System/Nixinator: Disable ollama system service and open-webui, add restic backup service for /persist
This commit is contained in:
@ -8,10 +8,8 @@ docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc
|
|||||||
#
|
#
|
||||||
#ENC[AES256_GCM,data:y5dlZFhK38dR+Q==,iv:1JYizUeyWeMR4KUblkj7kVSHPCL5l8mFpaQdo774BcM=,tag:kUTnBZb46KYQyi8bgIYSOQ==,type:comment]
|
#ENC[AES256_GCM,data:y5dlZFhK38dR+Q==,iv:1JYizUeyWeMR4KUblkj7kVSHPCL5l8mFpaQdo774BcM=,tag:kUTnBZb46KYQyi8bgIYSOQ==,type:comment]
|
||||||
#
|
#
|
||||||
kagi-api-key: ENC[AES256_GCM,data:54N717EDbqMkg6O0SM3z15vWikD8fSRx2auk9pzRnlhqEq7BTvTkfYgIljr1VgL2OgWFm0IKKoGNXWqJg121zjWZABh/qyqEougRv67Kq6MVieNW2t8f,iv:lCPme9wlQXI3XtvhKd9XwfJsxj/mqNKSDl9kV137xg4=,tag:L2mKVw6VOLeTMl6mXcxvHA==,type:str]
|
|
||||||
google-pse-id: ENC[AES256_GCM,data:fxMVccflFndoVhTJflxHelg=,iv:MkzEOtfP7x/1PYx0ytYUrKU+VBiyfKIZSbPhXb47SC0=,tag:s5ew0kJNIVJCGFH4J8980w==,type:str]
|
|
||||||
google-pse-key: ENC[AES256_GCM,data:qb6pqGlX+yMMUrscab27q+w5FWwMoik5rGJzjGzOMrelEVUuSErw,iv:8pWr0BNjL2Iw+7hDzrSyuE3reR51Jz+CIToEUkuYpyU=,tag:+7l+0X+1zWwDG3nJmP2ugA==,type:str]
|
|
||||||
makemkv-app-key: ENC[AES256_GCM,data:/pTxr4q4ucJLx5VI8ySzOgd4g1s+6lcZNe4crxRmidTYrhJ0I6V3CIhm4wLC105W+Xka6HIZTqPn8SbqcMC4Dt3wSus=,iv:aYsGobD+Vl/VUNAHcAxQb7HEmLT8aXyKNOELgzvKDH4=,tag:xhnVb/ns6VZEnTuoUv9w5A==,type:str]
|
makemkv-app-key: ENC[AES256_GCM,data:/pTxr4q4ucJLx5VI8ySzOgd4g1s+6lcZNe4crxRmidTYrhJ0I6V3CIhm4wLC105W+Xka6HIZTqPn8SbqcMC4Dt3wSus=,iv:aYsGobD+Vl/VUNAHcAxQb7HEmLT8aXyKNOELgzvKDH4=,tag:xhnVb/ns6VZEnTuoUv9w5A==,type:str]
|
||||||
|
restic-repo-key: ENC[AES256_GCM,data:lSFuhjbhdQq4cabAVFGQ4kuaJxb7EhXgBDlgoEQWJhs=,iv:7IhGDBYEwY1TwLvc/4DOkUBQ3eqSszZcKwnT7Lllfps=,tag:yJVlMi9X0W+Kh3zMkb0QuA==,type:str]
|
||||||
#
|
#
|
||||||
#ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment]
|
#ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment]
|
||||||
#
|
#
|
||||||
@ -35,7 +33,7 @@ sops:
|
|||||||
SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h
|
SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h
|
||||||
FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA==
|
FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-07-15T18:57:57Z"
|
lastmodified: "2025-07-19T01:29:00Z"
|
||||||
mac: ENC[AES256_GCM,data:IMVTkcb+gRIHJILw1wEa4MWZ+KMsVBIhpm4wVfDJI3+sh2hVcs/k6nsUlNDo/uTi33noXGKnzuVQLdMMuQcqMUYW7N6C+HbZxsab9nZFiKRyfsrFGyip+v36ffB+C0Dslpc8WkeVUglx5rw1DYlnRwRrDjtZG876pnB8f8poJXs=,iv:sm58Vucybz4n4DzDKVzHI/GXuLdCD4cOpUgMxqBESng=,tag:JtnyqWwKAw9Org7XG6o2+Q==,type:str]
|
mac: ENC[AES256_GCM,data:IzLYRuOlkUpry37sw7OB5MglntVflMjCcNiWpi7rvT2suOivLX9IT36qZFfYIbVIFXDmfsi1hsTvsPyekD7vVWQ1vkajAlGQYYTVpnO2cFrK3+TfWCyYjiD01rQBiRikybrR11zWRq6atieurDIxMUMEI7ypiqFOwpYaqSePAFc=,iv:9bc6rc4gjuiJWNjg1g0KfySqxnPjpzmlzDi/R+Iv2g4=,tag:tEwthVZAmdXbwRtoNykGrQ==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.10.2
|
version: 3.10.2
|
||||||
|
|||||||
@ -80,10 +80,8 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
sops-nix.secrets.${username} = [
|
sops-nix.secrets.${username} = [
|
||||||
"kagi-api-key"
|
|
||||||
"google-pse-id"
|
|
||||||
"google-pse-key"
|
|
||||||
"makemkv-app-key"
|
"makemkv-app-key"
|
||||||
|
"restic-repo-key"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -95,12 +93,6 @@
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.templates."open-webui-secrets.env".content = ''
|
|
||||||
KAGI_SEARCH_API_KEY=${config.sops.placeholder.kagi-api-key}
|
|
||||||
GOOGLE_PSE_ENGINE_ID=${config.sops.placeholder.google-pse-id}
|
|
||||||
GOOGLE_PSE_API_KEY=${config.sops.placeholder.google-pse-key}
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = pkgs.linuxPackages_zen;
|
kernelPackages = pkgs.linuxPackages_zen;
|
||||||
|
|
||||||
@ -108,10 +100,7 @@
|
|||||||
# plymouth.enable = true;
|
# plymouth.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
# environment.systemPackages = with pkgs; [];
|
||||||
# TODO: Not found by docling
|
|
||||||
tesseract # For services.docling-serve
|
|
||||||
];
|
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
ausweisapp = {
|
ausweisapp = {
|
||||||
@ -127,90 +116,59 @@
|
|||||||
fileSystems = ["/"];
|
fileSystems = ["/"];
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Docling doesn't find tesseract OCR engine... Probably use docker?
|
# Keep this as a system service because we're backing up /persist as root
|
||||||
docling-serve = {
|
restic.backups."synology" = {
|
||||||
enable = false;
|
# user = "${username}"; # Keep default (root), so restic can read everything
|
||||||
stateDir = "/var/lib/docling-serve";
|
|
||||||
|
|
||||||
host = "127.0.0.1";
|
repository = "/home/${username}/Restic";
|
||||||
port = 11111;
|
initialize = true;
|
||||||
openFirewall = false;
|
passwordFile = config.sops.secrets.restic-repo-key.path;
|
||||||
};
|
createWrapper = true;
|
||||||
|
|
||||||
# TODO: To AI module
|
timerConfig = {
|
||||||
ollama = {
|
OnCalendar = "daily";
|
||||||
enable = true;
|
Persistent = true;
|
||||||
acceleration = "cuda";
|
RandomizedDelaySec = "5h";
|
||||||
home = "/var/lib/ollama";
|
|
||||||
|
|
||||||
# TODO: This slows down booting although models are present?
|
|
||||||
# Maybe because it's waiting for /persist/var/lib/private/ollama?
|
|
||||||
# loadModels = [
|
|
||||||
# "deepseek-r1:8b" # Default
|
|
||||||
# "deepseek-r1:14b"
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server
|
|
||||||
environmentVariables = {
|
|
||||||
# Flash Attention is a feature of most modern models
|
|
||||||
# that can significantly reduce memory usage as the context size grows.
|
|
||||||
OLLAMA_FLASH_ATTENTION = "1";
|
|
||||||
|
|
||||||
# The K/V context cache can be quantized to significantly
|
|
||||||
# reduce memory usage when Flash Attention is enabled.
|
|
||||||
OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0
|
|
||||||
|
|
||||||
# To improve Retrieval-Augmented Generation (RAG) performance, you should increase
|
|
||||||
# the context length to 8192+ tokens in your Ollama model settings.
|
|
||||||
OLLAMA_CONTEXT_LENGTH = "8192";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
host = "127.0.0.1";
|
runCheck = true;
|
||||||
port = 11434;
|
checkOpts = [
|
||||||
openFirewall = false;
|
"--with-cache"
|
||||||
};
|
];
|
||||||
|
|
||||||
# TODO: To AI module
|
pruneOpts = [
|
||||||
# TODO: WebSearch + RAG issues
|
"--keep-daily 3"
|
||||||
open-webui = {
|
"--keep-weekly 2"
|
||||||
enable = false;
|
# "--keep-monthly 0"
|
||||||
stateDir = "/var/lib/open-webui";
|
# "--keep-yearly 0"
|
||||||
|
|
||||||
# https://docs.openwebui.com/getting-started/env-configuration
|
"--prune" # Automatically remove dangling files not referenced by any snapshot
|
||||||
environment = {
|
"--repack-uncompressed"
|
||||||
DEFAULT_MODELS = builtins.head config.services.ollama.loadModels;
|
];
|
||||||
TASK_MODEL = builtins.head config.services.ollama.loadModels;
|
|
||||||
|
|
||||||
ENABLE_OPENAI_API = "False";
|
paths = ["/persist"];
|
||||||
ENABLE_OLLAMA_API = "True";
|
exclude = [
|
||||||
OLLAMA_BASE_URL = "http://${config.services.ollama.host}:${builtins.toString config.services.ollama.port}";
|
# The backup is just supposed to allow a system restore
|
||||||
|
"/persist/old_homes"
|
||||||
|
"/persist/old_roots"
|
||||||
|
|
||||||
ENABLE_EVALUATION_ARENA_MODELS = "False";
|
# Those are synced by nextcloud, no need to backup them 50 times
|
||||||
ENABLE_COMMUNITY_SHARING = "False";
|
"/persist/home/${username}/Documents"
|
||||||
|
"/persist/home/${username}/NixFlake"
|
||||||
|
"/persist/home/${username}/Notes"
|
||||||
|
"/persist/home/${username}/Projects"
|
||||||
|
"/persist/home/${username}/Public"
|
||||||
|
|
||||||
CONTENT_EXTRACTION_ENGINE = "docling";
|
# Some more caches
|
||||||
DOCLING_SERVER_URL = "http://${config.services.docling-serve.host}:${builtins.toString config.services.docling-serve.port}";
|
".cache"
|
||||||
|
"cache2" # firefox
|
||||||
ENABLE_RAG_HYBRID_SEARCH = "False";
|
"Cache"
|
||||||
ENABLE_RAG_LOCAL_WEB_FETCH = "True";
|
];
|
||||||
|
extraBackupArgs = [
|
||||||
ENABLE_WEB_SEARCH = "True";
|
"--exclude-caches" # Excludes marked cache directories
|
||||||
WEB_SEARCH_ENGINE = "google_pse";
|
"--one-file-system" # Only stay on /persist (in case symlinks lead elsewhere)
|
||||||
# GOOGLE_PSE_ENGINE_ID = ""; # Use environmentFile
|
"--cleanup-cache" # Auto remove old cache directories
|
||||||
# GOOGLE_PSE_API_KEY = ""; # Use environmentFile
|
];
|
||||||
# KAGI_SEARCH_API_KEY = ""; # Use environmentFile
|
|
||||||
|
|
||||||
WEBUI_AUTH = "False";
|
|
||||||
ANONYMIZED_TELEMETRY = "False";
|
|
||||||
DO_NOT_TRACK = "True";
|
|
||||||
SCARF_NO_ANALYTICS = "True";
|
|
||||||
};
|
|
||||||
|
|
||||||
environmentFile = config.sops.templates."open-webui-secrets.env".path;
|
|
||||||
|
|
||||||
host = "127.0.0.1";
|
|
||||||
port = 11435;
|
|
||||||
openFirewall = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
xserver = {
|
xserver = {
|
||||||
|
|||||||
Reference in New Issue
Block a user