TFC/tfc-nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TFC:bc3fae705914e78f466ec587b8d4755249343b26
Branches Tags
TFC:master
...
compare: TFC:0fa43af121deeb31146fc93d28972b5f5fe7eec9
Branches Tags
TFC:master

10 commits
bc3fae7059 ... 0fa43af121

Author SHA1 Message Date
Chris Cochrun 0fa43af121 forgejo working 2025-05-14 23:49:57 -05:00
Chris Cochrun 316eca1442 add searx 2025-05-14 23:47:10 -05:00
Chris Cochrun 256dc016c1 working rebuild 2025-05-14 23:04:41 -05:00
Chris Cochrun 1eca07170d updating back to last month 2025-05-14 13:25:34 -05:00
Chris Cochrun dbf6566392 making ollama more reachable and adding comfyui 2025-04-03 13:51:16 -05:00
Chris Cochrun 068b1e79d5 working ollama 2024-12-18 14:17:25 -06:00
Chris Cochrun 3dc78b4d16 adding python overlay because stupid 2024-12-18 11:45:47 -06:00
Chris Cochrun 41b97ef1d1 adding a true ollama config and updating to latest nixpkgs 2024-12-18 10:38:50 -06:00
Chris Cochrun 17401c9549 updates and forgejo actions 2024-11-29 17:45:11 -06:00
Chris Cochrun b7118c5a9a loooooots of updates 2024-07-18 10:57:13 -05:00
14 changed files with 676 additions and 183 deletions
Show stats Expand all files Collapse all files

4
chris/home.nix
View file

@ -100,9 +100,9 @@
programs.zsh = { programs.zsh = {
enable = true; enable = true;
enableAutosuggestions = true; autosuggestion.enable = true;
enableCompletion = true; enableCompletion = true;
enableSyntaxHighlighting = true; syntaxHighlighting.enable = true;
autocd = true; autocd = true;
dotDir = ".config/zsh"; dotDir = ".config/zsh";
shellAliases = { shellAliases = {

217
flake.lock
View file

@ -12,26 +12,30 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1671802034, "lastModified": 1734005403,
"narHash": "sha256-mkv2u5nQJEV3KlWiopkt/gMz0OM4nmEXSfzkSw6welQ=", "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=",
"owner": "erikarvstedt", "owner": "erikarvstedt",
"repo": "extra-container", "repo": "extra-container",
"rev": "e34f0cca15f6f0f2e598dad0b329196d0dab6d4f", "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "erikarvstedt", "owner": "erikarvstedt",
"ref": "0.13",
"repo": "extra-container", "repo": "extra-container",
"type": "github" "type": "github"
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1731533236,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -40,24 +44,40 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1674771519, "lastModified": 1747020534,
"narHash": "sha256-U0W3S1nX6yEvLh3Vq70EORbmXecAKXfmEfCfaA4A+I8=", "narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bb4b25b302dbf0f527f190461b080b5262871756", "rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "master", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -70,11 +90,11 @@
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"
}, },
"locked": { "locked": {
"lastModified": 1673175426, "lastModified": 1746800328,
"narHash": "sha256-kMaXo7VDVZPUoKsJ1aJI2owBsbE4RevFEHoI045bXII=", "narHash": "sha256-zPum6QW2wYqSJNO+wEPKQdWD1Rt3SM9ir0YfGOVqReo=",
"owner": "fort-nix", "owner": "fort-nix",
"repo": "nix-bitcoin", "repo": "nix-bitcoin",
"rev": "dfeff7b17b0c231fa9d0c7415045547671d980f6", "rev": "b2bc5e6e7553954374593f6527e43828e7302b52",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -84,29 +104,71 @@
"type": "github" "type": "github"
} }
}, },
"nix-comfyui": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1733961600,
"narHash": "sha256-kEM0Dck4K4dg9QYmdldy62av+XzsNz9XhfTAhtGWwzo=",
"owner": "dyscorv",
"repo": "nix-comfyui",
"rev": "cbd17e10b53dcf8fd9f5ba6f3c1ea1a550082659",
"type": "github"
},
"original": {
"owner": "dyscorv",
"repo": "nix-comfyui",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nix-comfyui",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1672844754, "lastModified": 1746422338,
"narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=", "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e9ade2c8240e00a4784fac282a502efff2786bdc", "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-22.11", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1672756850, "lastModified": 1746332716,
"narHash": "sha256-Smbq3+fitwA13qsTMeaaurv09/KVbZfW7m7lINwzDGA=", "narHash": "sha256-VBmKSkmw9PYBCEGhBKzORjx+nwNZkPZyHcUHE21A/ws=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "298add347c2bbce14020fcb54051f517c391196b", "rev": "6b1c028bce9c89e9824cde040d6986d428296055",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -118,11 +180,11 @@
}, },
"nixpkgs-unstable_2": { "nixpkgs-unstable_2": {
"locked": { "locked": {
"lastModified": 1674641431, "lastModified": 1746904237,
"narHash": "sha256-qfo19qVZBP4qn5M5gXc/h1MDgAtPA5VxJm9s8RUAkVk=", "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9b97ad7b4330aacda9b2343396eb3df8a853b4fc", "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -134,40 +196,123 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1688392541, "lastModified": 1733749988,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", "narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1746957726,
"narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-22.11", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"poetry2nix": {
"inputs": {
"flake-utils": [
"nix-comfyui",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nix-comfyui",
"nixpkgs"
],
"systems": [
"nix-comfyui",
"flake-utils",
"systems"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1731205797,
"narHash": "sha256-F7N1mxH1VrkVNHR3JGNMRvp9+98KYO4b832KS8Gl2xI=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "f554d27c1544d9c56e5f1f8e2b8aff399803674e",
"type": "github"
},
"original": {
"id": "poetry2nix",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-bitcoin": "nix-bitcoin", "nix-bitcoin": "nix-bitcoin",
"nixpkgs": "nixpkgs_2", "nix-comfyui": "nix-comfyui",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable_2" "nixpkgs-unstable": "nixpkgs-unstable_2"
} }
}, },
"utils": { "systems": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1681028828,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-comfyui",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730120726,
"narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "treefmt-nix",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
} }

23
flake.nix
View file

@ -3,17 +3,23 @@
inputs = { inputs = {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-bitcoin = { nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/release"; url = "github:fort-nix/nix-bitcoin/release";
}; };
nix-comfyui.url = "github:dyscorv/nix-comfyui";
}; };
outputs = { nixpkgs, nixpkgs-unstable, home-manager, nix-bitcoin, ... }: outputs = { nixpkgs,
nixpkgs-unstable,
home-manager,
nix-bitcoin,
nix-comfyui,
... }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
username = "chris"; username = "chris";
@ -23,13 +29,21 @@
}; };
lib = nixpkgs.lib; lib = nixpkgs.lib;
unstable = nixpkgs; unstable = import nixpkgs-unstable {
inherit system;
config = { allowUnfree = true; };
overlays = [
(import ./python312overlay.nix)
nix-comfyui.overlays.default
];
};
in { in {
nixosConfigurations = { nixosConfigurations = {
shen = lib.nixosSystem { shen = lib.nixosSystem {
inherit system; inherit system;
pkgs = pkgsForSystem; pkgs = pkgsForSystem;
specialArgs = { inherit unstable; };
modules = [ modules = [
./system/shen/configuration.nix ./system/shen/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -43,6 +57,7 @@
hoid = lib.nixosSystem { hoid = lib.nixosSystem {
inherit system; inherit system;
pkgs = pkgsForSystem; pkgs = pkgsForSystem;
specialArgs = { inherit unstable; };
modules = [ modules = [
./system/hoid/configuration.nix ./system/hoid/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager

19
modules/base.nix
View file

@ -7,10 +7,9 @@ with lib;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
nix = { nix = {
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixFlakes; # package = pkgs.nixFlakes;
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
@ -18,9 +17,16 @@ with lib;
}; };
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
}; };
}; };
nixpkgs.config.allowUnFree = true; # nixpkgs.config.allowUnFree = true;
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
@ -42,8 +48,8 @@ with lib;
# Configure keymap in X11 # Configure keymap in X11
services.xserver = { services.xserver = {
layout = "us"; xkb.layout = "us";
xkbVariant = ""; xkb.variant = "";
}; };
# Enable networking # Enable networking
@ -66,7 +72,8 @@ with lib;
programs.fish.enable = true; programs.fish.enable = true;
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.enableNvidia = true; # virtualisation.containers.cdi.dynamic.nvidia.enable = true;
hardware.nvidia-container-toolkit.enable = true ;
services.openssh.enable = true; services.openssh.enable = true;
services.fstrim.enable = true; services.fstrim.enable = true;

28
modules/forgejo.nix
View file

@ -17,12 +17,28 @@ with lib;
}; };
}; };
services.caddy = { services.nginx.virtualHosts.${dn} = {
virtualHosts = { forceSSL = true;
"${dn}".extraConfig = '' enableACME = true;
reverse_proxy 127.0.0.1:5000 extraConfig = ''
encode gzip client_max_body_size 512M;
''; '';
locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
}; };
}; # services.gitea-actions-runner = {
# package = pkgs.forgejo-actions-runner;
# instances.default = {
# enable = true;
# name = "monolith";
# url = "https://git.tfcconnection.org";
# # Obtaining the path to the runner token file may differ
# # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
# token = "RP4DUN8EPbonAvl0TzQyco4iA5eXY5QYNc4btuzZ";
# labels = [
# "ubuntu-latest:docker://node:16-bullseye"
# ## optionally provide native execution on the host:
# "native:host"
# ];
# };
# };
} }

1
modules/localai.nix
View file

@ -5,7 +5,6 @@ with lib;
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;
enableNvidia = true;
}; };
oci-containers = { oci-containers = {
# backend = "podman"; # backend = "podman";

177
modules/nextcloud.nix Normal file
View file

@ -0,0 +1,177 @@
{ config, lib, pkgs, unstable, ... }:
let
dn = "staff.tfcconnection.org";
in
with lib;
{
# security.acme = {
# acceptTerms = true;
# # defaults = {
# # email = "chris@tfcconnection.org";
# # # dnsProvider = "cloudflare";
# # # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
# # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
# # environmentFile = "/REPLACE/WITH/YOUR/PATH";
# # };
# };
services = {
# caddy = {
# virtualHosts = {
# "${dn}".extraConfig = ''
# encode gzip
# reverse_proxy localhost:8080
# redir /.well-known/carddav /remote.php/dav 301
# redir /.well-known/caldav /remote.php/dav 301
# header {
# Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
# Access-Control-Allow-Origin *
# Referrer-Policy no-referrer-when-downgrade
# }
# redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301
# handle_path /whiteboard/* {
# reverse_proxy http://127.0.0.1:3002
# }
# '';
# };
# };
nextcloud = {
enable = true;
hostName = dn;
home = "/storage/nextcloud";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud31;
# Let NixOS install and configure the database automatically.
database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size.
maxUploadSize = "25G";
https = true;
autoUpdateApps.enable = true;
extraAppsEnable = true;
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit calendar contacts collectives deck integration_openai mail groupfolders memories tasks user_oidc app_api previewgenerator richdocuments;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
};
settings = {
overwriteProtocol = "https";
default_phone_region = "US";
trusted_domains = [ dn ];
trusted_proxies = [ "127.0.0.1" ];
};
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = "/post";
};
notify_push = {
enable = true;
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
};
};
services.nginx.virtualHosts.${dn} = {
forceSSL = true;
enableACME = true;
};
services.phpfpm.pools.nextcloud.settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
};
# users.users.caddy.extraGroups = [ "nextcloud" ];
users.users.chris.extraGroups = [ "nextcloud" ];
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode =
lib.mkForce "0770";
environment.systemPackages = with pkgs; [
nextcloud31
# for nextcloud memories
unstable.exiftool
unstable.exif
ffmpeg_6
nodejs_20
unstable.perl540Packages.ImageExifTool
];
#Collabora Containers
virtualisation.oci-containers.containers.collabora = {
image = "docker.io/collabora/code:latest";
ports = [ "9980:9980/tcp" ];
environment = {
server_name = "office.tfcconnection.org";
aliasgroup1 = "https://staff.tfcconnection.org:443";
dictionaries = "en_US";
username = "username";
password = "password";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
extraOptions = [
"--pull=newer"
];
};
#Collabora Virtual Hosts
services.nginx.virtualHosts.${config.virtualisation.oci-containers.containers.collabora.environment.server_name} = {
enableACME = true;
forceSSL = true;
extraConfig = ''
# static files
location ^~ /browser {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
'';
};
}

26
modules/ollama.nix
View file

@ -1,8 +1,30 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, unstable, ... }:
with lib; with lib;
{ {
services.ollama = { services = {
ollama = {
enable = true; enable = true;
host = "0.0.0.0";
# package = unstable.ollama;
# port = 11434;
acceleration = "cuda";
};
open-webui = {
enable = true;
port = 3082;
host = "0.0.0.0";
# package = unstable.open-webui.overrideAttrs {
# pytestCheckPhase = false;
# doCheck = false;
# doInstallCheck = false;
# nativeCheckInputs = [];
# pythonImportsCheck = [];
# passthru = {};
# disabledTests = [
# "async"
# ];
# };
};
}; };
} }

32
modules/searx.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, pkgs, unstable, ... }:
let
dn = "search.tfcconnection.org";
in
with lib;
{
services = {
searx = {
enable = true;
settings = {
server.port = 8085;
server.bind_address = "0.0.0.0";
server.secret_key = "cc842bf5ef8c5c7ec04dd29e1f4815bc6ac6c0bcb806b5185d035331bcec58bf";
# engines = lib.singleton
# { name = "wolframalpha";
# shortcut = "wa";
# api_key = "@WOLFRAM_API_KEY@";
# engine = "wolframalpha_api";
# };
};
};
};
services.nginx.virtualHosts.${dn} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
};
}

13
modules/sourcehut.nix
View file

@ -1,13 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
services.sourcehut = {
enable = true;
todo = {
enable = true;
};
redis.enable = true;
postgresql.enable = true;
};
}

5
pkgs/base-packages.nix
View file

@ -12,7 +12,7 @@
tmux tmux
git git
samba samba
exa eza
jq jq
fd fd
bc bc
@ -21,6 +21,9 @@
btop btop
htop htop
smartmontools smartmontools
direnv
zellij
pueue
#nvtop #nvtop
glxinfo glxinfo
vulkan-tools vulkan-tools

14
python312overlay.nix Normal file
View file

@ -0,0 +1,14 @@
self: super: {
python312 = let
packageOverrides = python-self: python-super: {
openai = python-super.openai.overridePythonAttrs {
doCheck = false;
doInstallCheck = false;
pytestCheckPhase = false;
disabledTests = [
"async"
];
};
};
in super.python312.override {inherit packageOverrides;};
}

259
system/shen/configuration.nix
View file

@ -2,17 +2,37 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }: { config, lib, pkgs, unstable, ... }:
let
my-comfyui = unstable.comfyuiPackages.comfyui.override {
extensions = [
unstable.comfyuiPackages.extensions.acly-inpaint
unstable.comfyuiPackages.extensions.acly-tooling
unstable.comfyuiPackages.extensions.cubiq-ipadapter-plus
unstable.comfyuiPackages.extensions.fannovel16-controlnet-aux
unstable.comfyuiPackages.extensions.city96-gguf
];
commandLineArgs = [
"--preview-method"
"auto"
];
};
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../pkgs/base-packages.nix ../../pkgs/base-packages.nix
../../modules/base.nix ../../modules/base.nix
../../modules/localai.nix # ../../modules/localai.nix
../../modules/sourcehut.nix ../../modules/forgejo.nix
# ../../pkgs/ai.nix ../../modules/nextcloud.nix
../../modules/ollama.nix
../../modules/searx.nix
# ../../pkgs/server.nix
# ../../pkgs/nextcloud.nix
]; ];
networking.hostName = "shen"; # Define your hostname. networking.hostName = "shen"; # Define your hostname.
@ -32,76 +52,97 @@
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware = { hardware = {
opengl = { graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
vaapiIntel vaapiIntel
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
# rocm-opencl-icd
# rocm-opencl-runtime
# amdvlk
]; ];
driSupport = lib.mkDefault true; enable32Bit = lib.mkDefault true;
driSupport32Bit = lib.mkDefault true;
#extraPackages32 = with pkgs; [
# driversi686linux.amdvlk
#];
}; };
nvidia = { nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable; open = false;
# package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true; modesetting.enable = true;
}; };
nvidia-container-toolkit.enable = true;
}; };
# environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; # environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cudatoolkit cudatoolkit
# my-comfyui
]; ];
virtualisation.docker.enableNvidia = true; # services.samba = {
# enable = true;
# extraConfig = ''
# # security = share
# # passdb backend = tdbsam
# workgroup = WORKGROUP
# server string = smbnix
# netbios name = smbnix
# security = user
# #use sendfile = yes
# #max protocol = smb2
# # note: localhost is the ipv6 localhost ::1
# hosts allow = 172.16.1. 127.0.0.1 localhost
# hosts deny = 0.0.0.0/0
# guest account = chris
# map to guest = bad user
# '';
# shares = {
# public = {
# path = "/storage/share";
# # "valid users" = "tfc";
# public = "yes";
# writeable = "yes";
# browsable = "yes";
# "read only" = "no";
# "create mask" = "0644";
# "directory mask" = "0755";
# "guest ok" = "yes";
# "force user" = "chris";
# "fruit:aapl" = "yes";
# "fruit:time machine" = "yes";
# "vfs objects" = "catia fruit streams_xattr";
# };
# };
# };
services.samba = { users.groups.${config.security.acme.defaults.group} = {};
enable = true; security.acme = {
extraConfig = '' acceptTerms = true;
# security = share defaults.reloadServices = ["nginx"];
# passdb backend = tdbsam certs."tfcconnection.org" = {
workgroup = WORKGROUP # extraDomainNames = ["*.tfcconnection.org"];
server string = smbnix };
netbios name = smbnix
security = user defaults = {
#use sendfile = yes # dnsResolver = "1.1.1.1";
#max protocol = smb2 # webroot = null;
# note: localhost is the ipv6 localhost ::1 email = "chris@tfcconnection.org";
hosts allow = 172.16.1. 127.0.0.1 localhost group = "nginx";
hosts deny = 0.0.0.0/0 dnsProvider = "namecheap";
guest account = chris environmentFile = "${pkgs.writeText "namecheap-creds" ''
map to guest = bad user NAMECHEAP_API_USER=tfcconnection
''; NAMECHEAP_API_KEY=52ce21e0555a4624b5aca00b9d9f56f9
shares = { ''}";
public = {
path = "/storage/share";
# "valid users" = "tfc";
public = "yes";
writeable = "yes";
browsable = "yes";
"read only" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"guest ok" = "yes";
"force user" = "chris";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
}; };
}; };
services.nginx = {
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
}; };
# CADDY # CADDY
services.caddy = { services.caddy = {
enable = true; enable = false;
extraConfig = '' extraConfig = ''
(matrix-well-known-header) { (matrix-well-known-header) {
# Headers # Headers
@ -150,6 +191,21 @@
Referrer-Policy no-referrer-when-downgrade Referrer-Policy no-referrer-when-downgrade
} }
redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301
handle_path /whiteboard/* {
reverse_proxy http://127.0.0.1:3002
}
'';
};
virtualHosts = {
"postiz.tfcconnection.org".extraConfig = ''
encode gzip
reverse_proxy localhost:7890
'';
};
virtualHosts = {
"whiteboard.tfcconnection.org".extraConfig = ''
encode gzip
reverse_proxy localhost:3002
''; '';
}; };
virtualHosts = { virtualHosts = {
@ -205,11 +261,11 @@
reverse_proxy @live 172.16.1.7:1935 reverse_proxy @live 172.16.1.7:1935
''; '';
}; };
virtualHosts = { # virtualHosts = {
"streamdani.tfcconnection.org".extraConfig = '' # "streamdani.tfcconnection.org".extraConfig = ''
reverse_proxy 172.16.1.7:1935 # reverse_proxy 172.16.1.7:1935
''; # '';
}; # };
virtualHosts = { virtualHosts = {
"tbl.tfcconnection.org".extraConfig = '' "tbl.tfcconnection.org".extraConfig = ''
reverse_proxy localhost:9180 reverse_proxy localhost:9180
@ -248,10 +304,10 @@
virtualHosts = { virtualHosts = {
"tfcconnection.org".extraConfig = '' "tfcconnection.org".extraConfig = ''
encode gzip encode gzip
root * /srv/tfcconnection reverse_proxy localhost:4242
file_server
header { header {
Access-Control-Allow-Origin * Access-Control-Allow-Origin *
Access-Control-Allow-Origin https://api.tfcconnection.org
} }
handle /.well-known/matrix/server { handle /.well-known/matrix/server {
import matrix-well-known-header import matrix-well-known-header
@ -306,6 +362,18 @@
reverse_proxy 127.0.0.1:11434 reverse_proxy 127.0.0.1:11434
''; '';
}; };
virtualHosts = {
"chatai.tfcconnection.org".extraConfig = ''
encode gzip
reverse_proxy 127.0.0.1:3082
'';
};
virtualHosts = {
"imageai.tfcconnection.org".extraConfig = ''
encode gzip
reverse_proxy 127.0.0.1:4083
'';
};
virtualHosts = { virtualHosts = {
"api.tfcconnection.org".extraConfig = '' "api.tfcconnection.org".extraConfig = ''
encode gzip encode gzip
@ -313,6 +381,7 @@
header { header {
Access-Control-Allow-Origin https://tfcconnection.org Access-Control-Allow-Origin https://tfcconnection.org
Access-Control-Allow-Headers * Access-Control-Allow-Headers *
Access-Control-Allow-Methods *
} }
''; '';
}; };
@ -340,27 +409,27 @@
}; };
systemd.services = { systemd.services = {
nextcloud-cron = { # nextcloud-cron = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php";
}; # };
}; # };
nextcloud-push = { # nextcloud-push = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Environment = "PORT=7867"; # Environment = "PORT=7867";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php";
}; # };
}; # };
nextcloud-previews = { # nextcloud-previews = {
enable = true; # enable = true;
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; # ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate";
}; # };
}; # };
nextcloud-backup = { nextcloud-backup = {
enable = true; enable = true;
serviceConfig = { serviceConfig = {
@ -378,25 +447,25 @@
}; };
systemd.timers = { systemd.timers = {
nextcloud-cron = { # nextcloud-cron = {
enable = true; # enable = true;
partOf = ["nextcloud-cron.service"]; # partOf = ["nextcloud-cron.service"];
timerConfig = { # timerConfig = {
OnStartupSec = "2min"; # OnStartupSec = "2min";
OnUnitActiveSec = "5min"; # OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service"; # Unit = "nextcloud-cron.service";
}; # };
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
}; # };
nextcloud-previews = { # nextcloud-previews = {
enable = true; # enable = true;
partOf = ["nextcloud-previews.service"]; # partOf = ["nextcloud-previews.service"];
timerConfig = { # timerConfig = {
OnCalendar = "*-*-* 00:02:30"; # OnCalendar = "*-*-* 00:02:30";
Unit = "nextcloud-previews.service"; # Unit = "nextcloud-previews.service";
}; # };
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
}; # };
nextcloud-backup = { nextcloud-backup = {
enable = true; enable = true;
partOf = ["nextcloud-backup.service"]; partOf = ["nextcloud-backup.service"];

35
system/shen/hardware-configuration.nix
View file

@ -8,30 +8,36 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "radeon.si_support=0" "amdgpu.si_support=1" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/33a4619f-a37c-4ab8-a6ea-fdf612b45657"; { device = "/dev/disk/by-uuid/f50b3f2f-dddc-4921-b95a-13197c2e2d2e";
fsType = "btrfs"; fsType = "ext4";
options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ];
};
fileSystems."/storage" =
{ device = "/dev/disk/by-label/STORAGE";
fsType = "btrfs";
options = [ "noatime" "nodiratime" "compress=zstd" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/515E-CB13"; { device = "/dev/disk/by-uuid/E25A-FD5F";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
fileSystems."/storage" =
{ device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ];
};
fileSystems."/snapshots" =
{ device = "/dev/disk/by-label/storage";
fsType = "btrfs";
options = [ "subvol=@snapshots" "compress=zstd" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/764d7116-eba7-4404-b175-be756a7e53f6"; } [ { device = "/dev/disk/by-uuid/3bf2eafd-4c51-43e8-8034-0ced2ce1813e"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -41,5 +47,6 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }