pleb/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

incineroar: add system to repo after upgrading nixos 24.05 -> 24.11

Browse Source
This commit is contained in:
Brian Lee 2025-01-02 18:12:44 -08:00
parent ead5c6ebb6
commit 5a4afe3d08
5 changed files with 562 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

396
incineroar.brenise.dev/configuration.nix Normal file
View File

@ -0,0 +1,396 @@
{ config, pkgs, lib, ... }:
let
# Add nixpkgs-unstable channel with the following command:
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
host_name = "incineroar";
host_fqdn = "${host_name}.brenise.dev";
in
{
imports = [
./hardware-configuration.nix
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"nvidia-persistenced"
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
hardware = {
graphics.enable = true;
nvidia = { # RTX 2080 Ti
open = true;
# package = config.boot.kernelPackages.nvidiaPackages.beta;
# modesetting.enable = true; # needed for Wayland compositors, might fix screen tearing
};
};
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
hardware.bluetooth.enable = true;
networking = {
hostName = "${host_name}";
firewall.enable = false;
interfaces = {
enp3s0.ipv4.addresses = [{
address = "192.168.1.36";
prefixLength = 24;
}];
};
defaultGateway = {
address = "192.168.1.1";
interface = "enp3s0";
};
# TODO https://nixos.wiki/wiki/Encrypted_DNS
nameservers = [ "1.1.1.1" "8.8.8.8" ];
};
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
# keyMap = "us";
useXkbConfig = true; # use xkbOptions in tty.
};
users = {
users = {
root = {
openssh.authorizedKeys.keyFiles = [
/etc/nixos/ssh/authorized_keys
];
};
blee = {
openssh.authorizedKeys.keyFiles = [
/etc/nixos/ssh/authorized_keys
];
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = with pkgs; [
chromium
firefox
ffmpeg
obs-studio
kate # kwrite
glances
libsForQt5.kcalc
# slack # sso auth very broken
synergy
# Build vim huge with clipboard support
(vim_configurable.overrideAttrs (oldAttrs: {
features = "huge";
}))
python311
python311Packages.pip
python311Packages.ipython
python311Packages.huggingface-hub
curl
dnsutils
git
git-lfs
jq
imagemagick
pass
netcat
mediainfo
tmux
vlc
wget
];
};
# steam = {
# openssh.authorizedKeys.keyFiles = [
# /etc/nixos/ssh/authorized_keys
# ];
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# };
timburr = {
openssh.authorizedKeys.keyFiles = [
/etc/nixos/ssh/authorized_timburr_keys
];
isNormalUser = true;
extraGroups = [ "wheel" ];
};
};
};
environment = {
systemPackages = with pkgs; [
cryptsetup
doas
dig
file
fzf
htop
libressl
nettools
parted
psmisc
rsync
screen
tcpdump
tree
vim
wireguard-tools
whois
# GPU tools
inxi
glxinfo
pciutils # lspci
vulkan-tools
];
shellInit = ''
pheonix() {
systemctl restart "$1"
journalctl -fu "$1"
}
'';
plasma5.excludePackages = with pkgs.libsForQt5; [
#elisa # music player
#gwenview # image viewer
#okular # document viewer
#oxygen # widgets
#khelpcenter
#konsole
plasma-browser-integration
#print-manager
];
};
programs = {
fish.enable = true;
tmux = {
enable = true;
extraConfig = ''
set-option -g default-shell ${pkgs.fish}/bin/fish
''; # This doesn't seem to work
};
vim = {
enable = true;
defaultEditor = true;
};
bash = {
shellAliases = {
ll = "ls -lAF --classify --group-directories-first";
l = "ls -lF --classify --group-directories-first";
};
# https://nixos.wiki/wiki/Fish
interactiveShellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
steam.enable = true;
chromium = {
enable = true;
extraOpts = {
"SpellcheckEnabled" = false;
};
};
};
security = {
sudo.enable = false;
doas = {
enable = true;
extraRules = [
{
users = [ "blee" ];
persist = true;
}
{
users = [ "timburr" ];
noPass = true;
cmd = "reboot";
}
{
users = [ "timburr" ];
noPass = true;
cmd = "halt";
}
];
};
};
services = {
openssh.enable = true;
# https://discourse.nixos.org/t/bluetooth-a2dp-sink-not-showing-up-in-pulseaudio-on-nixos/32447/4?u=bleetube
pipewire = {
enable = true;
pulse.enable = true;
};
syncthing = {
enable = true;
user = "blee";
dataDir = "/home/blee/Documents";
};
journald.extraConfig = "MaxRetentionSec=30day";
# https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/monitoring/prometheus/exporters.nix
prometheus.exporters.node = {
enable = true;
port = 8030;
# openFirewall = true;
enabledCollectors = [
"cpu.info"
"interrupts"
"netstat"
"vmstat"
"systemd"
"tcpstat"
"processes"
];
};
caddy = {
enable = true;
logFormat = "output discard";
extraConfig = let
tlsConfig = ''
tls {
dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
api_endpoint https://api.namecheap.com/xml.response
}
}
'';
in ''
${host_fqdn} { # ComfyUI
${tlsConfig}
reverse_proxy http://127.0.0.1:8080
handle /output/* {
root /opt/comfyui
file_server browse
}
handle /meeseeks/* {
root /mnt/meow/squirtle/var/ftp
file_server browse
}
}
${host_fqdn}:4430 { # node_exporter
${tlsConfig}
reverse_proxy http://127.0.0.1:8030
}
${host_fqdn}:4431 { # litellm
${tlsConfig}
reverse_proxy http://127.0.0.1:8031
}
${host_fqdn}:4434 { # ollama
${tlsConfig}
reverse_proxy http://127.0.0.1:11434
}
${host_fqdn}:4440 { # sunshine
${tlsConfig}
reverse_proxy http://127.0.0.1:47990
}
'';
};
sunshine.enable = true;
displayManager = {
sddm.enable = true;
#defaultSession = "plasmawayland";
};
xserver = {
enable = true;
videoDrivers = ["nvidia"]; # nvidia-smi, kernel-modules
desktopManager.plasma5.enable = true;
};
# ollama = {
# enable = true;
# package = unstable.ollama; # outdated
# # port = 8034; # not in stable yet
# };
};
systemd = {
services = {
comfyui = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "forking";
User = "blee";
WorkingDirectory = "/opt/comfyui";
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
};
script = "${pkgs.nix}/bin/nix-shell";
};
caddy = {
serviceConfig = {
EnvironmentFile = "/var/src/secrets/namecheap";
ExecStart = [
"" # This empty string clears the existing ExecStart commands
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
];
ExecReload = [
"" # This empty string clears the existing ExecReload commands
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
];
};
};
"sleep-at-night" = {
script = ''
${pkgs.utillinux}/bin/rtcwake -m no -l -t "$(date +\%s -d 'tomorrow 10:00')"
${pkgs.systemd}/bin/systemctl suspend
'';
serviceConfig = {
Type = "oneshot";
};
};
}; # services
timers."sleep-at-night" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 20:00:00";
# Persistent = true;
};
};
};
system.stateVersion = "23.11";
}

79
incineroar.brenise.dev/install.sh Executable file
View File

@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -e
set -x
TARGET=192.168.1.19
TARGET_MAC=d8:5e:d3:82:9c:35
function FORMAT_DISK ()
{
dd if=/dev/zero count=1 bs=21M of=/dev/nvme0n1
parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- mkpart primary 512MB 100%
mkfs.ext4 -L nixos /dev/nvme0n1p1
sync # wait for device to be ready
mount /dev/disk/by-label/nixos /mnt
# Create a new ESP
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
parted /dev/nvme0n1 -- set 2 esp on
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
sync # wait for device to be ready
mkdir -p /mnt/boot
sleep 3 # wait for device to be ready
mount /dev/disk/by-label/boot /mnt/boot
# Or use an existing ESP (must have same boot loader type, ie. grub or systemd-boot)
#mkdir -p /mnt/boot
#mount /dev/nvme0n1p1 /mnt/boot
nixos-generate-config --root /mnt
}
ping -c1 ${TARGET} 2>&1 > /dev/null || (echo "Target not found. Exiting." && exit 1)
if ! arp -n | grep $TARGET_MAC; then
echo "Target not found in ARP table. Exiting."
exit 1
fi
echo "Install NixOS on ${TARGET}? You must set a password on the target before running this."
echo "Press enter to continue or ctrl+c to quit."
read
ssh-keygen -R ${TARGET}
ssh-copy-id nixos@${TARGET}
COMMANDS="
sudo cp -r /home/nixos/.ssh /root/.;
sudo chown -R root:root /root/.ssh;
"
ssh -t nixos@${TARGET} "${COMMANDS}"
ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK"
scp configuration.nix root@${TARGET}:/mnt/etc/nixos/
# copy authorized keys to both the target and the target's chroot, because nixos-install runs outside the chroot
ssh root@${TARGET} mkdir -p /etc/nixos/ssh /mnt/etc/nixos/ssh
if [ -f ~/.ssh/ansible_root_keys ]; then
scp ~/.ssh/ansible_root_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_keys
scp ~/.ssh/ansible_root_keys root@$TARGET:/etc/nixos/ssh/authorized_keys
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/mnt/etc/nixos/ssh/authorized_timburr_keys
scp ~/.ssh/ansible_timburr_keys root@$TARGET:/etc/nixos/ssh/authorized_timburr_keys
else
scp ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
scp ~/.ssh/authorized_keys root@${TARGET}:/mnt/etc/nixos/ssh/authorized_keys
fi
echo "Press [Enter] to run nixos-install on the target, or press ctrl+c to stop and do it manually."
read
ssh root@${TARGET} nixos-install
#ssh root@${TARGET} openssl dhparam -out /etc/ssl/dhparams.pem 3072
ssh-keygen -R ${TARGET}
echo "Done."
echo
echo "You should set a password before restarting in case networking doesn't come up on first boot. To chroot run this:"
echo "nixos-enter --root /mnt"
echo "passwd"
ssh-keygen -R ${TARGET}

72
incineroar.brenise.dev/opt/comfyui/run-comfyui.sh Executable file
View File

@ -0,0 +1,72 @@
#!/usr/bin/env bash
# ComfyUI Tmux Launcher
#
# This script starts ComfyUI in a detached tmux session. It allows for easy
# configuration of session name, port, listen address, and low VRAM mode.
#
# Usage:
# ./script.sh [SESSION_NAME] [PORT] [LISTEN_ADDRESS] [LOWVRAM]
#
# Arguments:
# SESSION_NAME : Name of the tmux session (default: imagegen)
# PORT : Port number for ComfyUI to listen on (default: 8080)
# LISTEN_ADDRESS : IP address to bind to (default: 127.0.0.1)
# LOWVRAM : Enable low VRAM mode (default: false)
#
# Examples:
# 1. Run with default settings:
# ./script.sh
#
# 2. Custom session name:
# ./script.sh mycustomsession
#
# 3. Custom session, port, and address:
# ./script.sh mycustomsession 8090 0.0.0.0
#
# 4. Enable low VRAM mode:
# ./script.sh imagegen 8080 127.0.0.1 true
#
# Note: This script requires tmux to be installed and a virtual environment
# to be set up in the .venv directory.
# Exit on error, undefined variables, and print commands
#set -eux
set -e
# Default values (can be overridden by command-line arguments)
SESSION_NAME="${1:-imagegen}"
PORT="${2:-8080}"
LISTEN_ADDRESS="${3:-127.0.0.1}"
LOWVRAM="${4:-false}"
if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
echo "Session '$SESSION_NAME' already exists. No action taken."
exit 0
fi
# Activate virtual environment
source .venv/bin/activate
# Check if session already exists
if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
# Create new detached session
tmux new-session -d -s "$SESSION_NAME"
# Prepare the command
BASE_COMMAND="python main.py --port $PORT --listen $LISTEN_ADDRESS"
if [ "$LOWVRAM" = "true" ]; then
FULL_COMMAND="$BASE_COMMAND --lowvram --preview-method auto --use-split-cross-attention"
else
FULL_COMMAND="$BASE_COMMAND"
fi
# Start the ComfyUI application
tmux send-keys -t "$SESSION_NAME" "$FULL_COMMAND" C-m
echo "Session '$SESSION_NAME' created and ComfyUI started."
echo "To connect, type: tmux attach -t $SESSION_NAME"
else
echo "Session '$SESSION_NAME' already exists. Exiting."
exit 1
fi

10
incineroar.brenise.dev/opt/comfyui/shell.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSEnv {
name = "comfyui-fhs-env";
targetPkgs = pkgs: with pkgs; [
tmux
# bash
# python311
];
runScript = "./run-comfyui.sh";
}).env

5
incineroar.brenise.dev/opt/ollama/shell.nix Normal file
View File

@ -0,0 +1,5 @@
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSEnv {
name = "ollama-fhs-env";
runScript = "tmux new-session ./bin/ollama serve";
}).env