System/Nixinator: Disable ollama system service and open-webui, add restic backup service for /persist

System/Nixinator: Mount synology backup directory
Home/Christoph: Switch to local ollama service (instead of system service)
2025-07-19 04:03:19 +02:00 · 2025-07-19 04:02:51 +02:00 · 2025-07-19 04:02:34 +02:00 · 2025-07-19 04:02:08 +02:00 · 2025-07-19 04:02:00 +02:00 · 2025-07-19 04:01:53 +02:00
9 changed files with 111 additions and 110 deletions
--- a/home/christoph/default.nix
+++ b/home/christoph/default.nix
@ -377,6 +377,7 @@
    };
    # Add stuff for your user as you see fit:
    # TODO: Make the headless installations smaller
    packages = with pkgs;
      lib.mkMerge [
        [
@ -384,12 +385,12 @@
          (ripgrep.override {withPCRE2 = true;}) # fast as fuck
          gdu # Alternative to du-dust (I like it better)
          duf # Disk usage analyzer (for all disk overview)
-          sd # sed alternative
+          sd # Sed alternative
-          fclones # duplicate file finder
+          fclones # Duplicate file finder
-          tealdeer # very fast tldr (so readable man)
+          tealdeer # Very fast tldr (so readable man)
          killall
          atool # Archive preview
-          ouch # unified compression/decompression
+          ouch # Unified compression/decompression
          ffmpegthumbnailer # Video thumbnails
          mediainfo # Media meta information
          file # File meta information
@ -398,17 +399,21 @@
          unzip # Unzip stuff
          progress # Find coreutils processes and show their progress
          tokei # Text file statistics in a project
-          playerctl # media player control
+          playerctl # Media player control
-          pastel # color tools
+          pastel # Color tools
-          nvd # nix rebuild diff
+          nvd # Nix rebuild diff
-          nix-search-tv # search nixpkgs, nur, nixos options and homemanager options
+          nix-search-tv # Search nixpkgs, nur, nixos options and homemanager options
          nix-tree # Browse the nix store sorted by size (gdu for closures)
          nurl # Generate nix fetcher sections based on URLs
          python313 # Nicer scripting than bash
          binsider # Analyze binaries
          lazyjournal # Journalctl viewer
          systemctl-tui
          restic # Backups
          # Hardware/Software info
          pciutils # lspci
-          glxinfo # opengl info
+          glxinfo # OpenGL info
          wayland-utils # wayland-info
          clinfo # OpenCL info
          vulkan-tools # vulkaninfo
--- a/home/christoph/nixinator/default.nix
+++ b/home/christoph/nixinator/default.nix
@ -5,6 +5,7 @@
  config,
  lib,
  mylib,
  username,
  ...
 }: {
  imports = [
@ -163,6 +164,35 @@
    };
    services = {
      ollama = {
        enable = true;
        acceleration = "cuda";
        # home = "/var/lib/ollama";
        # loadModels = [
        #   "deepseek-r1:8b" # Default
        #   "deepseek-r1:14b"
        # ];
        # https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server
        environmentVariables = {
          # Flash Attention is a feature of most modern models
          # that can significantly reduce memory usage as the context size grows.
          OLLAMA_FLASH_ATTENTION = "1";
          # The K/V context cache can be quantized to significantly
          # reduce memory usage when Flash Attention is enabled.
          OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0
          # To improve Retrieval-Augmented Generation (RAG) performance, you should increase
          # the context length to 8192+ tokens in your Ollama model settings.
          OLLAMA_CONTEXT_LENGTH = "8192";
        };
        host = "127.0.0.1";
        port = 11434;
      };
      flatpak = {
        packages = [
          "com.valvesoftware.Steam"
--- a/home/modules/firefox/bookmarks.nix
+++ b/home/modules/firefox/bookmarks.nix
@ -43,7 +43,10 @@ in [
          (mkBm "Local NGINX" "https://nginx.local.chriphost.de/")
          (mkBm "Think NGINX" "https://nginx.think.chriphost.de/")
          (mkBm "VPS NGINX" "http://vps.chriphost.de:51810/")
          (mkBm "Synology DS223j" "https://synology.think.chriphost.de/")
          (mkBm "Portainer" "https://portainer.think.chriphost.de/")
          (mkBm "WUD ServeNix" "https://update.local.chriphost.de/")
          (mkBm "WUD ThinkNix" "https://update.think.chriphost.de/")
        ];
      }
      (mkBm "Cloud" "https://nextcloud.local.chriphost.de/apps/files/files")
@ -52,7 +55,7 @@ in [
      (mkBm "HASS" "https://hass.think.chriphost.de/lovelace")
      (mkBm "Docs" "https://paperless.local.chriphost.de/documents?sort=created&reverse=1&page=1")
      (mkBm "Gitea" "https://gitea.local.chriphost.de/christoph")
-      (mkBm "Chat" "http://localhost:11435/")
+      # (mkBm "Chat" "http://localhost:11435/") # Local WebUI
      "separator"
      # Coding
--- a/home/modules/fish/default.nix
+++ b/home/modules/fish/default.nix
@ -141,9 +141,10 @@ in {
            blk = batify "lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,FSUSE%,MOUNTPOINT";
            blkids = batify "lsblk -o NAME,LABEL,FSTYPE,SIZE,PARTLABEL,MODEL,ID,UUID";
            watch = "watch -d -c -n 0.5";
            nps = "nps -e";
            nd = "nix develop";
            nb = "nix build -L";
-            nps = "nps -e";
+            ns = "nix shell nixpkgs#";
          }
          # Impermanence
--- a/home/modules/neovim/extraConfigLuaPost.lua
+++ b/home/modules/neovim/extraConfigLuaPost.lua
@ -15,7 +15,7 @@ if g.neovide then
 	g.neovide_padding_right = 0
 	g.neovide_padding_left = 0
 	g.neovide_refresh_rate = 144
-	-- g.neovide_floating_corner_radius = 0.5
+	g.neovide_floating_corner_radius = 0.0
 	-- g.neovide_theme = "light"
 	-- Neovide Fonts
--- a/system/modules/impermanence/default.nix
+++ b/system/modules/impermanence/default.nix
@ -69,7 +69,6 @@ in {
          (mkRDir "/var/lib/libvirt" m755)
          (mkRDir "/var/lib/NetworkManager" m755)
          (mkRDir "/var/lib/nixos" m755)
          (mkRDir "/var/lib/private/ollama" m755)
          (mkRDir "/var/lib/systemd" m755)
          (mkRDir "/var/tmp" m777)
--- a/system/modules/sops-nix/secrets.yaml
+++ b/system/modules/sops-nix/secrets.yaml
@ -8,10 +8,8 @@ docker-password: ENC[AES256_GCM,data:mK5YWEQPKWBtVCgRBZvwWTdVAi8MEGbLnLeP7hfDkcc
 #
 #ENC[AES256_GCM,data:y5dlZFhK38dR+Q==,iv:1JYizUeyWeMR4KUblkj7kVSHPCL5l8mFpaQdo774BcM=,tag:kUTnBZb46KYQyi8bgIYSOQ==,type:comment]
 #
 kagi-api-key: ENC[AES256_GCM,data:54N717EDbqMkg6O0SM3z15vWikD8fSRx2auk9pzRnlhqEq7BTvTkfYgIljr1VgL2OgWFm0IKKoGNXWqJg121zjWZABh/qyqEougRv67Kq6MVieNW2t8f,iv:lCPme9wlQXI3XtvhKd9XwfJsxj/mqNKSDl9kV137xg4=,tag:L2mKVw6VOLeTMl6mXcxvHA==,type:str]
 google-pse-id: ENC[AES256_GCM,data:fxMVccflFndoVhTJflxHelg=,iv:MkzEOtfP7x/1PYx0ytYUrKU+VBiyfKIZSbPhXb47SC0=,tag:s5ew0kJNIVJCGFH4J8980w==,type:str]
 google-pse-key: ENC[AES256_GCM,data:qb6pqGlX+yMMUrscab27q+w5FWwMoik5rGJzjGzOMrelEVUuSErw,iv:8pWr0BNjL2Iw+7hDzrSyuE3reR51Jz+CIToEUkuYpyU=,tag:+7l+0X+1zWwDG3nJmP2ugA==,type:str]
 makemkv-app-key: ENC[AES256_GCM,data:/pTxr4q4ucJLx5VI8ySzOgd4g1s+6lcZNe4crxRmidTYrhJ0I6V3CIhm4wLC105W+Xka6HIZTqPn8SbqcMC4Dt3wSus=,iv:aYsGobD+Vl/VUNAHcAxQb7HEmLT8aXyKNOELgzvKDH4=,tag:xhnVb/ns6VZEnTuoUv9w5A==,type:str]
 restic-repo-key: ENC[AES256_GCM,data:lSFuhjbhdQq4cabAVFGQ4kuaJxb7EhXgBDlgoEQWJhs=,iv:7IhGDBYEwY1TwLvc/4DOkUBQ3eqSszZcKwnT7Lllfps=,tag:yJVlMi9X0W+Kh3zMkb0QuA==,type:str]
 #
 #ENC[AES256_GCM,data:Raagjz1qPvXC,iv:OSWTKaIlmo1paU2ZZn20XMeZ2gdM52pHmVZ3m2ngCdI=,tag:bPCdvjOFjpxxkrwA7Mhl5Q==,type:comment]
 #
@ -35,7 +33,7 @@ sops:
            SURMTmh1TGIrRmtENzc0Sk4rNFJNUE0KOpjN6jkEHO+lvdWdp4P++r9SNSPWaT0h
            FAbbvZZ/EdIk/njLEcayFN7B4ftTcD/f4XJZiyosilZnIkk76bMOHA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-15T18:57:57Z"
+    lastmodified: "2025-07-19T01:29:00Z"
-    mac: ENC[AES256_GCM,data:IMVTkcb+gRIHJILw1wEa4MWZ+KMsVBIhpm4wVfDJI3+sh2hVcs/k6nsUlNDo/uTi33noXGKnzuVQLdMMuQcqMUYW7N6C+HbZxsab9nZFiKRyfsrFGyip+v36ffB+C0Dslpc8WkeVUglx5rw1DYlnRwRrDjtZG876pnB8f8poJXs=,iv:sm58Vucybz4n4DzDKVzHI/GXuLdCD4cOpUgMxqBESng=,tag:JtnyqWwKAw9Org7XG6o2+Q==,type:str]
+    mac: ENC[AES256_GCM,data:IzLYRuOlkUpry37sw7OB5MglntVflMjCcNiWpi7rvT2suOivLX9IT36qZFfYIbVIFXDmfsi1hsTvsPyekD7vVWQ1vkajAlGQYYTVpnO2cFrK3+TfWCyYjiD01rQBiRikybrR11zWRq6atieurDIxMUMEI7ypiqFOwpYaqSePAFc=,iv:9bc6rc4gjuiJWNjg1g0KfySqxnPjpzmlzDi/R+Iv2g4=,tag:tEwthVZAmdXbwRtoNykGrQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -80,10 +80,8 @@
    };
    sops-nix.secrets.${username} = [
      "kagi-api-key"
      "google-pse-id"
      "google-pse-key"
      "makemkv-app-key"
      "restic-repo-key"
    ];
  };
@ -95,12 +93,6 @@
    '';
  };
  sops.templates."open-webui-secrets.env".content = ''
    KAGI_SEARCH_API_KEY=${config.sops.placeholder.kagi-api-key}
    GOOGLE_PSE_ENGINE_ID=${config.sops.placeholder.google-pse-id}
    GOOGLE_PSE_API_KEY=${config.sops.placeholder.google-pse-key}
  '';
  boot = {
    kernelPackages = pkgs.linuxPackages_zen;
@ -108,10 +100,7 @@
    # plymouth.enable = true;
  };
-  environment.systemPackages = with pkgs; [
+  # environment.systemPackages = with pkgs; [];
    # TODO: Not found by docling
    tesseract # For services.docling-serve
  ];
  programs = {
    ausweisapp = {
@ -127,90 +116,59 @@
      fileSystems = ["/"];
    };
-    # TODO: Docling doesn't find tesseract OCR engine... Probably use docker?
+    # Keep this as a system service because we're backing up /persist as root
-    docling-serve = {
+    restic.backups."synology" = {
-      enable = false;
+      # user = "${username}"; # Keep default (root), so restic can read everything
      stateDir = "/var/lib/docling-serve";
-      host = "127.0.0.1";
+      repository = "/home/${username}/Restic";
-      port = 11111;
+      initialize = true;
-      openFirewall = false;
+      passwordFile = config.sops.secrets.restic-repo-key.path;
-    };
+      createWrapper = true;
-    # TODO: To AI module
+      timerConfig = {
-    ollama = {
+        OnCalendar = "daily";
-      enable = true;
+        Persistent = true;
-      acceleration = "cuda";
+        RandomizedDelaySec = "5h";
      home = "/var/lib/ollama";
      # TODO: This slows down booting although models are present?
      #       Maybe because it's waiting for /persist/var/lib/private/ollama?
      # loadModels = [
      #   "deepseek-r1:8b" # Default
      #   "deepseek-r1:14b"
      # ];
      # https://github.com/ollama/ollama/blob/main/docs/faq.md#how-do-i-configure-ollama-server
      environmentVariables = {
        # Flash Attention is a feature of most modern models
        # that can significantly reduce memory usage as the context size grows.
        OLLAMA_FLASH_ATTENTION = "1";
        # The K/V context cache can be quantized to significantly
        # reduce memory usage when Flash Attention is enabled.
        OLLAMA_KV_CACHE_TYPE = "q8_0"; # f16, q8_0 q4_0
        # To improve Retrieval-Augmented Generation (RAG) performance, you should increase
        # the context length to 8192+ tokens in your Ollama model settings.
        OLLAMA_CONTEXT_LENGTH = "8192";
      };
-      host = "127.0.0.1";
+      runCheck = true;
-      port = 11434;
+      checkOpts = [
-      openFirewall = false;
+        "--with-cache"
-    };
+      ];
-    # TODO: To AI module
+      pruneOpts = [
-    # TODO: WebSearch + RAG issues
+        "--keep-daily 3"
-    open-webui = {
+        "--keep-weekly 2"
-      enable = false;
+        # "--keep-monthly 0"
-      stateDir = "/var/lib/open-webui";
+        # "--keep-yearly 0"
-      # https://docs.openwebui.com/getting-started/env-configuration
+        "--prune" # Automatically remove dangling files not referenced by any snapshot
-      environment = {
+        "--repack-uncompressed"
-        DEFAULT_MODELS = builtins.head config.services.ollama.loadModels;
+      ];
        TASK_MODEL = builtins.head config.services.ollama.loadModels;
-        ENABLE_OPENAI_API = "False";
+      paths = ["/persist"];
-        ENABLE_OLLAMA_API = "True";
+      exclude = [
-        OLLAMA_BASE_URL = "http://${config.services.ollama.host}:${builtins.toString config.services.ollama.port}";
+        # The backup is just supposed to allow a system restore
        "/persist/old_homes"
        "/persist/old_roots"
-        ENABLE_EVALUATION_ARENA_MODELS = "False";
+        # Those are synced by nextcloud, no need to backup them 50 times
-        ENABLE_COMMUNITY_SHARING = "False";
+        "/persist/home/${username}/Documents"
        "/persist/home/${username}/NixFlake"
        "/persist/home/${username}/Notes"
        "/persist/home/${username}/Projects"
        "/persist/home/${username}/Public"
-        CONTENT_EXTRACTION_ENGINE = "docling";
+        # Some more caches
-        DOCLING_SERVER_URL = "http://${config.services.docling-serve.host}:${builtins.toString config.services.docling-serve.port}";
+        ".cache"
-
+        "cache2" # firefox
-        ENABLE_RAG_HYBRID_SEARCH = "False";
+        "Cache"
-        ENABLE_RAG_LOCAL_WEB_FETCH = "True";
+      ];
-
+      extraBackupArgs = [
-        ENABLE_WEB_SEARCH = "True";
+        "--exclude-caches" # Excludes marked cache directories
-        WEB_SEARCH_ENGINE = "google_pse";
+        "--one-file-system" # Only stay on /persist (in case symlinks lead elsewhere)
-        # GOOGLE_PSE_ENGINE_ID = ""; # Use environmentFile
+        "--cleanup-cache" # Auto remove old cache directories
-        # GOOGLE_PSE_API_KEY = ""; # Use environmentFile
+      ];
        # KAGI_SEARCH_API_KEY = ""; # Use environmentFile
        WEBUI_AUTH = "False";
        ANONYMIZED_TELEMETRY = "False";
        DO_NOT_TRACK = "True";
        SCARF_NO_ANALYTICS = "True";
      };
      environmentFile = config.sops.templates."open-webui-secrets.env".path;
      host = "127.0.0.1";
      port = 11435;
      openFirewall = false;
    };
    xserver = {
--- a/system/nixinator/hardware-configuration.nix
+++ b/system/nixinator/hardware-configuration.nix
@ -6,6 +6,7 @@
  lib,
  pkgs,
  modulesPath,
  username,
  ...
 }: {
  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
@ -50,7 +51,7 @@
  fileSystems = {
    # NOTE: Some filesystems are managed by disko (see ./disks.nix)
-    "/home/christoph/Games" = {
+    "/home/${username}/Games" = {
      device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_2000GB_231623802252-part1";
      fsType = "ext4";
      options = ["defaults" "rw" "noatime"];
@ -69,23 +70,29 @@
    # Using  NFS over TCP or increasing the value of the retrans option may mitigate
    # some of the risks of using the soft option.
-    "/home/christoph/Movies" = {
+    "/home/${username}/Movies" = {
      device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Movie";
      fsType = "nfs";
      options = ["defaults" "rw" "noatime" "_netdev" "bg" "soft"];
    };
-    "/home/christoph/Shows" = {
+    "/home/${username}/Shows" = {
      device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Show";
      fsType = "nfs";
      options = ["defaults" "rw" "noatime" "_netdev" "bg" "soft"];
    };
-    "/home/christoph/Music" = {
+    "/home/${username}/Music" = {
      device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Music";
      fsType = "nfs";
      options = ["defaults" "rw" "noatime" "_netdev" "bg" "soft"];
    };
    "/home/${username}/Restic" = {
      device = "192.168.86.15:/volume1/NixinatorPersistence";
      fsType = "nfs";
      options = ["defaults" "rw" "noatime" "_netdev" "bg" "soft"];
    };
  };
  hardware = {
Author	SHA1	Message	Date
Christoph Urlacher	04565dca72	System/Nixinator: Disable ollama system service and open-webui, add restic backup service for /persist	2025-07-19 04:03:19 +02:00
Christoph Urlacher	f2fe612000	System/Nixinator: Mount synology backup directory	2025-07-19 04:02:51 +02:00
Christoph Urlacher	16e947345c	Home/Christoph: Switch to local ollama service (instead of system service)	2025-07-19 04:02:34 +02:00
Christoph Urlacher	68b3204175	Modules/Fish: Add nix shell abbr	2025-07-19 04:02:08 +02:00
Christoph Urlacher	9f113ab765	Modules/Firefox: Update bookmarks	2025-07-19 04:02:00 +02:00
Christoph Urlacher	501f248dc7	Home: Add some packages (restic, systemctl-tui, lazyjournal, ...)	2025-07-19 04:01:53 +02:00