christoph/flake-nixinator
1
Fork 0
Code Activity

System/Nixinator: Enable open-webui web search + document extraction

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-14 15:57:54 +02:00
parent b0d3c15786
commit e431c3ad25
3 changed files with 67 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system/default.nix
View File

@ -121,7 +121,7 @@ with mylib.networking; {
settings.trusted-users = ["root" "${username}"];
# Auto garbage-collect and optimize store
gc.automatic = true;
gc.automatic = false; # Done by nh.clean.enable;
gc.options = "--delete-older-than 5d";
settings.auto-optimise-store = true;
optimise.automatic = true;

7
system/modules/sops-nix/secrets.yaml
View File

@ -11,6 +11,9 @@ docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc
kdeconnect-cert: ENC[AES256_GCM,data:9F/puHRjrsN+ALk33dg0bN7ev/AbO4yyUbgucN1IxTun1Ht7TIMUQfCv+pl+PfeWClcn9KJ1wSoUBU3KM6b8xb8yib0u+HbKRM+ZoHSXuEL87OXZcp0HdsH3cOijDr3QaIoZJkxOWR8AXxOnkNqly5jKKy7uH1F3eWc4NmCzUn+GemyKJDPEg0FgHDNA4hRwH3CloCk/3kJn6vy4NHYf5+a1/EvSpfdi+8NXKYpEiQz7c0DXmpWv+rXsibnWTbxrwcahBCWquiIDu7xERYPqcfl4poMIoSWffr+rB+C5QdCfAk0bgT3Yey0ABJRyBrjkZR9MWly4zC3n4g/d6s1KeME9K0g0A2LniWpJFZTpW9tCsPavhDufNZDvVYF23vxS96OP3OwfggP6HNqP0UF9TSUnagtDp7OiFZbwA9jZ8ptHt3rHNNxDy8LwUiiOMQYcsF4VP8+2U087VJeGuskXCqbLrArO+zEOwLL9fRA2bNRY//hP+zHtATzD75X9XoBGmWFAMq41yXOtfun7TqHEcc/pMLpTalVYoB9wynx2DpGrCFrU/Zz3utcXkvEgVXPaPogMy5IJfClDRBB/7FI8wSVvEUx1ZQGx2Z3dGTrbIVQ9BxkPVUTcXAgpOJbX7jkM4aXzusaYqtItZHqkoeLqW6ETniWWlJPg8+A6jMs+trHFT2rLv9bhWdPSn8GIS8ffZerZ9H5hVrhZxBSR3oytRluLyJwE0yfJ2sj7XE0738PutFLkoMYcAINYLcV8XVCeUnDQrkPVSbPK9aGSVuZhtc0pJBYKikAKj3nBnYXT3eK5DIslQCLrFEOJ2f6mFig=,iv:y3YOsyFmEdiixpgCHL8/PZ/rXXAALUUJXO4WgoQbahI=,tag:pl6M+l3uDjsQA6nImgC6qg==,type:str]
kdeconnect-privatekey: ENC[AES256_GCM,data:kDYemoOlOewW5d1ZW3AEM0LhrrBCo8DlgsqRYOUgVOCvt1hUA/MD7s7EzIiEsdzlnSTgjQWVOoPY/HcJvpkwbJOLwh05jfTOj5/lB0bLubDAoE0Xtxx1cYhzrYfCxkxa3XRXzqIXVVU1uN/QDM+/vhXHg7iHlTxLDDxuUPLTbpj8HQQ/1Ll7dyZ2C1QTViTIZiMP4Cu+vQh1AkEijRF02hG6IT3XkKwiyPwT40PCRVziBCO2Bambnuu8HLhXSvnznRpdYTlcPKwT1QJVKIgdnW3tDcZ4Vuqb+XlZOpGWro2KPaQ=,iv:PLEtAsht75Wl+95BtDrYWPHF6bIY+fk6xZH93uJEFak=,tag:Wf3t65cUokBP20ZVF6aJTQ==,type:str]
kdeconnect-devices: ENC[AES256_GCM,data:V52KbGwc78WntGLSqxqCvLU7H5peFha7YpwVRPTAQi+W9cMtqkqvhsDG4u9Pg3pfmTjka6IJWWgi2cHYnPo8IP36Te+3ssUHu3ZW/D+G+cgbcTANIpw05T28yPF011BsI0sGeknwxaicv9A/txhzm+ZLkctNkNlB2tHRJw8guMKJnJ+GSVwMulx6XMJ8YX8aSFbIJYU3KRZ205EoLM2GJodtPuj+uQ6Ox82AzXgOZ4HHFhVodNujHxJPg6diuckdjymGSpLFva7HpwP9/QuzjbEatJKAf9n7JLOo7NeEKKtOPUrUiBOtlCkFwk/v7119/xgDFyoxXDpK0YVgYFiiHG3TEGzqDjQkNNMsV+PH+vE+4iDJoc9utJGj0fOR7mqrmICORQ4kJwYEKdAXieV3iPmDFbvIAociqPqIihmAsGvJYG20oHojGyqZqY6KJf9qeFdBUXHvtK17hvLyREa/eNOb2DQcVd6Xu3qUIgQps2X7EPUY8GICaiLlDFYD5YiZQgo/t8/zejogluzp5bVGb+La1NsImQJhFaLfwaZwU/5Uybq1c9B8gC11+9pyE5ip/ubH7+yzhBJ90PYlePQZ/uR55CfGRi9AmFdDgaM5FJenGHXGei84UuHZa0NDUKD4QAZWvf3VJJgTGPZyEY+NCe592AIgmCDb9/H1RHn0Cm/ye8L1y7RJ0RUb374D5wwH3zwgm8zuVXyycbEsIHHQGKAn1WfjpqRXAgl5MsBAHQm/aOFJdH5dyxe+xXgc8h1l/ijZMKj4m4W1D8d1hpyARzL3xcqbzc17ZPStRI1a04IZAfsbLmWvecS2mQDATgJ31k3luh4hg0LJZvvA9/cQ2c7F/ZGhVHEpXv1LguBG6XduHS1qCfhSiMYN060Jh/YO2nZ5EMKN+bTx+c+vUHbLSO764h4ycI+PAIndxgPsWKDhDztAcX9nGTU+27eXpKOi0+J6/1KuTA==,iv:jeyEk0s+N7I2HBtRGj2Y6N5bEhZ3ETmd3ldeQj3TAaI=,tag:noeRbcabwFLHNduRsZMydQ==,type:str]
kagi-api-key: ENC[AES256_GCM,data:54N717EDbqMkg6O0SM3z15vWikD8fSRx2auk9pzRnlhqEq7BTvTkfYgIljr1VgL2OgWFm0IKKoGNXWqJg121zjWZABh/qyqEougRv67Kq6MVieNW2t8f,iv:lCPme9wlQXI3XtvhKd9XwfJsxj/mqNKSDl9kV137xg4=,tag:L2mKVw6VOLeTMl6mXcxvHA==,type:str]
google-pse-id: ENC[AES256_GCM,data:fxMVccflFndoVhTJflxHelg=,iv:MkzEOtfP7x/1PYx0ytYUrKU+VBiyfKIZSbPhXb47SC0=,tag:s5ew0kJNIVJCGFH4J8980w==,type:str]
google-pse-key: ENC[AES256_GCM,data:qb6pqGlX+yMMUrscab27q+w5FWwMoik5rGJzjGzOMrelEVUuSErw,iv:8pWr0BNjL2Iw+7hDzrSyuE3reR51Jz+CIToEUkuYpyU=,tag:+7l+0X+1zWwDG3nJmP2ugA==,type:str]
#
#ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment]
#
@ -34,7 +37,7 @@ sops:
SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h
FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-12T15:50:53Z"
mac: ENC[AES256_GCM,data:hfO7iaF3oYsbgvzJpu0rcQyh7ywJsowbxCgQ+BqUQHF4sz+m6OZu4nHoVJi0LFqzZA1stJtfdRS+SaWOx5hFitXQ+VKmOXWABxUOzEWeDYPzPyoseG6XUna2L6gtdy9dLlOtiXvDCOWfv2+bs5FzsC29x2QcP1KEW0tVEoUCKIg=,iv:PE8674LhIpAAGCjn0UqEAGqI6l4XiG/73iThZWJIIrY=,tag:XmF1AYu9hlIrvwWt/EiLzw==,type:str]
lastmodified: "2025-07-14T13:46:56Z"
mac: ENC[AES256_GCM,data:rsuS5oNOKGyWdek+arJOaKZuz8GV1WQdnyssnuYt4lgMVFqBgOxtRdwB+1paZtwJ766stKUiPLwZTRT/Lk4DbXH5yKU5L5uypBl24phC76RLfWqKNtm/n+r8DITAVlO3QIIhO9VhfkYDzT5v+eh9BbFT5FbLd4Y94qWqTqu0fGg=,iv:gkd1UBc3wwI3MIJe2ksNdEkTma+eQWyClaJpN3vTffQ=,tag:D7Z1RmZOBsSML9fw/7Umug==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

64
system/nixinator/default.nix
View File

@ -80,13 +80,27 @@
"kdeconnect-cert"
"kdeconnect-privatekey"
"kdeconnect-devices"
"kagi-api-key"
"google-pse-id"
"google-pse-key"
];
};
sops.templates."open-webui-secrets.env".content = ''
KAGI_SEARCH_API_KEY=${config.sops.placeholder.kagi-api-key}
GOOGLE_PSE_ENGINE_ID=${config.sops.placeholder.google-pse-id}
GOOGLE_PSE_API_KEY=${config.sops.placeholder.google-pse-key}
'';
boot = {
kernelPackages = pkgs.linuxPackages_zen;
};
environment.systemPackages = with pkgs; [
# TODO: Not found by docling
tesseract # For services.docling-serve
];
programs = {
ausweisapp = {
enable = true;
@ -94,17 +108,43 @@
};
};
# TODO: To AI module
services = {
# TODO: Docling doesn't find tesseract OCR engine... Probably use docker?
docling-serve = {
enable = true;
stateDir = "/var/lib/docling-serve";
host = "127.0.0.1";
port = 11111;
openFirewall = false;
};
ollama = {
enable = true;
acceleration = "cuda";
home = "/var/lib/ollama";
loadModels = [
"deepseek-r1:8b"
"deepseek-r1:8b" # Default
"deepseek-r1:14b"
];
# https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server
environmentVariables = {
# Flash Attention is a feature of most modern models
# that can significantly reduce memory usage as the context size grows.
OLLAMA_FLASH_ATTENTION = "1";
# The K/V context cache can be quantized to significantly
# reduce memory usage when Flash Attention is enabled.
OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0
# To improve Retrieval-Augmented Generation (RAG) performance, you should increase
# the context length to 8192+ tokens in your Ollama model settings.
OLLAMA_CONTEXT_LENGTH = "8192";
};
host = "127.0.0.1";
port = 11434;
openFirewall = false;
@ -116,18 +156,36 @@
# https://docs.openwebui.com/getting-started/env-configuration
environment = {
WEBUI_AUTH = "False";
DEFAULT_MODELS = builtins.head config.services.ollama.loadModels;
TASK_MODEL = builtins.head config.services.ollama.loadModels;
ENABLE_OPENAI_API = "False";
ENABLE_OLLAMA_API = "True";
OLLAMA_BASE_URL = "http://${config.services.ollama.host}:${builtins.toString config.services.ollama.port}";
ENABLE_OPENAI_API = "False";
ENABLE_EVALUATION_ARENA_MODELS = "False";
ENABLE_COMMUNITY_SHARING = "False";
CONTENT_EXTRACTION_ENGINE = "docling";
DOCLING_SERVER_URL = "http://${config.services.docling-serve.host}:${builtins.toString config.services.docling-serve.port}";
ENABLE_RAG_HYBRID_SEARCH = "False";
ENABLE_RAG_LOCAL_WEB_FETCH = "True";
ENABLE_WEB_SEARCH = "True";
WEB_SEARCH_ENGINE = "google_pse";
# GOOGLE_PSE_ENGINE_ID = ""; # Use environmentFile
# GOOGLE_PSE_API_KEY = ""; # Use environmentFile
# KAGI_SEARCH_API_KEY = ""; # Use environmentFile
WEBUI_AUTH = "False";
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
};
environmentFile = config.sops.templates."open-webui-secrets.env".path;
host = "127.0.0.1";
port = 11435;
openFirewall = false;