System/Nixinator: Disable ollama system service and open-webui, add restic backup service for /persist

system/nixinator/default.nix

@@ -80,10 +80,8 @@
     };
 
     sops-nix.secrets.${username} = [
-      "kagi-api-key"
-      "google-pse-id"
-      "google-pse-key"
       "makemkv-app-key"
+      "restic-repo-key"
     ];
   };
 
@@ -95,12 +93,6 @@
     '';
   };
 
-  sops.templates."open-webui-secrets.env".content = ''
-    KAGI_SEARCH_API_KEY=${config.sops.placeholder.kagi-api-key}
-    GOOGLE_PSE_ENGINE_ID=${config.sops.placeholder.google-pse-id}
-    GOOGLE_PSE_API_KEY=${config.sops.placeholder.google-pse-key}
-  '';
-
   boot = {
     kernelPackages = pkgs.linuxPackages_zen;
 
@@ -108,10 +100,7 @@
     # plymouth.enable = true;
   };
 
-  environment.systemPackages = with pkgs; [
-    # TODO: Not found by docling
-    tesseract # For services.docling-serve
-  ];
+  # environment.systemPackages = with pkgs; [];
 
   programs = {
     ausweisapp = {
@@ -127,90 +116,59 @@
       fileSystems = ["/"];
     };
 
-    # TODO: Docling doesn't find tesseract OCR engine... Probably use docker?
-    docling-serve = {
-      enable = false;
-      stateDir = "/var/lib/docling-serve";
+    # Keep this as a system service because we're backing up /persist as root
+    restic.backups."synology" = {
+      # user = "${username}"; # Keep default (root), so restic can read everything
 
-      host = "127.0.0.1";
-      port = 11111;
-      openFirewall = false;
-    };
+      repository = "/home/${username}/Restic";
+      initialize = true;
+      passwordFile = config.sops.secrets.restic-repo-key.path;
+      createWrapper = true;
 
-    # TODO: To AI module
-    ollama = {
-      enable = true;
-      acceleration = "cuda";
-      home = "/var/lib/ollama";
-
-      # TODO: This slows down booting although models are present?
-      #       Maybe because it's waiting for /persist/var/lib/private/ollama?
-      # loadModels = [
-      #   "deepseek-r1:8b" # Default
-      #   "deepseek-r1:14b"
-      # ];
-
-      # https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server
-      environmentVariables = {
-        # Flash Attention is a feature of most modern models
-        # that can significantly reduce memory usage as the context size grows.
-        OLLAMA_FLASH_ATTENTION = "1";
-
-        # The K/V context cache can be quantized to significantly
-        # reduce memory usage when Flash Attention is enabled.
-        OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0
-
-        # To improve Retrieval-Augmented Generation (RAG) performance, you should increase
-        # the context length to 8192+ tokens in your Ollama model settings.
-        OLLAMA_CONTEXT_LENGTH = "8192";
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        RandomizedDelaySec = "5h";
       };
 
-      host = "127.0.0.1";
-      port = 11434;
-      openFirewall = false;
-    };
+      runCheck = true;
+      checkOpts = [
+        "--with-cache"
+      ];
 
-    # TODO: To AI module
-    # TODO: WebSearch + RAG issues
-    open-webui = {
-      enable = false;
-      stateDir = "/var/lib/open-webui";
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 2"
+        # "--keep-monthly 0"
+        # "--keep-yearly 0"
 
-      # https://docs.openwebui.com/getting-started/env-configuration
-      environment = {
-        DEFAULT_MODELS = builtins.head config.services.ollama.loadModels;
-        TASK_MODEL = builtins.head config.services.ollama.loadModels;
+        "--prune" # Automatically remove dangling files not referenced by any snapshot
+        "--repack-uncompressed"
+      ];
 
-        ENABLE_OPENAI_API = "False";
-        ENABLE_OLLAMA_API = "True";
-        OLLAMA_BASE_URL = "http://${config.services.ollama.host}:${builtins.toString config.services.ollama.port}";
+      paths = ["/persist"];
+      exclude = [
+        # The backup is just supposed to allow a system restore
+        "/persist/old_homes"
+        "/persist/old_roots"
 
-        ENABLE_EVALUATION_ARENA_MODELS = "False";
-        ENABLE_COMMUNITY_SHARING = "False";
+        # Those are synced by nextcloud, no need to backup them 50 times
+        "/persist/home/${username}/Documents"
+        "/persist/home/${username}/NixFlake"
+        "/persist/home/${username}/Notes"
+        "/persist/home/${username}/Projects"
+        "/persist/home/${username}/Public"
 
-        CONTENT_EXTRACTION_ENGINE = "docling";
-        DOCLING_SERVER_URL = "http://${config.services.docling-serve.host}:${builtins.toString config.services.docling-serve.port}";
-
-        ENABLE_RAG_HYBRID_SEARCH = "False";
-        ENABLE_RAG_LOCAL_WEB_FETCH = "True";
-
-        ENABLE_WEB_SEARCH = "True";
-        WEB_SEARCH_ENGINE = "google_pse";
-        # GOOGLE_PSE_ENGINE_ID = ""; # Use environmentFile
-        # GOOGLE_PSE_API_KEY = ""; # Use environmentFile
-        # KAGI_SEARCH_API_KEY = ""; # Use environmentFile
-
-        WEBUI_AUTH = "False";
-        ANONYMIZED_TELEMETRY = "False";
-        DO_NOT_TRACK = "True";
-        SCARF_NO_ANALYTICS = "True";
-      };
-
-      environmentFile = config.sops.templates."open-webui-secrets.env".path;
-
-      host = "127.0.0.1";
-      port = 11435;
-      openFirewall = false;
+        # Some more caches
+        ".cache"
+        "cache2" # firefox
+        "Cache"
+      ];
+      extraBackupArgs = [
+        "--exclude-caches" # Excludes marked cache directories
+        "--one-file-system" # Only stay on /persist (in case symlinks lead elsewhere)
+        "--cleanup-cache" # Auto remove old cache directories
+      ];
     };
 
     xserver = {