incineroar: add system to repo after upgrading nixos 24.05 -> 24.11
This commit is contained in:
parent
ead5c6ebb6
commit
5a4afe3d08
396
incineroar.brenise.dev/configuration.nix
Normal file
396
incineroar.brenise.dev/configuration.nix
Normal file
@ -0,0 +1,396 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
# Add nixpkgs-unstable channel with the following command:
|
||||
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
|
||||
unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
|
||||
host_name = "incineroar";
|
||||
host_fqdn = "${host_name}.brenise.dev";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"nvidia-x11"
|
||||
"nvidia-settings"
|
||||
"nvidia-persistenced"
|
||||
"steam"
|
||||
"steam-original"
|
||||
"steam-unwrapped"
|
||||
"steam-run"
|
||||
];
|
||||
hardware = {
|
||||
graphics.enable = true;
|
||||
nvidia = { # RTX 2080 Ti
|
||||
open = true;
|
||||
# package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
# modesetting.enable = true; # needed for Wayland compositors, might fix screen tearing
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "${host_name}";
|
||||
firewall.enable = false;
|
||||
interfaces = {
|
||||
enp3s0.ipv4.addresses = [{
|
||||
address = "192.168.1.36";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
defaultGateway = {
|
||||
address = "192.168.1.1";
|
||||
interface = "enp3s0";
|
||||
};
|
||||
# TODO https://nixos.wiki/wiki/Encrypted_DNS
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
};
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
# keyMap = "us";
|
||||
useXkbConfig = true; # use xkbOptions in tty.
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
|
||||
root = {
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
/etc/nixos/ssh/authorized_keys
|
||||
];
|
||||
};
|
||||
|
||||
blee = {
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
/etc/nixos/ssh/authorized_keys
|
||||
];
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
packages = with pkgs; [
|
||||
chromium
|
||||
firefox
|
||||
ffmpeg
|
||||
obs-studio
|
||||
kate # kwrite
|
||||
glances
|
||||
libsForQt5.kcalc
|
||||
# slack # sso auth very broken
|
||||
synergy
|
||||
|
||||
# Build vim huge with clipboard support
|
||||
(vim_configurable.overrideAttrs (oldAttrs: {
|
||||
features = "huge";
|
||||
}))
|
||||
python311
|
||||
python311Packages.pip
|
||||
python311Packages.ipython
|
||||
python311Packages.huggingface-hub
|
||||
curl
|
||||
dnsutils
|
||||
git
|
||||
git-lfs
|
||||
jq
|
||||
imagemagick
|
||||
pass
|
||||
netcat
|
||||
mediainfo
|
||||
tmux
|
||||
vlc
|
||||
wget
|
||||
];
|
||||
};
|
||||
|
||||
# steam = {
|
||||
# openssh.authorizedKeys.keyFiles = [
|
||||
# /etc/nixos/ssh/authorized_keys
|
||||
# ];
|
||||
# isNormalUser = true;
|
||||
# extraGroups = [ "wheel" ];
|
||||
# };
|
||||
|
||||
timburr = {
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
/etc/nixos/ssh/authorized_timburr_keys
|
||||
];
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
cryptsetup
|
||||
doas
|
||||
dig
|
||||
file
|
||||
fzf
|
||||
htop
|
||||
libressl
|
||||
nettools
|
||||
parted
|
||||
psmisc
|
||||
rsync
|
||||
screen
|
||||
tcpdump
|
||||
tree
|
||||
vim
|
||||
wireguard-tools
|
||||
whois
|
||||
# GPU tools
|
||||
inxi
|
||||
glxinfo
|
||||
pciutils # lspci
|
||||
vulkan-tools
|
||||
];
|
||||
|
||||
shellInit = ''
|
||||
pheonix() {
|
||||
systemctl restart "$1"
|
||||
journalctl -fu "$1"
|
||||
}
|
||||
'';
|
||||
|
||||
plasma5.excludePackages = with pkgs.libsForQt5; [
|
||||
#elisa # music player
|
||||
#gwenview # image viewer
|
||||
#okular # document viewer
|
||||
#oxygen # widgets
|
||||
#khelpcenter
|
||||
#konsole
|
||||
plasma-browser-integration
|
||||
#print-manager
|
||||
];
|
||||
};
|
||||
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
tmux = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
set-option -g default-shell ${pkgs.fish}/bin/fish
|
||||
''; # This doesn't seem to work
|
||||
};
|
||||
vim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
bash = {
|
||||
shellAliases = {
|
||||
ll = "ls -lAF --classify --group-directories-first";
|
||||
l = "ls -lF --classify --group-directories-first";
|
||||
};
|
||||
# https://nixos.wiki/wiki/Fish
|
||||
interactiveShellInit = ''
|
||||
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
||||
then
|
||||
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
||||
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
||||
fi
|
||||
'';
|
||||
};
|
||||
mtr.enable = true;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
steam.enable = true;
|
||||
chromium = {
|
||||
enable = true;
|
||||
extraOpts = {
|
||||
"SpellcheckEnabled" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo.enable = false;
|
||||
doas = {
|
||||
enable = true;
|
||||
extraRules = [
|
||||
{
|
||||
users = [ "blee" ];
|
||||
persist = true;
|
||||
}
|
||||
{
|
||||
users = [ "timburr" ];
|
||||
noPass = true;
|
||||
cmd = "reboot";
|
||||
}
|
||||
{
|
||||
users = [ "timburr" ];
|
||||
noPass = true;
|
||||
cmd = "halt";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
openssh.enable = true;
|
||||
|
||||
# https://discourse.nixos.org/t/bluetooth-a2dp-sink-not-showing-up-in-pulseaudio-on-nixos/32447/4?u=bleetube
|
||||
pipewire = {
|
||||
enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "blee";
|
||||
dataDir = "/home/blee/Documents";
|
||||
};
|
||||
journald.extraConfig = "MaxRetentionSec=30day";
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/monitoring/prometheus/exporters.nix
|
||||
prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 8030;
|
||||
# openFirewall = true;
|
||||
enabledCollectors = [
|
||||
"cpu.info"
|
||||
"interrupts"
|
||||
"netstat"
|
||||
"vmstat"
|
||||
"systemd"
|
||||
"tcpstat"
|
||||
"processes"
|
||||
];
|
||||
};
|
||||
|
||||
caddy = {
|
||||
enable = true;
|
||||
logFormat = "output discard";
|
||||
extraConfig = let
|
||||
tlsConfig = ''
|
||||
tls {
|
||||
dns namecheap {
|
||||
api_key {env.NAMECHEAP_API_KEY}
|
||||
user {env.NAMECHEAP_API_USER}
|
||||
api_endpoint https://api.namecheap.com/xml.response
|
||||
}
|
||||
}
|
||||
'';
|
||||
in ''
|
||||
${host_fqdn} { # ComfyUI
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8080
|
||||
|
||||
handle /output/* {
|
||||
root /opt/comfyui
|
||||
file_server browse
|
||||
}
|
||||
|
||||
handle /meeseeks/* {
|
||||
root /mnt/meow/squirtle/var/ftp
|
||||
file_server browse
|
||||
}
|
||||
|
||||
}
|
||||
${host_fqdn}:4430 { # node_exporter
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8030
|
||||
}
|
||||
|
||||
${host_fqdn}:4431 { # litellm
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8031
|
||||
}
|
||||
${host_fqdn}:4434 { # ollama
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:11434
|
||||
}
|
||||
${host_fqdn}:4440 { # sunshine
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:47990
|
||||
}
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
sunshine.enable = true;
|
||||
displayManager = {
|
||||
sddm.enable = true;
|
||||
#defaultSession = "plasmawayland";
|
||||
};
|
||||
xserver = {
|
||||
enable = true;
|
||||
videoDrivers = ["nvidia"]; # nvidia-smi, kernel-modules
|
||||
desktopManager.plasma5.enable = true;
|
||||
};
|
||||
# ollama = {
|
||||
# enable = true;
|
||||
# package = unstable.ollama; # outdated
|
||||
# # port = 8034; # not in stable yet
|
||||
# };
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
|
||||
comfyui = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
User = "blee";
|
||||
WorkingDirectory = "/opt/comfyui";
|
||||
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
|
||||
};
|
||||
script = "${pkgs.nix}/bin/nix-shell";
|
||||
};
|
||||
|
||||
caddy = {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = "/var/src/secrets/namecheap";
|
||||
ExecStart = [
|
||||
"" # This empty string clears the existing ExecStart commands
|
||||
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
|
||||
];
|
||||
ExecReload = [
|
||||
"" # This empty string clears the existing ExecReload commands
|
||||
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
"sleep-at-night" = {
|
||||
script = ''
|
||||
${pkgs.utillinux}/bin/rtcwake -m no -l -t "$(date +\%s -d 'tomorrow 10:00')"
|
||||
${pkgs.systemd}/bin/systemctl suspend
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
}; # services
|
||||
|
||||
|
||||
timers."sleep-at-night" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 20:00:00";
|
||||
# Persistent = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
79
incineroar.brenise.dev/install.sh
Executable file
79
incineroar.brenise.dev/install.sh
Executable file
@ -0,0 +1,79 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -x
|
||||
|
||||
TARGET=192.168.1.19
|
||||
TARGET_MAC=d8:5e:d3:82:9c:35
|
||||
|
||||
function FORMAT_DISK ()
|
||||
{
|
||||
dd if=/dev/zero count=1 bs=21M of=/dev/nvme0n1
|
||||
parted /dev/nvme0n1 -- mklabel gpt
|
||||
parted /dev/nvme0n1 -- mkpart primary 512MB 100%
|
||||
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
||||
sync # wait for device to be ready
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
|
||||
# Create a new ESP
|
||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
|
||||
parted /dev/nvme0n1 -- set 2 esp on
|
||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||||
sync # wait for device to be ready
|
||||
mkdir -p /mnt/boot
|
||||
sleep 3 # wait for device to be ready
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
|
||||
# Or use an existing ESP (must have same boot loader type, ie. grub or systemd-boot)
|
||||
#mkdir -p /mnt/boot
|
||||
#mount /dev/nvme0n1p1 /mnt/boot
|
||||
|
||||
nixos-generate-config --root /mnt
|
||||
}
|
||||
ping -c1 ${TARGET} 2>&1 > /dev/null || (echo "Target not found. Exiting." && exit 1)
|
||||
if ! arp -n | grep $TARGET_MAC; then
|
||||
echo "Target not found in ARP table. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Install NixOS on ${TARGET}? You must set a password on the target before running this."
|
||||
echo "Press enter to continue or ctrl+c to quit."
|
||||
read
|
||||
|
||||
ssh-keygen -R ${TARGET}
|
||||
ssh-copy-id nixos@${TARGET}
|
||||
|
||||
COMMANDS="
|
||||
sudo cp -r /home/nixos/.ssh /root/.;
|
||||
sudo chown -R root:root /root/.ssh;
|
||||
"
|
||||
ssh -t nixos@${TARGET} "${COMMANDS}"
|
||||
|
||||
ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK"
|
||||
|
||||
scp configuration.nix root@${TARGET}:/mnt/etc/nixos/
|
||||
|
||||
# copy authorized keys to both the target and the target's chroot, because nixos-install runs outside the chroot
|
||||
ssh root@${TARGET} mkdir -p /etc/nixos/ssh /mnt/etc/nixos/ssh
|
||||
if [ -f ~/.ssh/ansible_root_keys ]; then
|
||||
scp ~/.ssh/ansible_root_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys
|
||||
scp ~/.ssh/ansible_root_keys root@$TARGET:/etc/nixos/ssh/authorized_keys
|
||||
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_timburr_keys
|
||||
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/etc/nixos/ssh/authorized_timburr_keys
|
||||
else
|
||||
scp ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
|
||||
scp ~/.ssh/authorized_keys root@${TARGET}:/mnt/etc/nixos/ssh/authorized_keys
|
||||
fi
|
||||
|
||||
echo "Press [Enter] to run nixos-install on the target, or press ctrl+c to stop and do it manually."
|
||||
read
|
||||
ssh root@${TARGET} nixos-install
|
||||
#ssh root@${TARGET} openssl dhparam -out /etc/ssl/dhparams.pem 3072
|
||||
|
||||
ssh-keygen -R ${TARGET}
|
||||
echo "Done."
|
||||
echo
|
||||
echo "You should set a password before restarting in case networking doesn't come up on first boot. To chroot run this:"
|
||||
echo "nixos-enter --root /mnt"
|
||||
echo "passwd"
|
||||
|
||||
ssh-keygen -R ${TARGET}
|
72
incineroar.brenise.dev/opt/comfyui/run-comfyui.sh
Executable file
72
incineroar.brenise.dev/opt/comfyui/run-comfyui.sh
Executable file
@ -0,0 +1,72 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# ComfyUI Tmux Launcher
|
||||
#
|
||||
# This script starts ComfyUI in a detached tmux session. It allows for easy
|
||||
# configuration of session name, port, listen address, and low VRAM mode.
|
||||
#
|
||||
# Usage:
|
||||
# ./script.sh [SESSION_NAME] [PORT] [LISTEN_ADDRESS] [LOWVRAM]
|
||||
#
|
||||
# Arguments:
|
||||
# SESSION_NAME : Name of the tmux session (default: imagegen)
|
||||
# PORT : Port number for ComfyUI to listen on (default: 8080)
|
||||
# LISTEN_ADDRESS : IP address to bind to (default: 127.0.0.1)
|
||||
# LOWVRAM : Enable low VRAM mode (default: false)
|
||||
#
|
||||
# Examples:
|
||||
# 1. Run with default settings:
|
||||
# ./script.sh
|
||||
#
|
||||
# 2. Custom session name:
|
||||
# ./script.sh mycustomsession
|
||||
#
|
||||
# 3. Custom session, port, and address:
|
||||
# ./script.sh mycustomsession 8090 0.0.0.0
|
||||
#
|
||||
# 4. Enable low VRAM mode:
|
||||
# ./script.sh imagegen 8080 127.0.0.1 true
|
||||
#
|
||||
# Note: This script requires tmux to be installed and a virtual environment
|
||||
# to be set up in the .venv directory.
|
||||
|
||||
# Exit on error, undefined variables, and print commands
|
||||
#set -eux
|
||||
set -e
|
||||
|
||||
# Default values (can be overridden by command-line arguments)
|
||||
SESSION_NAME="${1:-imagegen}"
|
||||
PORT="${2:-8080}"
|
||||
LISTEN_ADDRESS="${3:-127.0.0.1}"
|
||||
LOWVRAM="${4:-false}"
|
||||
|
||||
if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
|
||||
echo "Session '$SESSION_NAME' already exists. No action taken."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Activate virtual environment
|
||||
source .venv/bin/activate
|
||||
|
||||
# Check if session already exists
|
||||
if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
|
||||
# Create new detached session
|
||||
tmux new-session -d -s "$SESSION_NAME"
|
||||
|
||||
# Prepare the command
|
||||
BASE_COMMAND="python main.py --port $PORT --listen $LISTEN_ADDRESS"
|
||||
if [ "$LOWVRAM" = "true" ]; then
|
||||
FULL_COMMAND="$BASE_COMMAND --lowvram --preview-method auto --use-split-cross-attention"
|
||||
else
|
||||
FULL_COMMAND="$BASE_COMMAND"
|
||||
fi
|
||||
|
||||
# Start the ComfyUI application
|
||||
tmux send-keys -t "$SESSION_NAME" "$FULL_COMMAND" C-m
|
||||
|
||||
echo "Session '$SESSION_NAME' created and ComfyUI started."
|
||||
echo "To connect, type: tmux attach -t $SESSION_NAME"
|
||||
else
|
||||
echo "Session '$SESSION_NAME' already exists. Exiting."
|
||||
exit 1
|
||||
fi
|
10
incineroar.brenise.dev/opt/comfyui/shell.nix
Normal file
10
incineroar.brenise.dev/opt/comfyui/shell.nix
Normal file
@ -0,0 +1,10 @@
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
(pkgs.buildFHSEnv {
|
||||
name = "comfyui-fhs-env";
|
||||
targetPkgs = pkgs: with pkgs; [
|
||||
tmux
|
||||
# bash
|
||||
# python311
|
||||
];
|
||||
runScript = "./run-comfyui.sh";
|
||||
}).env
|
5
incineroar.brenise.dev/opt/ollama/shell.nix
Normal file
5
incineroar.brenise.dev/opt/ollama/shell.nix
Normal file
@ -0,0 +1,5 @@
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
(pkgs.buildFHSEnv {
|
||||
name = "ollama-fhs-env";
|
||||
runScript = "tmux new-session ./bin/ollama serve";
|
||||
}).env
|
Loading…
x
Reference in New Issue
Block a user