mentally draining stuff

Signed-off-by: Alex Stan <alex.stan.2010@proton.me>

.gitignore

@@ -1,2 +1,6 @@
 result
 hosts/titan/services/lemmy_credentials.txt
+hosts/titan/services/Sharkey/.config/*
+hosts/titan/services/Sharkey/files
+hosts/titan/services/Sharkey/db
+hosts/titan/services/Sharkey/redis

flake.nix

@@ -83,11 +83,11 @@
                     }
                 ];
             };
-            ultrapi = nixpkgs.lib.nixosSystem {
+            hypnos = nixpkgs.lib.nixosSystem {
                 system = "aarch64-linux";
                 specialArgs = { inherit inputs; };
                 modules = [
-                    ./hosts/ultrapi/configuration.nix
+                    ./hosts/hypnos/configuration.nix
                     {
                         environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath;
                         nix.nixPath = [ "nixpkgs=/etc/nix/inputs/nixpkgs" ];

hosts/hypnos/configuration.nix

@@ -0,0 +1,105 @@
+
+  { config, pkgs, lib, inputs, ... }:
+
+  let
+    user = "graphite";
+    hashedPassword = "$6$OBjnSQhhJgHsr5LE$jFtUz.2qv0l2viv86exXmfHWC0fDFXKD3rqH41NmqgkdoBrwY2rPkDBCPjdq7PSoeudYcQ0nXxJvh1N7EIUs90";
+    hostname = "hypnos";
+
+    helix = inputs.helix.packages.${pkgs.system}.default;
+
+
+/*
+    nixosHardware = pkgs.fetchFromGitHub {
+          owner = "NixOS";
+          repo = "nixos-hardware";
+          rev = "51559e691f1493a26f94f1df1aaf516bb507e78b";
+          sha256 = "0spswivyk006h5xr0a0yhr7wr9fh0kg7cfyxqmk521svf3x1pnr8";
+    };
+*/
+  in {
+
+    # imports = ["${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/936e4649098d6a5e0762058cb7687be1b2d90550.tar.gz" }/raspberry-pi/4"];
+
+    imports = [
+      # "${nixosHardware}/raspberry-pi/4"
+      ./hardware-configuration.nix
+      "${inputs.nixos-hardware}/raspberry-pi/4"
+    ];
+    boot.loader.grub.enable = false;
+    boot.loader.generic-extlinux-compatible.enable = true;
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-label/NIXOS_SD";
+        fsType = "ext4";
+        options = [ "noatime" ];
+      };
+    };
+
+    networking = {
+      hostName = hostname;
+    };
+
+    environment.systemPackages = with pkgs; [
+      vim
+      helix
+      docker
+      git
+    ];
+
+    services = {
+       openssh.enable = true;
+    };
+
+    users = {
+      mutableUsers = false;
+      users."${user}" = {
+        isNormalUser = true;
+        hashedPassword = "${hashedPassword}";
+        extraGroups = [ "wheel" ];
+      };
+    };
+
+    # Enable GPU acceleration
+    hardware.raspberry-pi."4".fkms-3d.enable = true;
+
+    services.xserver = {
+      enable = false;
+    };
+
+    virtualisation = {
+      docker = {
+        enable = true;
+        enableOnBoot = true;
+        rootless = {
+          enable = true;
+        };
+      };
+    };
+
+
+    security = { 
+      sudo = {
+        extraConfig = ''
+          Defaults insults,pwfeedback
+        '';
+      };
+     };
+
+    nixpkgs = { 
+      config = { 
+        allowUnfree = true;
+      };
+      hostPlatform = "aarch64-linux";
+      buildPlatform.system = "x86_64-linux";
+    };
+
+    system = { 
+      stateVersion = "24.05"; # Do NOT change.
+    };
+
+    networking = {
+      nameservers = [ "8.8.8.8" ];
+    };
+  }

hosts/hypnos/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+ 
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

hosts/titan/configuration.nix

@@ -4,7 +4,7 @@
 
 inputs: { config, pkgs, lib, ... }:
 let
-    nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center;
+    # nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center;
     # doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default;
     nh = inputs.nix-but-gigachad.packages.${pkgs.system}.default;
 in {
@@ -17,6 +17,8 @@ in {
             ( import ./services/cloud.nix inputs )
             ( import ./services/vaultwarden.nix inputs )
             ( import ./services/matrix.nix inputs )
+#            ( import ./services/office.nix inputs )
+#            ( import ./services/Sharkey inputs )
             # ( import ./services/caddy.nix inputs ) # doesn't work
             # ( import ./services/dnsmasq.nix inputs ) # borks my DNS
             # ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules
@@ -68,13 +70,16 @@ in {
         # Enable networking
         networkmanager.enable = true;
 
-        # hosts = {
+        hosts = {
-        #   "192.168.0.221" = [ "pi" "pi-master" ];  
+          # "192.168.0.221" = [ "pi" "pi-master" ];
-        # };
+          "65.108.48.233" = [ "queer.af" ];  
-
+        };
-        # nameservers = [
+/*
-        #    "192.168.1.221"
+        nameservers = [
-        # ];
+           "8.8.8.8"
+            "94.16.114.254"
+        ];
+*/
     };
     # networking.wireless.enable = true;    # Enables wireless support via wpa_supplicant.
 
@@ -176,6 +181,8 @@ in {
             sddm-kcm
             wooting-udev-rules
             wootility
+            docker-compose
+            qflipper
         ];
         variables = {
             NIX_AUTO_RUN = "!";
@@ -370,17 +377,30 @@ in {
     };
 
 
-hardware = {
+  hardware = {
     
     
 
-    # bluetooth config
+      # bluetooth config
-    bluetooth = {
+      bluetooth = {
-        enable = true;
+          enable = true;
+      };
+
+      wooting.enable = true;
+      xpadneo.enable = true;
+      flipperzero.enable = true;
+  };
+
+  security = {
+    pam = {
+      loginLimits = [
+        {
+          domain = "*";
+          item = "nproc";
+          type = "soft";
+          value = "10000";
+        }
+      ];
     };
-
+  };
-    wooting.enable = true;
-    xpadneo.enable = true;
-};
-
 }

hosts/titan/hardware/nvidia.nix

@@ -9,10 +9,10 @@ inputs: { config, pkgs, lib, ... }: {
     };
     
     nvidia = {
-        package = config.boot.kernelPackages.nvidiaPackages.stable;
+        package = config.boot.kernelPackages.nvidiaPackages.latest;
         modesetting.enable = true;
         powerManagement.enable = true;
-        open = true;
+        #open = true;
         nvidiaSettings = true;
     };
   };

hosts/titan/services/Sharkey/default.nix

@@ -0,0 +1,59 @@
+inputs: { lib, pkgs ? import <nixpkgs>, ... }:
+let
+ storeDirectory = dir:
+    let
+      dirName = builtins.baseNameOf dir;
+      drv = derivation {
+        name = dirName;
+        src = dir;
+        builder = pkgs.writeShellScript "builder.sh" ''
+          ${pkgs.coreutils}/bin/mkdir -p $out/${dirName}
+          ${pkgs.coreutils}/bin/cp -rf $src/* $out/${dirName}
+          ${pkgs.coreutils}/bin/cp -rf $src/.* $out/${dirName}
+        '';
+        system = pkgs.system;
+      };
+    in
+    "${drv}/${dirName}";
+ # nixos oci-containers fucking suck, so we just do a one-shot 
+  # systemd service that invokes docker-compose
+  #
+  # not very reproducible nor declarative, but compatible with pretty much
+  # anything, which is (imo) more important for a home server
+  mkDockerComposeContainer =
+    { directory
+    , name ? builtins.baseNameOf directory
+    , autoStart ? true
+    , extraConfig ? { }
+    , env ? { }
+    , envFiles ? [ ]
+    , extraFlags ? [ ]
+    }:
+    let
+      # referencing the file directly would make the service dependant
+      # on the entire flake, resulting in the container being restarted
+      # every time we change anything at all
+      storeDir = storeDirectory directory;
+
+      cmdline = [
+        "--build"
+        "--remove-orphans"
+      ] ++ map (env: "--env-file ${env}") envFiles
+      ++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env)
+      ++ extraFlags;
+    in
+    {
+      systemd.services."docker-compose-${name}" = {
+        wantedBy = if autoStart then [ "multi-user.target" ] else [ ];
+        after = [ "docker.service" "docker.socket" ];
+        serviceConfig = {
+          WorkingDirectory = storeDir;
+          ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}";
+          ExecStopPost = "${pkgs.docker}/bin/docker compose down";
+        } // (extraConfig.serviceConfig or { });
+      } // (builtins.removeAttrs extraConfig [ "serviceConfig" ]);
+    };
+in
+ mkDockerComposeContainer {
+  directory = ./.;
+ }

hosts/titan/services/Sharkey/docker-compose.yml

@@ -0,0 +1,83 @@
+version: "3"
+
+services:
+  web:
+#   replace image below with git.joinsharkey.org/sharkey/sharkey:stable on next release
+#    image: git.joinsharkey.org/sharkey/sharkey:latest # - VULNERABLE
+    image: registry.activitypub.software/transfem-org/sharkey:develop
+#    image: ghcr.io/transfem-org/sharkey:stable
+    # build: .
+    restart: always
+#    links:
+#      - db
+#      - redis
+#      - meilisearch
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    ports:
+      - "3006:3006"
+    networks:
+      - shonk
+    volumes:
+      - ./files:/sharkey/files
+      - ./.config:/sharkey/.config:ro
+    extra_hosts:
+      - "queer.af:65.108.48.233"
+
+  redis:
+    restart: always
+    image: redis:7-alpine
+    networks:
+      - shonk
+    volumes:
+      - ./redis:/data
+    healthcheck:
+      test: "redis-cli ping"
+      interval: 5s
+      retries: 20
+
+  db:
+    restart: always
+    image: postgres:15-alpine
+    command: >-
+      -c max_connections=200
+      -c shared_buffers=512MB
+      -c effective_cache_size=1536MB
+      -c maintenance_work_mem=128MB
+      -c checkpoint_completion_target=0.9
+      -c wal_buffers=16MB
+      -c default_statistics_target=100
+      -c random_page_cost=1.1
+      -c effective_io_concurrency=200
+      -c work_mem=1310kB
+      -c huge_pages=off
+      -c min_wal_size=1GB
+      -c max_wal_size=4GB
+    networks:
+      - shonk
+    env_file:
+      - .config/docker.env
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    healthcheck:
+      test: "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"
+      interval: 5s
+      retries: 20
+
+#  meilisearch:
+#    restart: always
+#    image: getmeili/meilisearch:v1.3.4
+#    environment:
+#      - MEILI_NO_ANALYTICS=true
+#      - MEILI_ENV=production
+#    networks:
+#      - shonk
+#    volumes:
+#      - ./meili_data:/meili_data
+
+
+networks:
+  shonk:

hosts/titan/services/cloud.nix

@@ -11,7 +11,7 @@ inputs: { pkgs, config, ... }: {
       overwriteProtocol = "https";
     };
     extraApps = with config.services.nextcloud.package.packages.apps; {
-      inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks;
+      inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks contacts;
     };
     /*
     extraOptions = {

hosts/titan/services/office.nix

@@ -0,0 +1,8 @@
+inputs: { ... }: {
+  services.onlyoffice = {
+    enable = true;
+    hostname = "localhost";
+    port = 3005;
+  };
+  services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 3005; } ];
+}

llama.log

@@ -0,0 +1,53 @@
+[1706516367] 
+llama server listening at http://127.0.0.1:62322
+
+[1706516367] warming up the model with an empty run
+[1706516367] Available slots:
+[1706516367]  -> Slot 0 - max context: 2048
+[1706516367] all slots are idle and system prompt is empty, clear the KV cache
+[1706516368] slot 0 is processing [task id: 0]
+[1706516368] slot 0 : kv cache rm - [0, end)
+[1706516384] sampled token:  3492: 'You'
+[1706516384] sampled token:   526: ' are'
+[1706516384] sampled token:   263: ' a'
+[1706516384] sampled token:  8444: ' helpful'
+[1706516384] sampled token:   319: ' A'
+[1706516384] sampled token: 29902: 'I'
+[1706516384] sampled token: 20255: ' assistant'
+[1706516384] sampled token: 29991: '!'
+[1706516384] sampled token:   306: ' I'
+[1706516384] sampled token:   626: ' am'
+[1706516384] sampled token:  2307: ' already'
+[1706516385] sampled token:  2734: ' running'
+[1706516385] sampled token:   373: ' on'
+[1706516385] sampled token:   596: ' your'
+[1706516385] sampled token:  3271: ' home'
+[1706516385] sampled token:  9609: ' PC'
+[1706516385] sampled token: 29889: '.'
+[1706516385] sampled token:   887: ' You'
+[1706516385] sampled token:   508: ' can'
+[1706516385] sampled token:  1423: ' check'
+[1706516385] sampled token:   590: ' my'
+[1706516385] sampled token:  4660: ' status'
+[1706516385] sampled token:   491: ' by'
+[1706516385] sampled token: 19229: ' typing'
+[1706516385] sampled token:   376: ' "'
+[1706516385] sampled token:  1004: 'me'
+[1706516385] sampled token: 29908: '"'
+[1706516385] sampled token:   472: ' at'
+[1706516385] sampled token:   278: ' the'
+[1706516385] sampled token:  9508: ' prompt'
+[1706516385] sampled token:   470: ' or'
+[1706516385] sampled token:  3763: ' simply'
+[1706516385] sampled token:  6721: ' asking'
+[1706516385] sampled token:   363: ' for'
+[1706516385] sampled token:   372: ' it'
+[1706516385] sampled token:   297: ' in'
+[1706516385] sampled token: 13563: ' chat'
+[1706516385] sampled token: 29889: '.'
+[1706516385] sampled token:     2: ''
+[1706516385] 
+[1706516385] print_timings: prompt eval time =   16766.02 ms /   598 tokens (   28.04 ms per token,    35.67 tokens per second)
+[1706516385] print_timings:        eval time =     718.30 ms /    39 runs   (   18.42 ms per token,    54.29 tokens per second)
+[1706516385] print_timings:       total time =   17484.32 ms
+[1706516385] slot 0 released (637 tokens in cache)

users/ultra/home.nix

@@ -187,6 +187,7 @@ in {
         ktailctl
         caddy
         floorp
+        mpris-scrobbler
       ];
     };