+

services/podman.nix

@@ -5,7 +5,7 @@
   virtualisation.docker.enable = false;
   virtualisation.podman.enable = true;
   virtualisation.podman.dockerSocket.enable = true;
-  virtualisation.podman.defaultNetwork.dnsname.enable = true;
+  virtualisation.podman.defaultNetwork.settings = { dns_enabled = true; };
 
   # Use your username instead of `myuser`
   users.extraUsers.gunalx.extraGroups = ["podman"];

services/stableDiffusion.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./podman.nix
+  ];
+  environment.systemPackages = [
+  ];
+  virtualisation.oci-containers.containers."stableDiffusion" = {
+    #cmd = ["invokeai-web" "--host" "0.0.0.0"];
+    ports = ["9090:9090" "9000:80" ];
+    #enviroment = { };
+    #image = "invokeai/invokeai";
+    image = "goolashe/automatic1111-sd-webui";
+  };
+}