Personal Nix setup
Merge branch 'irnbru'
+148
-27
+6
flake.nix
+6
flake.nix
···
112
112
hostname = "fanta";
113
113
};
114
114
115
+
darwinConfigurations."irnbru" = mkSystem {
116
+
inherit overlays;
117
+
system = "aarch64-darwin";
118
+
hostname = "irnbru";
119
+
};
120
+
115
121
nixosConfigurations."pepper" = mkSystem {
116
122
inherit overlays;
117
123
system = "x86_64-linux";
+34
-4
home/apps/ollama.nix
+34
-4
home/apps/ollama.nix
···
16
16
OLLAMA_FLASH_ATTENTION = if cfg.ollama.flashAttention then "1" else "0";
17
17
OLLAMA_SCHED_SPREAD = if cfg.ollama.schedSpread then "1" else "0";
18
18
OLLAMA_INTEL_GPU = if cfg.ollama.intelGpu then "1" else "0";
19
+
OLLAMA_KV_CACHE_TYPE = cfg.ollama.kvCacheType;
20
+
OLLAMA_CONTEXT_LENGTH = toString cfg.ollama.defaultContextLength;
21
+
OLLAMA_MAX_LOADED_MODELS = toString cfg.ollama.maxLoadedModels;
19
22
};
20
23
in {
21
24
options.modules.apps.ollama = {
···
25
28
type = types.bool;
26
29
};
27
30
31
+
enableServer = mkOption {
32
+
default = true;
33
+
description = "Whether to enable Ollama's server.";
34
+
type = types.bool;
35
+
};
36
+
28
37
package = mkOption {
29
38
default = pkgs.ollama;
30
39
type = types.package;
···
34
43
default = "http://0.0.0.0:11434";
35
44
description = "Determines the host and port to listen on";
36
45
type = types.str;
46
+
};
47
+
48
+
maxLoadedModels = mkOption {
49
+
default = 3;
50
+
type = types.int;
51
+
};
52
+
53
+
defaultContextLength = mkOption {
54
+
default = 32768;
55
+
type = types.int;
37
56
};
38
57
39
58
flashAttention = mkOption {
40
-
default = false;
59
+
default = true;
41
60
description = ''
42
-
Enables experimental flash att ention feature.
61
+
Enables experimental flash attention feature.
43
62
Effect: Activates an experimental optimization for attention mechanisms.
44
63
Scenario: Can potentially improve performance on compatible hardware but may introduce instability.
45
64
'';
46
65
type = types.bool;
47
66
};
48
67
68
+
kvCacheType = mkOption {
69
+
default = "q8_0";
70
+
type = types.enum [ "f16" "q8_0" "q4_0" ];
71
+
description = ''
72
+
Determines the K/V cache quantization type
73
+
Effect: Activates quantization of the K/V cache reducing memory usage with flash attention.
74
+
Scenario: Can lead to reduced VRAM usage at the cost of accuracy.
75
+
Models with a higher Grouped Query Attention (GQA) count (e.g. Qwen 2) will see a larger negative impact.
76
+
'';
77
+
};
78
+
49
79
schedSpread = mkOption {
50
80
default = false;
51
81
description = ''
···
73
103
}
74
104
75
105
(helpers.mkIfLinux {
76
-
systemd.user.services.ollama = {
106
+
systemd.user.services.ollama = mkIf cfg.ollama.enableServer {
77
107
Unit = {
78
108
Description = "Ollama";
79
109
Documentation = "https://github.com/jmorganca/ollama";
···
89
119
})
90
120
91
121
(helpers.mkIfDarwin {
92
-
launchd.agents.ollama = {
122
+
launchd.agents.ollama = mkIf cfg.ollama.enableServer{
93
123
enable = true;
94
124
config = {
95
125
EnvironmentVariables = env;
+13
machines/irnbru/configuration.nix
+13
machines/irnbru/configuration.nix
+11
machines/irnbru/home.nix
+11
machines/irnbru/home.nix
+1
machines/ramune/configuration.nix
+1
machines/ramune/configuration.nix
···
32
32
{ macAddress = "98:ed:7e:c6:57:b2"; ipAddress = "10.0.0.102"; } # eero router
33
33
{ macAddress = "c4:f1:74:51:4c:f2"; ipAddress = "10.0.0.124"; } # eero router
34
34
{ macAddress = "5c:61:99:7a:16:40"; ipAddress = "10.0.0.103"; } # brother printer
35
+
{ macAddress = "1c:1d:d3:de:4b:06"; ipAddress = "10.0.0.35"; } # irnbru
35
36
];
36
37
nftables.blockForward = [
37
38
"ec:e5:12:1d:23:40" # tado
+1
machines/sodacream/home.nix
+1
machines/sodacream/home.nix
+18
modules/base/macos.nix
+18
modules/base/macos.nix
···
7
7
system = {
8
8
primaryUser = "${user}";
9
9
10
+
activationScripts.postActivation.text = ''
11
+
# disable spotlight
12
+
launchctl unload -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist >/dev/null 2>&1 || true
13
+
# disable fseventsd on /nix volume
14
+
mkdir -p /nix/.fseventsd
15
+
test -e /nix/.fseventsd/no_log || touch /nix/.fseventsd/no_log
16
+
'';
17
+
10
18
keyboard = {
11
19
enableKeyMapping = true;
12
20
remapCapsLockToControl = true;
···
31
39
tilesize = 46;
32
40
mru-spaces = false;
33
41
};
42
+
LaunchServices.LSQuarantine = false;
34
43
NSGlobalDomain = {
44
+
AppleMeasurementUnits = "Centimeters";
45
+
AppleMetricUnits = 1;
46
+
AppleTemperatureUnit = "Celsius";
35
47
AppleShowAllExtensions = true;
36
48
InitialKeyRepeat = 10;
37
49
KeyRepeat = 2;
···
40
52
"com.apple.swipescrolldirection" = false;
41
53
};
42
54
spaces.spans-displays = false;
55
+
56
+
CustomSystemPreferences = {
57
+
"com.apple.TimeMachine".DoNotOfferNewDisksForBackup = true;
58
+
"com.apple.ImageCapture".disableHotPlug = true;
59
+
"com.apple.gamed".Disabled = true;
60
+
};
43
61
};
44
62
};
45
63
}
+4
-3
modules/base/nix-config.nix
+4
-3
modules/base/nix-config.nix
···
1
-
{ lib, pkgs, inputs, helpers, config, ... }:
1
+
{ lib, pkgs, inputs, helpers, user, config, ... }:
2
2
3
3
with lib; mkMerge [
4
4
{
···
31
31
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
32
32
];
33
33
trusted-users = [ "root" "@wheel" ];
34
+
allowed-users = [ "root" "@wheel" "${user}" ];
35
+
extra-trusted-users = [ "${user}" ];
34
36
# on Apple Silicon, Rosetta 2 allows for this
35
37
extra-platforms = mkIf (helpers.system == "aarch64-darwin") [ helpers.system "x86_64-darwin" ];
36
38
};
···
53
55
};
54
56
}
55
57
(helpers.darwinAttrs {
56
-
system.stateVersion = 5;
57
-
ids.gids.nixbld = 30000;
58
+
system.stateVersion = 6;
58
59
})
59
60
]
+2
-2
modules/server/caddy.nix
+2
-2
modules/server/caddy.nix
···
1
-
{ lib, config, hostname, ... }:
1
+
{ lib, config, hostname, helpers, ... }:
2
2
3
3
with lib;
4
4
let
···
67
67
}
68
68
'') cfg.caddy.exposeFolders;
69
69
in strings.concatStringsSep "\n\n" configs;
70
-
in {
70
+
in helpers.linuxAttrs {
71
71
options.modules.server.caddy = {
72
72
enable = mkOption {
73
73
default = false;
+1
-4
modules/server/default.nix
+1
-4
modules/server/default.nix
···
10
10
};
11
11
};
12
12
13
-
config.modules.server = {
14
-
enable = if helpers.isLinux then (mkDefault false) else (mkForce false);
15
-
};
16
-
} // helpers.linuxAttrs {
17
13
imports = [
18
14
./sshd.nix
19
15
./tailscale.nix
···
23
19
./jellyfin.nix
24
20
./home-assistant.nix
25
21
./podman.nix
22
+
./macos.nix
26
23
];
27
24
}
+2
-2
modules/server/hd-idle.nix
+2
-2
modules/server/hd-idle.nix
···
1
-
{ lib, config, pkgs, ... }:
1
+
{ lib, config, pkgs, helpers, ... }:
2
2
3
3
with lib;
4
4
let
5
5
cfgRoot = config.modules.server;
6
6
cfg = config.modules.server.hd-idle;
7
-
in {
7
+
in helpers.linuxAttrs {
8
8
options.modules.server.hd-idle = {
9
9
enable = mkOption {
10
10
default = false;
+2
-2
modules/server/home-assistant.nix
+2
-2
modules/server/home-assistant.nix
···
1
-
{ lib, config, pkgs, ... }:
1
+
{ lib, config, pkgs, helpers, ... }:
2
2
3
3
with lib;
4
4
let
···
10
10
containerImage = if stdenv.isAarch64
11
11
then "ghcr.io/home-assistant/aarch64-homeassistant:${cfg.revision}"
12
12
else "ghcr.io/home-assistant/home-assistant:${cfg.revision}";
13
-
in {
13
+
in helpers.linuxAttrs {
14
14
options.modules.server.home-assistant = {
15
15
enable = mkOption {
16
16
default = false;
+2
-2
modules/server/jellyfin.nix
+2
-2
modules/server/jellyfin.nix
···
1
-
{ lib, config, pkgs, user, ... }:
1
+
{ lib, config, pkgs, user, helpers, ... }:
2
2
3
3
with lib;
4
4
let
···
6
6
cfg = config.modules.server.jellyfin;
7
7
8
8
group = "share";
9
-
in {
9
+
in helpers.linuxAttrs {
10
10
options.modules.server.jellyfin = {
11
11
enable = mkOption {
12
12
default = false;
+35
modules/server/macos.nix
+35
modules/server/macos.nix
···
1
+
{ lib, config, user, helpers, ... }:
2
+
3
+
with lib;
4
+
let
5
+
cfg = config.modules.server;
6
+
in helpers.darwinAttrs {
7
+
options.modules.server = {
8
+
disableSleep = mkOption {
9
+
default = cfg.enable;
10
+
example = true;
11
+
description = "Whether to disable sleep";
12
+
type = types.bool;
13
+
};
14
+
};
15
+
16
+
config = mkIf cfg.disableSleep {
17
+
system.activationScripts.postActivation.text = ''
18
+
defaults write com.apple.screensaver idleTime 0
19
+
pmset -a powernap 0
20
+
pmset -a sms 0
21
+
pmset -a sleep 0
22
+
pmset -a hibernatemode 0
23
+
pmset -a disablesleep 1
24
+
'';
25
+
26
+
power = {
27
+
restartAfterFreeze = true;
28
+
restartAfterPowerFailure = true;
29
+
sleep = {
30
+
allowSleepByPowerButton = false;
31
+
computer = "never";
32
+
};
33
+
};
34
+
};
35
+
}
+2
-2
modules/server/podman.nix
+2
-2
modules/server/podman.nix
···
1
-
{ lib, config, user, pkgs, ... }:
1
+
{ lib, config, user, pkgs, helpers, ... }:
2
2
3
3
with lib;
4
4
let
5
5
cfgRoot = config.modules.server;
6
6
cfg = config.modules.server.podman;
7
-
in {
7
+
in helpers.linuxAttrs {
8
8
options.modules.server.podman = {
9
9
enable = mkOption {
10
10
default = false;
+2
-1
modules/server/sshd.nix
+2
-1
modules/server/sshd.nix
+10
-3
modules/server/tailscale.nix
+10
-3
modules/server/tailscale.nix
···
1
-
{ lib, config, pkgs, user, hostname, ... }:
1
+
{ lib, config, pkgs, user, helpers, hostname, ... }:
2
2
3
3
with lib;
4
4
let
···
15
15
};
16
16
};
17
17
18
-
config = mkIf (cfg.enable && cfgRoot.enable) {
18
+
config = mkIf (cfg.enable && cfgRoot.enable) (helpers.linuxAttrs {
19
19
networking = {
20
20
domain = mkIf cfgRouter.enable "fable-pancake.ts.net";
21
21
search = [ "fable-pancake.ts.net" ];
···
42
42
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_DISABLE_PORTLIST=true" ];
43
43
44
44
environment.systemPackages = mkIf config.modules.desktop.enable [ pkgs.tail-tray ];
45
-
};
45
+
} // helpers.darwinAttrs {
46
+
networking.search = [ "fable-pancake.ts.net" ];
47
+
48
+
services.tailscale = {
49
+
enable = true;
50
+
overrideLocalDns = true;
51
+
};
52
+
});
46
53
}
+2
-2
modules/server/vaultwarden.nix
+2
-2
modules/server/vaultwarden.nix
···
1
-
{ lib, config, hostname, ... }:
1
+
{ lib, config, hostname, helpers, ... }:
2
2
3
3
with lib;
4
4
let
5
5
address = config.modules.router.adress;
6
6
cfg = config.modules.server;
7
-
in {
7
+
in helpers.linuxAttrs {
8
8
options.modules.server.vaultwarden = {
9
9
enable = mkOption {
10
10
default = false;