diff --git a/flake.lock b/flake.lock index 3865950..6c76a1f 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1738262370, - "narHash": "sha256-d58ioZQgJMmRfp7KIQKIy5G8uio7nCQPP+YsLEbxIgg=", + "lastModified": 1738503522, + "narHash": "sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "e87750273754e7ee9249785ffc7151510e1d64c7", + "rev": "bc62d5509989f5dca633c65b58aa0ac79a48db3e", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1738275749, - "narHash": "sha256-PM+cGduJ05EZ+YXulqAwUFjvfKpPmW080mcuN6R1POw=", + "lastModified": 1738610386, + "narHash": "sha256-yb6a5efA1e8xze1vcdN2HBxqYr340EsxFMrDUHL3WZM=", "owner": "nix-community", "repo": "home-manager", - "rev": "a8159195bfaef3c64df75d3b1e6a68d49d392be9", + "rev": "066ba0c5cfddbc9e0dddaec73b1561ad38aa8abe", "type": "github" }, "original": { @@ -395,11 +395,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737751639, - "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", + "lastModified": 1738471961, + "narHash": "sha256-cgXDFrplNGs7bCVzXhRofjD8oJYqqXGcmUzXjHmip6Y=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", + "rev": "537286c3c59b40311e5418a180b38034661d2536", "type": "github" }, "original": { @@ -455,11 +455,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1738163270, - "narHash": "sha256-B/7Y1v4y+msFFBW1JAdFjNvVthvNdJKiN6EGRPnqfno=", + "lastModified": 1738435198, + "narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59e618d90c065f55ae48446f307e8c09565d5ab0", + "rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3", "type": "github" }, "original": { @@ -471,11 +471,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1738142207, - "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", + "lastModified": 1738410390, + "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d3ae807ebd2981d593cddd0080856873139aa40", + "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", "type": "github" }, "original": { @@ -635,11 +635,11 @@ ] }, "locked": { - "lastModified": 1737411508, - "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", + "lastModified": 1738291974, + "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "owner": "Mic92", "repo": "sops-nix", - "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", + "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "type": "github" }, "original": { diff --git a/hosts/nas/apps/jellyseerr/default.nix b/hosts/nas/apps/jellyseerr/default.nix index 6f27a78..925a73b 100644 --- a/hosts/nas/apps/jellyseerr/default.nix +++ b/hosts/nas/apps/jellyseerr/default.nix @@ -2,7 +2,7 @@ let jellyseerrPort = 5055; - dataDir = "/var/lib/jellyseerr"; + dataDir = "/var/lib/private/jellyseerr"; in { containers.jellyseerr = { @@ -44,6 +44,18 @@ in useHostResolvConf = lib.mkForce false; }; + # Create and set permissions for required directories + system.activationScripts.jellyseerr-dirs = '' + mkdir -p /var/lib/private/jellyseerr + + chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr + + chmod -R 775 /var/lib/private/jellyseerr + + ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin + + ''; + services.resolved.enable = true; system.stateVersion = "23.11"; }; diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 5e425cd..4242490 100644 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -42,6 +42,7 @@ in config = { pkgs, lib, ... }: { + imports = [ ../../../../share/nvidia ]; nixpkgs.config.allowUnfree = true; services = { @@ -66,6 +67,7 @@ in dbuser = "nextcloud"; }; settings = { + loglevel = 3; allow_local_remote_servers = true; upgrade.disable-web = false; datadirectory = "/data"; @@ -76,6 +78,7 @@ in "10.0.2.18:443" "cloud.mjallen.dev" ]; + opcache.interned_strings_buffer = 16; trusted_proxies = [ "10.0.1.18" ]; maintenance_window_start = 6; default_phone_region = "US"; @@ -114,6 +117,9 @@ in # System packages environment.systemPackages = with pkgs; [ + cudaPackages.cudnn + cudatoolkit + ffmpeg libtensorflow-bin nextcloud30 nodejs @@ -153,6 +159,25 @@ in ''; + hardware = { + graphics = { + enable = true; + # setLdLibraryPath = true; + }; + }; + + programs = { + nix-ld.enable = true; + }; + + share.hardware.nvidia = { + enable = true; + enableBeta = true; + enableOpen = true; + nvidiaSettings = true; + enableNvidiaDocker = true; + }; + system.stateVersion = "23.11"; networking = { firewall = { diff --git a/hosts/nas/apps/ollama/default.nix b/hosts/nas/apps/ollama/default.nix index df3cfbd..9275033 100644 --- a/hosts/nas/apps/ollama/default.nix +++ b/hosts/nas/apps/ollama/default.nix @@ -19,9 +19,12 @@ environmentFile = config.sops.secrets."jallen-nas/open-webui".path; environment = { OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; - OPENID_PROVIDER_NAME = "authentik"; + OAUTH_PROVIDER_NAME = "authentik"; + OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback"; ENABLE_OAUTH_SIGNUP = "true"; OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "true"; + ENABLE_SIGNUP = "False"; + ENABLE_LOGIN_FORM = "False"; ANONYMIZED_TELEMETRY = "False"; DO_NOT_TRACK = "True"; SCARF_NO_ANALYTICS = "True"; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index d704bfe..012a160 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -118,12 +118,15 @@ in sbctl speedtest-cli tailscale + tigervnc tpm2-tools tpm2-tss usbutils vim vulkan-tools wget + xorg.xinit + xorg.xauth ]; }; @@ -210,6 +213,7 @@ in papirus-icon-theme firefox swtpm + tigervnc ]; }; diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index 2f3aafd..727a56f 100644 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -95,9 +95,9 @@ in # Enable RDP xrdp = { - enable = enableDisplayManager; - defaultWindowManager = "startplasma-x11"; - openFirewall = enableDisplayManager; + enable = true; + defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/startlxqt"; + openFirewall = true; }; avahi = { diff --git a/share/nvidia/default.nix b/share/nvidia/default.nix index 66cbb26..47f9036 100644 --- a/share/nvidia/default.nix +++ b/share/nvidia/default.nix @@ -15,13 +15,20 @@ in hardware = { # Nvidia nvidia = { - package = - if cfg.enableBeta then - config.boot.kernelPackages.nvidiaPackages.beta - # pkgs.unstable.linuxPackages.nvidiaPackages.beta - else - config.boot.kernelPackages.nvidiaPackages.latest; - # pkgs.unstable.linuxPackages.nvidiaPackages.latest; + package = + if cfg.enableBeta then + # config.boot.kernelPackages.nvidiaPackages.beta + config.boot.kernelPackages.nvidiaPackages.mkDriver { + version = "570.86.16"; # use new 570 drivers + sha256_64bit = "sha256-RWPqS7ZUJH9JEAWlfHLGdqrNlavhaR1xMyzs8lJhy9U="; + openSha256 = "sha256-DuVNA63+pJ8IB7Tw2gM4HbwlOh1bcDg2AN2mbEU9VPE="; + settingsSha256 = "sha256-9rtqh64TyhDF5fFAYiWl3oDHzKJqyOW3abpcf2iNRT8="; + usePersistenced = false; + } + # pkgs.unstable.linuxPackages.nvidiaPackages.beta + else + config.boot.kernelPackages.nvidiaPackages.latest; + # pkgs.unstable.linuxPackages.nvidiaPackages.latest; # Modesetting is required. modesetting.enable = true;