diff --git a/system/default.nix b/system/default.nix index 54330bb5..41605bf0 100644 --- a/system/default.nix +++ b/system/default.nix @@ -121,7 +121,7 @@ with mylib.networking; { settings.trusted-users = ["root" "${username}"]; # Auto garbage-collect and optimize store - gc.automatic = true; + gc.automatic = false; # Done by nh.clean.enable; gc.options = "--delete-older-than 5d"; settings.auto-optimise-store = true; optimise.automatic = true; diff --git a/system/modules/sops-nix/secrets.yaml b/system/modules/sops-nix/secrets.yaml index 13354add..68ddc77f 100644 --- a/system/modules/sops-nix/secrets.yaml +++ b/system/modules/sops-nix/secrets.yaml @@ -11,6 +11,9 @@ docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc kdeconnect-cert: ENC[AES256_GCM,data:9F/puHRjrsN+ALk33dg0bN7ev/AbO4yyUbgucN1IxTun1Ht7TIMUQfCv+pl+PfeWClcn9KJ1wSoUBU3KM6b8xb8yib0u+HbKRM+ZoHSXuEL87OXZcp0HdsH3cOijDr3QaIoZJkxOWR8AXxOnkNqly5jKKy7uH1F3eWc4NmCzUn+GemyKJDPEg0FgHDNA4hRwH3CloCk/3kJn6vy4NHYf5+a1/EvSpfdi+8NXKYpEiQz7c0DXmpWv+rXsibnWTbxrwcahBCWquiIDu7xERYPqcfl4poMIoSWffr+rB+C5QdCfAk0bgT3Yey0ABJRyBrjkZR9MWly4zC3n4g/d6s1KeME9K0g0A2LniWpJFZTpW9tCsPavhDufNZDvVYF23vxS96OP3OwfggP6HNqP0UF9TSUnagtDp7OiFZbwA9jZ8ptHt3rHNNxDy8LwUiiOMQYcsF4VP8+2U087VJeGuskXCqbLrArO+zEOwLL9fRA2bNRY//hP+zHtATzD75X9XoBGmWFAMq41yXOtfun7TqHEcc/pMLpTalVYoB9wynx2DpGrCFrU/Zz3utcXkvEgVXPaPogMy5IJfClDRBB/7FI8wSVvEUx1ZQGx2Z3dGTrbIVQ9BxkPVUTcXAgpOJbX7jkM4aXzusaYqtItZHqkoeLqW6ETniWWlJPg8+A6jMs+trHFT2rLv9bhWdPSn8GIS8ffZerZ9H5hVrhZxBSR3oytRluLyJwE0yfJ2sj7XE0738PutFLkoMYcAINYLcV8XVCeUnDQrkPVSbPK9aGSVuZhtc0pJBYKikAKj3nBnYXT3eK5DIslQCLrFEOJ2f6mFig=,iv:y3YOsyFmEdiixpgCHL8/PZ/rXXAALUUJXO4WgoQbahI=,tag:pl6M+l3uDjsQA6nImgC6qg==,type:str] kdeconnect-privatekey: ENC[AES256_GCM,data:kDYemoOlOewW5d1ZW3AEM0LhrrBCo8DlgsqRYOUgVOCvt1hUA/MD7s7EzIiEsdzlnSTgjQWVOoPY/HcJvpkwbJOLwh05jfTOj5/lB0bLubDAoE0Xtxx1cYhzrYfCxkxa3XRXzqIXVVU1uN/QDM+/vhXHg7iHlTxLDDxuUPLTbpj8HQQ/1Ll7dyZ2C1QTViTIZiMP4Cu+vQh1AkEijRF02hG6IT3XkKwiyPwT40PCRVziBCO2Bambnuu8HLhXSvnznRpdYTlcPKwT1QJVKIgdnW3tDcZ4Vuqb+XlZOpGWro2KPaQ=,iv:PLEtAsht75Wl+95BtDrYWPHF6bIY+fk6xZH93uJEFak=,tag:Wf3t65cUokBP20ZVF6aJTQ==,type:str] kdeconnect-devices: ENC[AES256_GCM,data:V52KbGwc78WntGLSqxqCvLU7H5peFha7YpwVRPTAQi+W9cMtqkqvhsDG4u9Pg3pfmTjka6IJWWgi2cHYnPo8IP36Te+3ssUHu3ZW/D+G+cgbcTANIpw05T28yPF011BsI0sGeknwxaicv9A/txhzm+ZLkctNkNlB2tHRJw8guMKJnJ+GSVwMulx6XMJ8YX8aSFbIJYU3KRZ205EoLM2GJodtPuj+uQ6Ox82AzXgOZ4HHFhVodNujHxJPg6diuckdjymGSpLFva7HpwP9/QuzjbEatJKAf9n7JLOo7NeEKKtOPUrUiBOtlCkFwk/v7119/xgDFyoxXDpK0YVgYFiiHG3TEGzqDjQkNNMsV+PH+vE+4iDJoc9utJGj0fOR7mqrmICORQ4kJwYEKdAXieV3iPmDFbvIAociqPqIihmAsGvJYG20oHojGyqZqY6KJf9qeFdBUXHvtK17hvLyREa/eNOb2DQcVd6Xu3qUIgQps2X7EPUY8GICaiLlDFYD5YiZQgo/t8/zejogluzp5bVGb+La1NsImQJhFaLfwaZwU/5Uybq1c9B8gC11+9pyE5ip/ubH7+yzhBJ90PYlePQZ/uR55CfGRi9AmFdDgaM5FJenGHXGei84UuHZa0NDUKD4QAZWvf3VJJgTGPZyEY+NCe592AIgmCDb9/H1RHn0Cm/ye8L1y7RJ0RUb374D5wwH3zwgm8zuVXyycbEsIHHQGKAn1WfjpqRXAgl5MsBAHQm/aOFJdH5dyxe+xXgc8h1l/ijZMKj4m4W1D8d1hpyARzL3xcqbzc17ZPStRI1a04IZAfsbLmWvecS2mQDATgJ31k3luh4hg0LJZvvA9/cQ2c7F/ZGhVHEpXv1LguBG6XduHS1qCfhSiMYN060Jh/YO2nZ5EMKN+bTx+c+vUHbLSO764h4ycI+PAIndxgPsWKDhDztAcX9nGTU+27eXpKOi0+J6/1KuTA==,iv:jeyEk0s+N7I2HBtRGj2Y6N5bEhZ3ETmd3ldeQj3TAaI=,tag:noeRbcabwFLHNduRsZMydQ==,type:str] +kagi-api-key: ENC[AES256_GCM,data:54N717EDbqMkg6O0SM3z15vWikD8fSRx2auk9pzRnlhqEq7BTvTkfYgIljr1VgL2OgWFm0IKKoGNXWqJg121zjWZABh/qyqEougRv67Kq6MVieNW2t8f,iv:lCPme9wlQXI3XtvhKd9XwfJsxj/mqNKSDl9kV137xg4=,tag:L2mKVw6VOLeTMl6mXcxvHA==,type:str] +google-pse-id: ENC[AES256_GCM,data:fxMVccflFndoVhTJflxHelg=,iv:MkzEOtfP7x/1PYx0ytYUrKU+VBiyfKIZSbPhXb47SC0=,tag:s5ew0kJNIVJCGFH4J8980w==,type:str] +google-pse-key: ENC[AES256_GCM,data:qb6pqGlX+yMMUrscab27q+w5FWwMoik5rGJzjGzOMrelEVUuSErw,iv:8pWr0BNjL2Iw+7hDzrSyuE3reR51Jz+CIToEUkuYpyU=,tag:+7l+0X+1zWwDG3nJmP2ugA==,type:str] # #ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment] # @@ -34,7 +37,7 @@ sops: SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-12T15:50:53Z" - mac: ENC[AES256_GCM,data:hfO7iaF3oYsbgvzJpu0rcQyh7ywJsowbxCgQ+BqUQHF4sz+m6OZu4nHoVJi0LFqzZA1stJtfdRS+SaWOx5hFitXQ+VKmOXWABxUOzEWeDYPzPyoseG6XUna2L6gtdy9dLlOtiXvDCOWfv2+bs5FzsC29x2QcP1KEW0tVEoUCKIg=,iv:PE8674LhIpAAGCjn0UqEAGqI6l4XiG/73iThZWJIIrY=,tag:XmF1AYu9hlIrvwWt/EiLzw==,type:str] + lastmodified: "2025-07-14T13:46:56Z" + mac: ENC[AES256_GCM,data:rsuS5oNOKGyWdek+arJOaKZuz8GV1WQdnyssnuYt4lgMVFqBgOxtRdwB+1paZtwJ766stKUiPLwZTRT/Lk4DbXH5yKU5L5uypBl24phC76RLfWqKNtm/n+r8DITAVlO3QIIhO9VhfkYDzT5v+eh9BbFT5FbLd4Y94qWqTqu0fGg=,iv:gkd1UBc3wwI3MIJe2ksNdEkTma+eQWyClaJpN3vTffQ=,tag:D7Z1RmZOBsSML9fw/7Umug==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index d9dc2b7a..2d9c8d99 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -80,13 +80,27 @@ "kdeconnect-cert" "kdeconnect-privatekey" "kdeconnect-devices" + "kagi-api-key" + "google-pse-id" + "google-pse-key" ]; }; + sops.templates."open-webui-secrets.env".content = '' + KAGI_SEARCH_API_KEY=${config.sops.placeholder.kagi-api-key} + GOOGLE_PSE_ENGINE_ID=${config.sops.placeholder.google-pse-id} + GOOGLE_PSE_API_KEY=${config.sops.placeholder.google-pse-key} + ''; + boot = { kernelPackages = pkgs.linuxPackages_zen; }; + environment.systemPackages = with pkgs; [ + # TODO: Not found by docling + tesseract # For services.docling-serve + ]; + programs = { ausweisapp = { enable = true; @@ -94,17 +108,43 @@ }; }; + # TODO: To AI module services = { + # TODO: Docling doesn't find tesseract OCR engine... Probably use docker? + docling-serve = { + enable = true; + stateDir = "/var/lib/docling-serve"; + + host = "127.0.0.1"; + port = 11111; + openFirewall = false; + }; + ollama = { enable = true; acceleration = "cuda"; home = "/var/lib/ollama"; loadModels = [ - "deepseek-r1:8b" + "deepseek-r1:8b" # Default "deepseek-r1:14b" ]; + # https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server + environmentVariables = { + # Flash Attention is a feature of most modern models + # that can significantly reduce memory usage as the context size grows. + OLLAMA_FLASH_ATTENTION = "1"; + + # The K/V context cache can be quantized to significantly + # reduce memory usage when Flash Attention is enabled. + OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0 + + # To improve Retrieval-Augmented Generation (RAG) performance, you should increase + # the context length to 8192+ tokens in your Ollama model settings. + OLLAMA_CONTEXT_LENGTH = "8192"; + }; + host = "127.0.0.1"; port = 11434; openFirewall = false; @@ -116,18 +156,36 @@ # https://docs.openwebui.com/getting-started/env-configuration environment = { - WEBUI_AUTH = "False"; + DEFAULT_MODELS = builtins.head config.services.ollama.loadModels; + TASK_MODEL = builtins.head config.services.ollama.loadModels; + ENABLE_OPENAI_API = "False"; ENABLE_OLLAMA_API = "True"; OLLAMA_BASE_URL = "http://${config.services.ollama.host}:${builtins.toString config.services.ollama.port}"; - ENABLE_OPENAI_API = "False"; + ENABLE_EVALUATION_ARENA_MODELS = "False"; + ENABLE_COMMUNITY_SHARING = "False"; + CONTENT_EXTRACTION_ENGINE = "docling"; + DOCLING_SERVER_URL = "http://${config.services.docling-serve.host}:${builtins.toString config.services.docling-serve.port}"; + + ENABLE_RAG_HYBRID_SEARCH = "False"; + ENABLE_RAG_LOCAL_WEB_FETCH = "True"; + + ENABLE_WEB_SEARCH = "True"; + WEB_SEARCH_ENGINE = "google_pse"; + # GOOGLE_PSE_ENGINE_ID = ""; # Use environmentFile + # GOOGLE_PSE_API_KEY = ""; # Use environmentFile + # KAGI_SEARCH_API_KEY = ""; # Use environmentFile + + WEBUI_AUTH = "False"; ANONYMIZED_TELEMETRY = "False"; DO_NOT_TRACK = "True"; SCARF_NO_ANALYTICS = "True"; }; + environmentFile = config.sops.templates."open-webui-secrets.env".path; + host = "127.0.0.1"; port = 11435; openFirewall = false;