diff --git a/.gitignore b/.gitignore index c2e0afb..ae013ac 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ result hosts/titan/services/lemmy_credentials.txt +hosts/titan/services/Sharkey/.config/* +hosts/titan/services/Sharkey/files +hosts/titan/services/Sharkey/db +hosts/titan/services/Sharkey/redis diff --git a/flake.nix b/flake.nix index 6fa35cf..9c145bd 100644 --- a/flake.nix +++ b/flake.nix @@ -83,11 +83,11 @@ } ]; }; - ultrapi = nixpkgs.lib.nixosSystem { + hypnos = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; specialArgs = { inherit inputs; }; modules = [ - ./hosts/ultrapi/configuration.nix + ./hosts/hypnos/configuration.nix { environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath; nix.nixPath = [ "nixpkgs=/etc/nix/inputs/nixpkgs" ]; diff --git a/hosts/hypnos/configuration.nix b/hosts/hypnos/configuration.nix new file mode 100644 index 0000000..4840b32 --- /dev/null +++ b/hosts/hypnos/configuration.nix @@ -0,0 +1,105 @@ + + { config, pkgs, lib, inputs, ... }: + + let + user = "graphite"; + hashedPassword = "$6$OBjnSQhhJgHsr5LE$jFtUz.2qv0l2viv86exXmfHWC0fDFXKD3rqH41NmqgkdoBrwY2rPkDBCPjdq7PSoeudYcQ0nXxJvh1N7EIUs90"; + hostname = "hypnos"; + + helix = inputs.helix.packages.${pkgs.system}.default; + + +/* + nixosHardware = pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "nixos-hardware"; + rev = "51559e691f1493a26f94f1df1aaf516bb507e78b"; + sha256 = "0spswivyk006h5xr0a0yhr7wr9fh0kg7cfyxqmk521svf3x1pnr8"; + }; +*/ + in { + + # imports = ["${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/936e4649098d6a5e0762058cb7687be1b2d90550.tar.gz" }/raspberry-pi/4"]; + + imports = [ + # "${nixosHardware}/raspberry-pi/4" + ./hardware-configuration.nix + "${inputs.nixos-hardware}/raspberry-pi/4" + ]; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + networking = { + hostName = hostname; + }; + + environment.systemPackages = with pkgs; [ + vim + helix + docker + git + ]; + + services = { + openssh.enable = true; + }; + + users = { + mutableUsers = false; + users."${user}" = { + isNormalUser = true; + hashedPassword = "${hashedPassword}"; + extraGroups = [ "wheel" ]; + }; + }; + + # Enable GPU acceleration + hardware.raspberry-pi."4".fkms-3d.enable = true; + + services.xserver = { + enable = false; + }; + + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + rootless = { + enable = true; + }; + }; + }; + + + security = { + sudo = { + extraConfig = '' + Defaults insults,pwfeedback + ''; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "aarch64-linux"; + buildPlatform.system = "x86_64-linux"; + }; + + system = { + stateVersion = "24.05"; # Do NOT change. + }; + + networking = { + nameservers = [ "8.8.8.8" ]; + }; + } diff --git a/hosts/hypnos/hardware-configuration.nix b/hosts/hypnos/hardware-configuration.nix new file mode 100644 index 0000000..53e1f03 --- /dev/null +++ b/hosts/hypnos/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/titan/configuration.nix b/hosts/titan/configuration.nix index f92f149..5ce2c87 100644 --- a/hosts/titan/configuration.nix +++ b/hosts/titan/configuration.nix @@ -4,7 +4,7 @@ inputs: { config, pkgs, lib, ... }: let - nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center; + # nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center; # doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default; nh = inputs.nix-but-gigachad.packages.${pkgs.system}.default; in { @@ -17,6 +17,8 @@ in { ( import ./services/cloud.nix inputs ) ( import ./services/vaultwarden.nix inputs ) ( import ./services/matrix.nix inputs ) +# ( import ./services/office.nix inputs ) +# ( import ./services/Sharkey inputs ) # ( import ./services/caddy.nix inputs ) # doesn't work # ( import ./services/dnsmasq.nix inputs ) # borks my DNS # ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules @@ -68,13 +70,16 @@ in { # Enable networking networkmanager.enable = true; - # hosts = { - # "192.168.0.221" = [ "pi" "pi-master" ]; - # }; - - # nameservers = [ - # "192.168.1.221" - # ]; + hosts = { + # "192.168.0.221" = [ "pi" "pi-master" ]; + "65.108.48.233" = [ "queer.af" ]; + }; +/* + nameservers = [ + "8.8.8.8" + "94.16.114.254" + ]; +*/ }; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -176,6 +181,8 @@ in { sddm-kcm wooting-udev-rules wootility + docker-compose + qflipper ]; variables = { NIX_AUTO_RUN = "!"; @@ -370,17 +377,30 @@ in { }; -hardware = { + hardware = { - # bluetooth config - bluetooth = { - enable = true; + # bluetooth config + bluetooth = { + enable = true; + }; + + wooting.enable = true; + xpadneo.enable = true; + flipperzero.enable = true; + }; + + security = { + pam = { + loginLimits = [ + { + domain = "*"; + item = "nproc"; + type = "soft"; + value = "10000"; + } + ]; }; - - wooting.enable = true; - xpadneo.enable = true; -}; - + }; } diff --git a/hosts/titan/hardware/nvidia.nix b/hosts/titan/hardware/nvidia.nix index b203110..9c170ba 100644 --- a/hosts/titan/hardware/nvidia.nix +++ b/hosts/titan/hardware/nvidia.nix @@ -9,10 +9,10 @@ inputs: { config, pkgs, lib, ... }: { }; nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.latest; modesetting.enable = true; powerManagement.enable = true; - open = true; + #open = true; nvidiaSettings = true; }; }; @@ -20,4 +20,4 @@ inputs: { config, pkgs, lib, ... }: { initrd.kernelModules = [ "nvidia" ]; extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ]; }; -} \ No newline at end of file +} diff --git a/hosts/titan/services/Sharkey/default.nix b/hosts/titan/services/Sharkey/default.nix new file mode 100644 index 0000000..6121792 --- /dev/null +++ b/hosts/titan/services/Sharkey/default.nix @@ -0,0 +1,59 @@ +inputs: { lib, pkgs ? import , ... }: +let + storeDirectory = dir: + let + dirName = builtins.baseNameOf dir; + drv = derivation { + name = dirName; + src = dir; + builder = pkgs.writeShellScript "builder.sh" '' + ${pkgs.coreutils}/bin/mkdir -p $out/${dirName} + ${pkgs.coreutils}/bin/cp -rf $src/* $out/${dirName} + ${pkgs.coreutils}/bin/cp -rf $src/.* $out/${dirName} + ''; + system = pkgs.system; + }; + in + "${drv}/${dirName}"; + # nixos oci-containers fucking suck, so we just do a one-shot + # systemd service that invokes docker-compose + # + # not very reproducible nor declarative, but compatible with pretty much + # anything, which is (imo) more important for a home server + mkDockerComposeContainer = + { directory + , name ? builtins.baseNameOf directory + , autoStart ? true + , extraConfig ? { } + , env ? { } + , envFiles ? [ ] + , extraFlags ? [ ] + }: + let + # referencing the file directly would make the service dependant + # on the entire flake, resulting in the container being restarted + # every time we change anything at all + storeDir = storeDirectory directory; + + cmdline = [ + "--build" + "--remove-orphans" + ] ++ map (env: "--env-file ${env}") envFiles + ++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env) + ++ extraFlags; + in + { + systemd.services."docker-compose-${name}" = { + wantedBy = if autoStart then [ "multi-user.target" ] else [ ]; + after = [ "docker.service" "docker.socket" ]; + serviceConfig = { + WorkingDirectory = storeDir; + ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}"; + ExecStopPost = "${pkgs.docker}/bin/docker compose down"; + } // (extraConfig.serviceConfig or { }); + } // (builtins.removeAttrs extraConfig [ "serviceConfig" ]); + }; +in + mkDockerComposeContainer { + directory = ./.; + } diff --git a/hosts/titan/services/Sharkey/docker-compose.yml b/hosts/titan/services/Sharkey/docker-compose.yml new file mode 100644 index 0000000..bf56df2 --- /dev/null +++ b/hosts/titan/services/Sharkey/docker-compose.yml @@ -0,0 +1,83 @@ +version: "3" + +services: + web: +# replace image below with git.joinsharkey.org/sharkey/sharkey:stable on next release +# image: git.joinsharkey.org/sharkey/sharkey:latest # - VULNERABLE + image: registry.activitypub.software/transfem-org/sharkey:develop +# image: ghcr.io/transfem-org/sharkey:stable + # build: . + restart: always +# links: +# - db +# - redis +# - meilisearch + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + ports: + - "3006:3006" + networks: + - shonk + volumes: + - ./files:/sharkey/files + - ./.config:/sharkey/.config:ro + extra_hosts: + - "queer.af:65.108.48.233" + + redis: + restart: always + image: redis:7-alpine + networks: + - shonk + volumes: + - ./redis:/data + healthcheck: + test: "redis-cli ping" + interval: 5s + retries: 20 + + db: + restart: always + image: postgres:15-alpine + command: >- + -c max_connections=200 + -c shared_buffers=512MB + -c effective_cache_size=1536MB + -c maintenance_work_mem=128MB + -c checkpoint_completion_target=0.9 + -c wal_buffers=16MB + -c default_statistics_target=100 + -c random_page_cost=1.1 + -c effective_io_concurrency=200 + -c work_mem=1310kB + -c huge_pages=off + -c min_wal_size=1GB + -c max_wal_size=4GB + networks: + - shonk + env_file: + - .config/docker.env + volumes: + - ./db:/var/lib/postgresql/data + healthcheck: + test: "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB" + interval: 5s + retries: 20 + +# meilisearch: +# restart: always +# image: getmeili/meilisearch:v1.3.4 +# environment: +# - MEILI_NO_ANALYTICS=true +# - MEILI_ENV=production +# networks: +# - shonk +# volumes: +# - ./meili_data:/meili_data + + +networks: + shonk: diff --git a/hosts/titan/services/Sharkey/static/crumb-cat.gif b/hosts/titan/services/Sharkey/static/crumb-cat.gif new file mode 100644 index 0000000..01757df Binary files /dev/null and b/hosts/titan/services/Sharkey/static/crumb-cat.gif differ diff --git a/hosts/titan/services/cloud.nix b/hosts/titan/services/cloud.nix index b365204..193dd32 100644 --- a/hosts/titan/services/cloud.nix +++ b/hosts/titan/services/cloud.nix @@ -11,7 +11,7 @@ inputs: { pkgs, config, ... }: { overwriteProtocol = "https"; }; extraApps = with config.services.nextcloud.package.packages.apps; { - inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks; + inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks contacts; }; /* extraOptions = { diff --git a/hosts/titan/services/office.nix b/hosts/titan/services/office.nix new file mode 100644 index 0000000..1acd943 --- /dev/null +++ b/hosts/titan/services/office.nix @@ -0,0 +1,8 @@ +inputs: { ... }: { + services.onlyoffice = { + enable = true; + hostname = "localhost"; + port = 3005; + }; + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 3005; } ]; +} diff --git a/llama.log b/llama.log new file mode 100644 index 0000000..c3f6094 --- /dev/null +++ b/llama.log @@ -0,0 +1,53 @@ +[1706516367] +llama server listening at http://127.0.0.1:62322 + +[1706516367] warming up the model with an empty run +[1706516367] Available slots: +[1706516367] -> Slot 0 - max context: 2048 +[1706516367] all slots are idle and system prompt is empty, clear the KV cache +[1706516368] slot 0 is processing [task id: 0] +[1706516368] slot 0 : kv cache rm - [0, end) +[1706516384] sampled token: 3492: 'You' +[1706516384] sampled token: 526: ' are' +[1706516384] sampled token: 263: ' a' +[1706516384] sampled token: 8444: ' helpful' +[1706516384] sampled token: 319: ' A' +[1706516384] sampled token: 29902: 'I' +[1706516384] sampled token: 20255: ' assistant' +[1706516384] sampled token: 29991: '!' +[1706516384] sampled token: 306: ' I' +[1706516384] sampled token: 626: ' am' +[1706516384] sampled token: 2307: ' already' +[1706516385] sampled token: 2734: ' running' +[1706516385] sampled token: 373: ' on' +[1706516385] sampled token: 596: ' your' +[1706516385] sampled token: 3271: ' home' +[1706516385] sampled token: 9609: ' PC' +[1706516385] sampled token: 29889: '.' +[1706516385] sampled token: 887: ' You' +[1706516385] sampled token: 508: ' can' +[1706516385] sampled token: 1423: ' check' +[1706516385] sampled token: 590: ' my' +[1706516385] sampled token: 4660: ' status' +[1706516385] sampled token: 491: ' by' +[1706516385] sampled token: 19229: ' typing' +[1706516385] sampled token: 376: ' "' +[1706516385] sampled token: 1004: 'me' +[1706516385] sampled token: 29908: '"' +[1706516385] sampled token: 472: ' at' +[1706516385] sampled token: 278: ' the' +[1706516385] sampled token: 9508: ' prompt' +[1706516385] sampled token: 470: ' or' +[1706516385] sampled token: 3763: ' simply' +[1706516385] sampled token: 6721: ' asking' +[1706516385] sampled token: 363: ' for' +[1706516385] sampled token: 372: ' it' +[1706516385] sampled token: 297: ' in' +[1706516385] sampled token: 13563: ' chat' +[1706516385] sampled token: 29889: '.' +[1706516385] sampled token: 2: '' +[1706516385] +[1706516385] print_timings: prompt eval time = 16766.02 ms / 598 tokens ( 28.04 ms per token, 35.67 tokens per second) +[1706516385] print_timings: eval time = 718.30 ms / 39 runs ( 18.42 ms per token, 54.29 tokens per second) +[1706516385] print_timings: total time = 17484.32 ms +[1706516385] slot 0 released (637 tokens in cache) diff --git a/users/ultra/home.nix b/users/ultra/home.nix index bced739..be76d34 100644 --- a/users/ultra/home.nix +++ b/users/ultra/home.nix @@ -187,6 +187,7 @@ in { ktailctl caddy floorp + mpris-scrobbler ]; };