From 5a4afe3d0880e3956cf41986e1fb50188edf7271 Mon Sep 17 00:00:00 2001 From: Brian Lee Date: Thu, 2 Jan 2025 18:12:44 -0800 Subject: [PATCH] incineroar: add system to repo after upgrading nixos 24.05 -> 24.11 --- incineroar.brenise.dev/configuration.nix | 396 ++++++++++++++++++ incineroar.brenise.dev/install.sh | 79 ++++ .../opt/comfyui/run-comfyui.sh | 72 ++++ incineroar.brenise.dev/opt/comfyui/shell.nix | 10 + incineroar.brenise.dev/opt/ollama/shell.nix | 5 + 5 files changed, 562 insertions(+) create mode 100644 incineroar.brenise.dev/configuration.nix create mode 100755 incineroar.brenise.dev/install.sh create mode 100755 incineroar.brenise.dev/opt/comfyui/run-comfyui.sh create mode 100644 incineroar.brenise.dev/opt/comfyui/shell.nix create mode 100644 incineroar.brenise.dev/opt/ollama/shell.nix diff --git a/incineroar.brenise.dev/configuration.nix b/incineroar.brenise.dev/configuration.nix new file mode 100644 index 0000000..74ec1c2 --- /dev/null +++ b/incineroar.brenise.dev/configuration.nix @@ -0,0 +1,396 @@ +{ config, pkgs, lib, ... }: +let + # Add nixpkgs-unstable channel with the following command: + # nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update + unstable = import { config = config.nixpkgs.config; }; + host_name = "incineroar"; + host_fqdn = "${host_name}.brenise.dev"; +in +{ + imports = [ + ./hardware-configuration.nix + ]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" + "steam" + "steam-original" + "steam-unwrapped" + "steam-run" + ]; + hardware = { + graphics.enable = true; + nvidia = { # RTX 2080 Ti + open = true; + # package = config.boot.kernelPackages.nvidiaPackages.beta; + # modesetting.enable = true; # needed for Wayland compositors, might fix screen tearing + }; + }; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + hardware.bluetooth.enable = true; + + networking = { + hostName = "${host_name}"; + firewall.enable = false; + interfaces = { + enp3s0.ipv4.addresses = [{ + address = "192.168.1.36"; + prefixLength = 24; + }]; + }; + defaultGateway = { + address = "192.168.1.1"; + interface = "enp3s0"; + }; + # TODO https://nixos.wiki/wiki/Encrypted_DNS + nameservers = [ "1.1.1.1" "8.8.8.8" ]; + }; + + time.timeZone = "America/Los_Angeles"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; +# keyMap = "us"; + useXkbConfig = true; # use xkbOptions in tty. + }; + + users = { + users = { + + root = { + openssh.authorizedKeys.keyFiles = [ + /etc/nixos/ssh/authorized_keys + ]; + }; + + blee = { + openssh.authorizedKeys.keyFiles = [ + /etc/nixos/ssh/authorized_keys + ]; + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + chromium + firefox + ffmpeg + obs-studio + kate # kwrite + glances + libsForQt5.kcalc + # slack # sso auth very broken + synergy + + # Build vim huge with clipboard support + (vim_configurable.overrideAttrs (oldAttrs: { + features = "huge"; + })) + python311 + python311Packages.pip + python311Packages.ipython + python311Packages.huggingface-hub + curl + dnsutils + git + git-lfs + jq + imagemagick + pass + netcat + mediainfo + tmux + vlc + wget + ]; + }; + +# steam = { +# openssh.authorizedKeys.keyFiles = [ +# /etc/nixos/ssh/authorized_keys +# ]; +# isNormalUser = true; +# extraGroups = [ "wheel" ]; +# }; + + timburr = { + openssh.authorizedKeys.keyFiles = [ + /etc/nixos/ssh/authorized_timburr_keys + ]; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + }; + }; + + environment = { + systemPackages = with pkgs; [ + cryptsetup + doas + dig + file + fzf + htop + libressl + nettools + parted + psmisc + rsync + screen + tcpdump + tree + vim + wireguard-tools + whois + # GPU tools + inxi + glxinfo + pciutils # lspci + vulkan-tools + ]; + + shellInit = '' + pheonix() { + systemctl restart "$1" + journalctl -fu "$1" + } + ''; + + plasma5.excludePackages = with pkgs.libsForQt5; [ + #elisa # music player + #gwenview # image viewer + #okular # document viewer + #oxygen # widgets + #khelpcenter + #konsole + plasma-browser-integration + #print-manager + ]; + }; + + programs = { + fish.enable = true; + tmux = { + enable = true; + extraConfig = '' + set-option -g default-shell ${pkgs.fish}/bin/fish + ''; # This doesn't seem to work + }; + vim = { + enable = true; + defaultEditor = true; + }; + bash = { + shellAliases = { + ll = "ls -lAF --classify --group-directories-first"; + l = "ls -lF --classify --group-directories-first"; + }; + # https://nixos.wiki/wiki/Fish + interactiveShellInit = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; + mtr.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + steam.enable = true; + chromium = { + enable = true; + extraOpts = { + "SpellcheckEnabled" = false; + }; + }; + }; + + security = { + sudo.enable = false; + doas = { + enable = true; + extraRules = [ + { + users = [ "blee" ]; + persist = true; + } + { + users = [ "timburr" ]; + noPass = true; + cmd = "reboot"; + } + { + users = [ "timburr" ]; + noPass = true; + cmd = "halt"; + } + ]; + }; + }; + + services = { + + openssh.enable = true; + + # https://discourse.nixos.org/t/bluetooth-a2dp-sink-not-showing-up-in-pulseaudio-on-nixos/32447/4?u=bleetube + pipewire = { + enable = true; + pulse.enable = true; + }; + + syncthing = { + enable = true; + user = "blee"; + dataDir = "/home/blee/Documents"; + }; + journald.extraConfig = "MaxRetentionSec=30day"; + + # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/monitoring/prometheus/exporters.nix + prometheus.exporters.node = { + enable = true; + port = 8030; +# openFirewall = true; + enabledCollectors = [ + "cpu.info" + "interrupts" + "netstat" + "vmstat" + "systemd" + "tcpstat" + "processes" + ]; + }; + + caddy = { + enable = true; + logFormat = "output discard"; + extraConfig = let + tlsConfig = '' + tls { + dns namecheap { + api_key {env.NAMECHEAP_API_KEY} + user {env.NAMECHEAP_API_USER} + api_endpoint https://api.namecheap.com/xml.response + } + } + ''; + in '' + ${host_fqdn} { # ComfyUI + ${tlsConfig} + reverse_proxy http://127.0.0.1:8080 + + handle /output/* { + root /opt/comfyui + file_server browse + } + + handle /meeseeks/* { + root /mnt/meow/squirtle/var/ftp + file_server browse + } + + } + ${host_fqdn}:4430 { # node_exporter + ${tlsConfig} + reverse_proxy http://127.0.0.1:8030 + } + + ${host_fqdn}:4431 { # litellm + ${tlsConfig} + reverse_proxy http://127.0.0.1:8031 + } + ${host_fqdn}:4434 { # ollama + ${tlsConfig} + reverse_proxy http://127.0.0.1:11434 + } + ${host_fqdn}:4440 { # sunshine + ${tlsConfig} + reverse_proxy http://127.0.0.1:47990 + } + + ''; + }; + + sunshine.enable = true; + displayManager = { + sddm.enable = true; + #defaultSession = "plasmawayland"; + }; + xserver = { + enable = true; + videoDrivers = ["nvidia"]; # nvidia-smi, kernel-modules + desktopManager.plasma5.enable = true; + }; + # ollama = { + # enable = true; + # package = unstable.ollama; # outdated + # # port = 8034; # not in stable yet + # }; + }; + + systemd = { + services = { + + comfyui = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + Type = "forking"; + User = "blee"; + WorkingDirectory = "/opt/comfyui"; + Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels"; + }; + script = "${pkgs.nix}/bin/nix-shell"; + }; + + caddy = { + serviceConfig = { + EnvironmentFile = "/var/src/secrets/namecheap"; + ExecStart = [ + "" # This empty string clears the existing ExecStart commands + "/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile" + ]; + ExecReload = [ + "" # This empty string clears the existing ExecReload commands + "/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force" + ]; + + }; + }; + + "sleep-at-night" = { + script = '' + ${pkgs.utillinux}/bin/rtcwake -m no -l -t "$(date +\%s -d 'tomorrow 10:00')" + ${pkgs.systemd}/bin/systemctl suspend + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; # services + + + timers."sleep-at-night" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* 20:00:00"; + # Persistent = true; + }; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/incineroar.brenise.dev/install.sh b/incineroar.brenise.dev/install.sh new file mode 100755 index 0000000..2a9536b --- /dev/null +++ b/incineroar.brenise.dev/install.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +set -e +set -x + +TARGET=192.168.1.19 +TARGET_MAC=d8:5e:d3:82:9c:35 + +function FORMAT_DISK () +{ + dd if=/dev/zero count=1 bs=21M of=/dev/nvme0n1 + parted /dev/nvme0n1 -- mklabel gpt + parted /dev/nvme0n1 -- mkpart primary 512MB 100% + mkfs.ext4 -L nixos /dev/nvme0n1p1 + sync # wait for device to be ready + mount /dev/disk/by-label/nixos /mnt + + # Create a new ESP + parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB + parted /dev/nvme0n1 -- set 2 esp on + mkfs.fat -F 32 -n boot /dev/nvme0n1p2 + sync # wait for device to be ready + mkdir -p /mnt/boot + sleep 3 # wait for device to be ready + mount /dev/disk/by-label/boot /mnt/boot + + # Or use an existing ESP (must have same boot loader type, ie. grub or systemd-boot) + #mkdir -p /mnt/boot + #mount /dev/nvme0n1p1 /mnt/boot + + nixos-generate-config --root /mnt +} +ping -c1 ${TARGET} 2>&1 > /dev/null || (echo "Target not found. Exiting." && exit 1) +if ! arp -n | grep $TARGET_MAC; then + echo "Target not found in ARP table. Exiting." + exit 1 +fi + +echo "Install NixOS on ${TARGET}? You must set a password on the target before running this." +echo "Press enter to continue or ctrl+c to quit." +read + +ssh-keygen -R ${TARGET} +ssh-copy-id nixos@${TARGET} + +COMMANDS=" +sudo cp -r /home/nixos/.ssh /root/.; +sudo chown -R root:root /root/.ssh; +" +ssh -t nixos@${TARGET} "${COMMANDS}" + +ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK" + +scp configuration.nix root@${TARGET}:/mnt/etc/nixos/ + +# copy authorized keys to both the target and the target's chroot, because nixos-install runs outside the chroot +ssh root@${TARGET} mkdir -p /etc/nixos/ssh /mnt/etc/nixos/ssh +if [ -f ~/.ssh/ansible_root_keys ]; then + scp ~/.ssh/ansible_root_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys + scp ~/.ssh/ansible_root_keys root@$TARGET:/etc/nixos/ssh/authorized_keys + scp ~/.ssh/ansible_timburr_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_timburr_keys + scp ~/.ssh/ansible_timburr_keys root@$TARGET:/etc/nixos/ssh/authorized_timburr_keys +else + scp ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys + scp ~/.ssh/authorized_keys root@${TARGET}:/mnt/etc/nixos/ssh/authorized_keys +fi + +echo "Press [Enter] to run nixos-install on the target, or press ctrl+c to stop and do it manually." +read +ssh root@${TARGET} nixos-install +#ssh root@${TARGET} openssl dhparam -out /etc/ssl/dhparams.pem 3072 + +ssh-keygen -R ${TARGET} +echo "Done." +echo +echo "You should set a password before restarting in case networking doesn't come up on first boot. To chroot run this:" +echo "nixos-enter --root /mnt" +echo "passwd" + +ssh-keygen -R ${TARGET} \ No newline at end of file diff --git a/incineroar.brenise.dev/opt/comfyui/run-comfyui.sh b/incineroar.brenise.dev/opt/comfyui/run-comfyui.sh new file mode 100755 index 0000000..03efc7f --- /dev/null +++ b/incineroar.brenise.dev/opt/comfyui/run-comfyui.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash + +# ComfyUI Tmux Launcher +# +# This script starts ComfyUI in a detached tmux session. It allows for easy +# configuration of session name, port, listen address, and low VRAM mode. +# +# Usage: +# ./script.sh [SESSION_NAME] [PORT] [LISTEN_ADDRESS] [LOWVRAM] +# +# Arguments: +# SESSION_NAME : Name of the tmux session (default: imagegen) +# PORT : Port number for ComfyUI to listen on (default: 8080) +# LISTEN_ADDRESS : IP address to bind to (default: 127.0.0.1) +# LOWVRAM : Enable low VRAM mode (default: false) +# +# Examples: +# 1. Run with default settings: +# ./script.sh +# +# 2. Custom session name: +# ./script.sh mycustomsession +# +# 3. Custom session, port, and address: +# ./script.sh mycustomsession 8090 0.0.0.0 +# +# 4. Enable low VRAM mode: +# ./script.sh imagegen 8080 127.0.0.1 true +# +# Note: This script requires tmux to be installed and a virtual environment +# to be set up in the .venv directory. + +# Exit on error, undefined variables, and print commands +#set -eux +set -e + +# Default values (can be overridden by command-line arguments) +SESSION_NAME="${1:-imagegen}" +PORT="${2:-8080}" +LISTEN_ADDRESS="${3:-127.0.0.1}" +LOWVRAM="${4:-false}" + +if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then + echo "Session '$SESSION_NAME' already exists. No action taken." + exit 0 +fi + +# Activate virtual environment +source .venv/bin/activate + +# Check if session already exists +if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then + # Create new detached session + tmux new-session -d -s "$SESSION_NAME" + + # Prepare the command + BASE_COMMAND="python main.py --port $PORT --listen $LISTEN_ADDRESS" + if [ "$LOWVRAM" = "true" ]; then + FULL_COMMAND="$BASE_COMMAND --lowvram --preview-method auto --use-split-cross-attention" + else + FULL_COMMAND="$BASE_COMMAND" + fi + + # Start the ComfyUI application + tmux send-keys -t "$SESSION_NAME" "$FULL_COMMAND" C-m + + echo "Session '$SESSION_NAME' created and ComfyUI started." + echo "To connect, type: tmux attach -t $SESSION_NAME" +else + echo "Session '$SESSION_NAME' already exists. Exiting." + exit 1 +fi diff --git a/incineroar.brenise.dev/opt/comfyui/shell.nix b/incineroar.brenise.dev/opt/comfyui/shell.nix new file mode 100644 index 0000000..4464136 --- /dev/null +++ b/incineroar.brenise.dev/opt/comfyui/shell.nix @@ -0,0 +1,10 @@ +{ pkgs ? import {} }: +(pkgs.buildFHSEnv { + name = "comfyui-fhs-env"; + targetPkgs = pkgs: with pkgs; [ + tmux +# bash +# python311 + ]; + runScript = "./run-comfyui.sh"; +}).env diff --git a/incineroar.brenise.dev/opt/ollama/shell.nix b/incineroar.brenise.dev/opt/ollama/shell.nix new file mode 100644 index 0000000..3791b72 --- /dev/null +++ b/incineroar.brenise.dev/opt/ollama/shell.nix @@ -0,0 +1,5 @@ +{ pkgs ? import {} }: +(pkgs.buildFHSEnv { + name = "ollama-fhs-env"; + runScript = "tmux new-session ./bin/ollama serve"; +}).env