172 lines
3.7 KiB
Nix
172 lines
3.7 KiB
Nix
{
|
|
pkgs,
|
|
pkgs-unstable,
|
|
lib,
|
|
inputs,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
secrets = config.age.secrets;
|
|
in
|
|
{
|
|
nixpkgs.config.allowUnfree = true;
|
|
nixpkgs.overlays = [ (import ../../custom-pkgs { inherit lib inputs pkgs-unstable; }) ];
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
curl
|
|
htop
|
|
tmux
|
|
libimobiledevice
|
|
ripgrep
|
|
fd
|
|
];
|
|
|
|
pathsToLink = [ "/share/zsh" ];
|
|
};
|
|
|
|
fonts.packages = with pkgs-unstable; [
|
|
nerd-fonts.iosevka
|
|
nerd-fonts.iosevka-term
|
|
];
|
|
services = {
|
|
pcscd = {
|
|
enable = true;
|
|
plugins = [ pkgs.ccid ];
|
|
};
|
|
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = false;
|
|
};
|
|
|
|
tailscale = {
|
|
enable = true;
|
|
useRoutingFeatures = "client";
|
|
package = pkgs-unstable.tailscale;
|
|
};
|
|
|
|
ollama = {
|
|
enable = true;
|
|
package = pkgs-unstable.ollama-vulkan;
|
|
syncModels = true;
|
|
loadModels = [
|
|
"qwen3:4b-instruct"
|
|
"qwen3:8b"
|
|
];
|
|
};
|
|
|
|
borgbackup.jobs.root = {
|
|
paths = "/";
|
|
exclude = [
|
|
"/nix"
|
|
"/var/cache"
|
|
"/run"
|
|
"/sys"
|
|
"/etc"
|
|
"/swap"
|
|
"/proc"
|
|
"**/node_modules"
|
|
"**/.cargo"
|
|
"**/ruby/*/gems"
|
|
"**/.cache"
|
|
"**/.meteor"
|
|
"**/.next"
|
|
"**/.local/share/containers/cache"
|
|
"**/.local/share/containers/storage/overlay"
|
|
"**/.local/share/docker/overlay2"
|
|
"**/log/*.log"
|
|
"**/.local/share/Trash"
|
|
];
|
|
environment = {
|
|
BORG_RSH = "ssh -i /root/.ssh/id_ed25519.borg";
|
|
};
|
|
repo = "ssh://u324815-sub2@u324815.your-storagebox.de:23/./backup";
|
|
encryption = {
|
|
mode = "repokey";
|
|
passphrase = "will be overridden from environment file";
|
|
};
|
|
extraCreateArgs = [
|
|
"--stats"
|
|
"--progress"
|
|
];
|
|
inhibitsSleep = true;
|
|
compression = "auto,zstd";
|
|
startAt = "daily";
|
|
persistentTimer = true;
|
|
preHook = with pkgs; ''
|
|
${coreutils}/bin/timeout 60 ${bash}/bin/sh -c '
|
|
until ${iputils}/bin/ping -c1 your-storagebox.de; do
|
|
sleep 1
|
|
done
|
|
'
|
|
'';
|
|
postCreate = with pkgs; ''
|
|
${curl}/bin/curl "https://status.freun.dev/api/push/''${UPTIME_KUMA_TOKEN}?status=up&msg=OK&ping="
|
|
'';
|
|
prune.keep = {
|
|
within = "3d";
|
|
daily = 14;
|
|
weekly = 8;
|
|
monthly = -1;
|
|
};
|
|
};
|
|
|
|
locate = {
|
|
enable = true;
|
|
package = pkgs.plocate;
|
|
};
|
|
|
|
protonmail-bridge = {
|
|
enable = true;
|
|
package = pkgs-unstable.protonmail-bridge;
|
|
path = [ pkgs.gnome-keyring ];
|
|
};
|
|
};
|
|
|
|
systemd.services.borgbackup-job-root.serviceConfig.EnvironmentFile = secrets.borgbackup-radish.path;
|
|
|
|
programs = {
|
|
zsh.enable = true;
|
|
_1password-gui = {
|
|
enable = true;
|
|
polkitPolicyOwners = [ "moco" ];
|
|
};
|
|
_1password.enable = true;
|
|
};
|
|
|
|
environment.etc."1password/custom_allowed_browsers".text = ''
|
|
vivaldi
|
|
'';
|
|
|
|
systemd.services.ollama-keep-alive =
|
|
let
|
|
ollamaURL = "http://localhost:${toString config.services.ollama.port}/api/generate";
|
|
payload = {
|
|
model = lib.elemAt config.services.ollama.loadModels 0;
|
|
keep_alive = -1;
|
|
};
|
|
in
|
|
{
|
|
enable = true;
|
|
description = "Keep Ollama primary model loaded by pinging it";
|
|
after = [
|
|
"ollama.service"
|
|
"network-online.target"
|
|
];
|
|
wants = [ "network-online.target" ];
|
|
bindsTo = [ "ollama.service" ];
|
|
wantedBy = [
|
|
"multi-user.target"
|
|
"ollama.service"
|
|
];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.curl}/bin/curl -s '${ollamaURL}' -d '${builtins.toJSON payload}'";
|
|
};
|
|
};
|
|
}
|