From af501177fd1541a212c96ea1b3010b6cb6406a8d Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 18 Mar 2025 13:12:25 -0500 Subject: [PATCH] refator gpd --- components/containers/affine.nix | 135 ---------------------- components/containers/inventory.nix | 166 ---------------------------- components/containers/librechat.nix | 148 ------------------------- components/containers/mathesar.nix | 159 -------------------------- components/containers/pgadmin.nix | 53 --------- components/containers/tests.nix | 39 ------- hosts/gpdPocket3/flake.nix | 72 ++++++------ 7 files changed, 32 insertions(+), 740 deletions(-) delete mode 100644 components/containers/affine.nix delete mode 100644 components/containers/inventory.nix delete mode 100644 components/containers/librechat.nix delete mode 100644 components/containers/mathesar.nix delete mode 100644 components/containers/pgadmin.nix delete mode 100644 components/containers/tests.nix diff --git a/components/containers/affine.nix b/components/containers/affine.nix deleted file mode 100644 index 86c7902..0000000 --- a/components/containers/affine.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - cfg = config.services.affine; -in -{ - options.services.affine = - let - lib = pkgs.lib; - in - { - port = lib.mkOption { - type = lib.types.port; - default = 3010; - description = "Port number for the AFFiNE service"; - }; - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/affine"; - description = "Directory to store AFFiNE data"; - }; - }; - - config = { - systemd.services.create-affine-network = { - description = "Create Docker network for LibreChat"; - serviceConfig.Type = "oneshot"; - wantedBy = [ "multi-user.target" ]; - script = '' - if ! ${pkgs.docker}/bin/docker network inspect affine-network >/dev/null 2>&1; then - ${pkgs.docker}/bin/docker network create affine-network - fi - ''; - }; - - virtualisation.oci-containers.containers = { - ############# - # AFFiNE # - ############# - # NOTE settings live in `/var/lib/librechat` manually right now - # Note to remove limits from user need to mark user as subscriber in the database manually - # docker exec it affine_postgres psql -U affine - # select id, feature, configs from features; - # select * from users; - # select * from user_features; - # feature_id = YOUR FEATURE ID YOU WANT TO ASSIGN (get it from 'List possible feature id's') - # user_id = YOUR USER ID YOU WANT TO CHANGE (get it from 'List users with id's') - # update user_features set feature_id = 35 where user_id = 'xxxxxx-xxxx-xxxxxxx-xxxx-xxxxxxxxxxxx'; - affine = { - user = "root"; - image = "ghcr.io/toeverything/affine-graphql:stable"; - ports = [ - "${toString cfg.port}:${toString cfg.port}" - ]; - dependsOn = [ - "affine_redis" - "affine_postgres" - "affine_migration" - ]; - environment = { - REDIS_SERVER_HOST = "affine_redis"; - DATABASE_URL = "postgresql://affine:password@affine_postgres:5432/affine"; - }; - volumes = [ - "${cfg.dataDir}/storage:/root/.affine/storage" - "${cfg.dataDir}/config:/root/.affine/config" - ]; - extraOptions = [ - "--network=affine-network" - ]; - }; - - affine_migration = { - user = "root"; - image = "ghcr.io/toeverything/affine-graphql:stable"; - dependsOn = [ - "affine_redis" - "affine_postgres" - ]; - volumes = [ - "${cfg.dataDir}/storage:/root/.affine/storage" - "${cfg.dataDir}/config:/root/.affine/config" - ]; - environment = { - REDIS_SERVER_HOST = "affine_redis"; - DATABASE_URL = "postgresql://affine:password@affine_postgres:5432/affine"; - }; - cmd = [ - "sh" - "-c" - "node ./scripts/self-host-predeploy.js" - ]; - extraOptions = [ "--network=affine-network" ]; - }; - - affine_redis = { - user = "root"; - image = "redis"; - extraOptions = [ - "--network=affine-network" - "--health-cmd=\"CMD-SHELL redis-cli ping\"" - "--health-interval=30s" - "--health-timeout=10s" - "--health-retries=3" - "--health-start-period=30s" - ]; - }; - - affine_postgres = { - user = "root"; - image = "postgres:16"; - environment = { - POSTGRES_USER = "affine"; - POSTGRES_PASSWORD = "password"; - POSTGRES_DB = "affine"; - POSTGRES_INITDB_ARGS = "--data-checksums"; - }; - volumes = [ - "${cfg.dataDir}/postgres:/var/lib/postgresql/data" - ]; - extraOptions = [ - "--network=affine-network" - "--health-cmd=\"CMD-SHELL pg_isready -U affine\"" - "--health-interval=10s" - "--health-timeout=5s" - "--health-retries=5" - "--health-start-period=30s" - ]; - }; - }; - }; -} diff --git a/components/containers/inventory.nix b/components/containers/inventory.nix deleted file mode 100644 index 6169ab9..0000000 --- a/components/containers/inventory.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ - config, - lib, - ... -}: - -let - name = "inventory"; - app = "pg-${name}"; - - hostDataDir = "/var/lib/${name}"; - - localAddress = "192.168.100.110"; - pg_port = 54433; - pg_dataDir = "/var/lib/postgres"; - # pgadmin_port = 5050; - # pgadmin_dataDir = "/var/lib/pgadmin"; - - binds = [ - { - host = "${hostDataDir}/postgres"; - container = pg_dataDir; - user = "postgres"; - uid = config.ids.uids.postgres; - } - # { - # host = "${hostDataDir}/pgadmin"; - # container = pgadmin_dataDir; - # user = "pgadmin"; - # uid = 1020; - # } - ]; -in -{ - - users = lib.foldl ( - acc: bind: - { - users.${bind.user} = { - isSystemUser = true; - home = bind.host; - createHome = true; - uid = bind.uid; - group = bind.user; - }; - groups.${bind.user}.gid = bind.uid; - } - // acc - ) { } binds; - - containers.${app} = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.2"; - localAddress = localAddress; - bindMounts = lib.foldl ( - acc: bind: - { - "${bind.container}" = { - hostPath = bind.host; - isReadOnly = false; - }; - } - // acc - ) { } binds; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - - users = lib.foldl ( - acc: bind: - { - users.${bind.user} = { - isSystemUser = true; - home = bind.container; - uid = bind.uid; - group = bind.user; - }; - groups.${bind.user}.gid = bind.uid; - } - // acc - ) { } binds; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_17.withJIT; - enableJIT = true; - extensions = with pkgs.postgresql17Packages; [ - # NOTE add extensions here - pgvector - postgis - ]; - settings.port = pg_port; - enableTCPIP = true; - authentication = '' - local all all trust - host all all 127.0.0.1/8 trust - host all all ::1/128 trust - host all all 192.168.100.0/24 trust - ''; - identMap = '' - # ArbitraryMapName systemUser dbUser - superuser_map root ${name} - - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - ensureDatabases = [ name ]; - ensureUsers = [ - { - name = name; - ensureDBOwnership = true; - ensureClauses = { - login = true; - superuser = true; - }; - } - ]; - dataDir = - (lib.findFirst (bind: bind.user == "postgres") (throw "No postgres bind found") binds).container; - }; - - # services.pgadmin = { - # enable = true; - # port = pgadmin_port; - # openFirewall = true; - # initialEmail = "admin@test.com"; - # initialPasswordFile = (builtins.toFile "password" "password"); - # }; - - # TODO set this up, had issues since it shares users with postgres service and my bind mounts relys on createhome in that exact directory. - # services.postgresqlBackup = { - # enable = true; - # compression = "gzip"; - # compressionLevel = 9; - # databases = [ cfg.database ]; - # location = "${cfg.dataDir}/backup"; - # startAt = "02:30"; # Adjust the backup time as needed - # }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ pg_port ]; - }; - - # Health check to ensure database is ready - systemd.services.postgresql-healthcheck = { - description = "PostgreSQL Health Check"; - after = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - ExecStart = '' - ${pkgs.postgresql_17}/bin/pg_isready \ - -U ${name} \ - -d ${name} \ - -h localhost \ - -p ${toString pg_port} - ''; - }; - }; - }; - }; -} diff --git a/components/containers/librechat.nix b/components/containers/librechat.nix deleted file mode 100644 index 529ee08..0000000 --- a/components/containers/librechat.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - cfg = config.services.librechat; -in -{ - options.services.librechat = - let - lib = pkgs.lib; - in - { - port = lib.mkOption { - type = lib.types.port; - default = 3080; - description = "Port number for the LibreChat"; - }; - ragPort = lib.mkOption { - type = lib.types.port; - default = 8000; - description = "Port number for the RAG API service"; - }; - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/librechat"; - description = "Directory to store LibreChat data"; - }; - }; - - config = { - systemd.services.create-librechat-network = { - description = "Create Docker network for LibreChat"; - serviceConfig.Type = "oneshot"; - wantedBy = [ "multi-user.target" ]; - script = '' - if ! ${pkgs.docker}/bin/docker network inspect librechat-network >/dev/null 2>&1; then - ${pkgs.docker}/bin/docker network create librechat-network - fi - ''; - }; - - virtualisation.oci-containers.containers = { - ############# - # librechat # - ############# - # NOTE settings live in `/var/lib/librechat` manually right now - librechat = { - user = "root"; - image = "ghcr.io/danny-avila/librechat-dev:latest"; - ports = [ - "${toString cfg.port}:${toString cfg.port}" - ]; - dependsOn = [ - "librechat_mongodb" - "librechat_rag_api" - ]; - environment = { - HOST = "0.0.0.0"; - MONGO_URI = "mongodb://librechat_mongodb:27017/LibreChat"; - SEARCH = "true"; - MEILI_HOST = "http://librechat_meilisearch:7700"; - RAG_PORT = toString cfg.ragPort; - RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}"; - # DEBUG_CONSOLE = "true"; - # DEBUG_LOGGING = "true"; - }; - environmentFiles = [ "${cfg.dataDir}/.env" ]; - volumes = [ - "${cfg.dataDir}/.env:/app/.env" - "${cfg.dataDir}/librechat.yaml:/app/librechat.yaml" - "${cfg.dataDir}/images:/app/client/public/images" - "${cfg.dataDir}/logs:/app/api/logs" - ]; - extraOptions = [ - "--network=librechat-network" - "--add-host=azureproxy:100.64.0.8" - ]; - }; - - librechat_mongodb = { - user = "root"; - image = "mongo"; - volumes = [ - "${cfg.dataDir}/data-node:/data/db" - ]; - cmd = [ - "mongod" - "--noauth" - ]; - extraOptions = [ "--network=librechat-network" ]; - }; - - librechat_meilisearch = { - user = "root"; - image = "getmeili/meilisearch:v1.13"; - environment = { - MEILI_HOST = "http://librechat_meilisearch:7700"; - MEILI_NO_ANALYTICS = "true"; - }; - volumes = [ - "${cfg.dataDir}/meili_data_v1.13:/meili_data" - ]; - extraOptions = [ "--network=librechat-network" ]; - }; - - librechat_vectordb = { - user = "root"; - image = "ankane/pgvector:latest"; - environment = { - POSTGRES_DB = "mydatabase"; - POSTGRES_USER = "myuser"; - POSTGRES_PASSWORD = "mypassword"; - }; - volumes = [ - "${cfg.dataDir}/pgdata2:/var/lib/postgresql/data" - ]; - extraOptions = [ "--network=librechat-network" ]; - }; - - librechat_rag_api = { - user = "root"; - image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest"; - environment = { - DB_HOST = "librechat_vectordb"; - RAG_PORT = toString cfg.ragPort; - OPENAI_API_KEY = "not_using_openai"; - }; - dependsOn = [ "librechat_vectordb" ]; - environmentFiles = [ "${cfg.dataDir}/.env" ]; - extraOptions = [ "--network=librechat-network" ]; - }; - - # TODO revisit local whisper, for now I am using groq free for STT - # librechat_whisper = { - # user = "root"; - # image = "onerahmet/openai-whisper-asr-webservice:latest"; - # # ports = [ "8080:8080" ]; - # environment = { - # ASR_MODEL = "base"; # You can change to small, medium, large, etc. - # ASR_ENGINE = "openai_whisper"; - # }; - # extraOptions = [ "--network=librechat-network" ]; - # }; - }; - }; -} diff --git a/components/containers/mathesar.nix b/components/containers/mathesar.nix deleted file mode 100644 index ae1bec4..0000000 --- a/components/containers/mathesar.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - cfg = config.services.mathesar; -in -{ - options.services.mathesar = - let - lib = pkgs.lib; - in - { - port = lib.mkOption { - type = lib.types.port; - default = 3081; - description = "Port number for the Mathesar"; - }; - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/mathesar"; - description = "Directory to store Mathesar data"; - }; - secretKey = lib.mkOption { - type = lib.types.str; - # echo $(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 50) - # https://docs.djangoproject.com/en/4.2/ref/settings/#secret-key - description = "Secret key for Django security features"; - }; - domainName = lib.mkOption { - type = lib.types.str; - default = "http://10.20.40.104"; - description = "Custom domain(s) for accessing Mathesar"; - }; - postgresDb = lib.mkOption { - type = lib.types.str; - default = "mathesar_django"; - description = "Database name for Mathesar"; - }; - postgresUser = lib.mkOption { - type = lib.types.str; - default = "mathesar"; - description = "Database user for Mathesar"; - }; - postgresPassword = lib.mkOption { - type = lib.types.str; - default = "mathesar"; - description = "Database password for Mathesar"; - }; - postgresHost = lib.mkOption { - type = lib.types.str; - default = "mathesar_db"; - description = "Host running the PostgreSQL database"; - }; - postgresPort = lib.mkOption { - type = lib.types.port; - default = 3082; - description = "Port on which PostgreSQL is running"; - }; - allowedHosts = lib.mkOption { - type = lib.types.str; - default = "*"; - description = "Allowed hosts for Mathesar web service. "; - }; - }; - - config = { - systemd.services.create-mathesar-network = { - description = "Create Docker network for Mathesar"; - serviceConfig.Type = "oneshot"; - wantedBy = [ "multi-user.target" ]; - script = '' - if ! ${pkgs.docker}/bin/docker network inspect mathesar_network >/dev/null 2>&1; then - ${pkgs.docker}/bin/docker network create mathesar_network - fi - ''; - }; - - virtualisation.oci-containers.containers = { - ################ - # mathesar_service - ################ - mathesar_service = { - user = "root"; - image = "mathesar/mathesar:latest"; - dependsOn = [ "mathesar_db" ]; - environment = { - SECRET_KEY = cfg.secretKey; - DOMAIN_NAME = cfg.domainName; - POSTGRES_DB = cfg.postgresDb; - POSTGRES_USER = cfg.postgresUser; - POSTGRES_PASSWORD = cfg.postgresPassword; - POSTGRES_HOST = cfg.postgresHost; - POSTGRES_PORT = (toString cfg.postgresPort); - DJANGO_SETTINGS_MODULE = "config.settings.production"; - # Allowed hosts is * to allow all traffic on service. - # The caddy proxy handles the rest. - ALLOWED_HOSTS = "*"; - }; - volumes = [ - "${cfg.dataDir}/static:/code/static" - "${cfg.dataDir}/media:/code/media" - ]; - extraOptions = [ - "--network=mathesar_network" - "--expose=8000" - ]; - }; - - ################ - # mathesar_db (PostgreSQL Database) - ################ - mathesar_db = { - user = "root"; - image = "postgres:13"; - environment = { - POSTGRES_DB = cfg.postgresDb; - POSTGRES_USER = cfg.postgresUser; - POSTGRES_PASSWORD = cfg.postgresPassword; - PGPORT = toString cfg.postgresPort; - }; - volumes = [ - "${cfg.dataDir}/pgdata:/var/lib/postgresql/data" - ]; - extraOptions = [ - "--network=mathesar_network" - "--expose=${toString cfg.postgresPort}" - ]; - }; - - ############## - # caddy-reverse-proxy - ############## - caddy_reverse_proxy = { - user = "root"; - image = "mathesar/mathesar-caddy:latest"; - ports = [ - "10.20.40.104:${toString cfg.port}:80" - ]; - environment = { - SECRET_KEY = cfg.secretKey; - DOMAIN_NAME = cfg.domainName; - POSTGRES_DB = cfg.postgresDb; - POSTGRES_USER = cfg.postgresUser; - POSTGRES_PASSWORD = cfg.postgresPassword; - POSTGRES_HOST = cfg.postgresHost; - POSTGRES_PORT = toString cfg.postgresPort; - }; - volumes = [ - "${cfg.dataDir}/media:/code/media" - "${cfg.dataDir}/static:/code/static" - "${cfg.dataDir}/caddy:/data" - ]; - extraOptions = [ "--network=mathesar_network" ]; - }; - }; - }; -} diff --git a/components/containers/pgadmin.nix b/components/containers/pgadmin.nix deleted file mode 100644 index 064bc9e..0000000 --- a/components/containers/pgadmin.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - cfg = config.customServices.pgadmin; -in -{ - options.customServices.pgadmin = - let - lib = pkgs.lib; - in - { - port = lib.mkOption { - type = lib.types.port; - default = 3085; - description = "Port number for the PGAdmin interface"; - }; - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/pgadmin"; - description = "Directory to store PGAdmin data"; - }; - }; - - config = { - virtualisation.oci-containers.containers = { - ############# - # pgadmin # - ############# - # NOTE settings live in `/var/lib/librechat` manually right now - pgadmin = { - user = "root"; - image = "dpage/pgadmin4:latest"; - ports = [ - "${toString cfg.port}:${toString cfg.port}" - ]; - environment = { - PGADMIN_LISTEN_PORT = toString cfg.port; - PGADMIN_DEFAULT_EMAIL = "admin@db.joshuabell.xyz"; - PGADMIN_DEFAULT_PASSWORD = "password"; - }; - volumes = [ - "${cfg.dataDir}:/var/lib/pgadmin" - ]; - extraOptions = [ - "--network=host" - ]; - }; - }; - }; -} diff --git a/components/containers/tests.nix b/components/containers/tests.nix deleted file mode 100644 index b4c6659..0000000 --- a/components/containers/tests.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - ... -}: -{ - options = { }; - - config = { - # Random test, visit http://192.168.100.11/ - containers.wasabi = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.2"; - localAddress = "192.168.100.11"; - config = - { config, pkgs, ... }: - { - system.stateVersion = "24.11"; - services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 ]; - }; - }; - }; - - virtualisation.oci-containers.containers = { - # Example of defining a container, visit http://localhost:8085/ - "nginx_simple" = { - # autoStart = true; this is default true - image = "nginx:latest"; - ports = [ - "127.0.0.1:8085:80" - ]; - }; - }; - }; -} diff --git a/hosts/gpdPocket3/flake.nix b/hosts/gpdPocket3/flake.nix index f93fa87..d899560 100644 --- a/hosts/gpdPocket3/flake.nix +++ b/hosts/gpdPocket3/flake.nix @@ -2,20 +2,16 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; - mod_common.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_common"; - mod_secrets.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_secrets"; - mod_boot_systemd.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_boot_systemd"; - # mod_de_cosmic.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_cosmic"; - mod_de_gnome.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_de_gnome"; + # common.url = "path:../../common"; + common.url = "git+https://git.joshuabell.xyz/dotfiles?dir=common"; - mod_home-manager.url = "git+https://git.joshuabell.xyz/dotfiles?ref=mod_home_manager"; - mod_home-manager.inputs.home-manager.url = "github:rycee/home-manager/release-24.11"; + ros_neovim.url = "git+https://git.joshuabell.xyz/nvim"; }; outputs = { nixpkgs, + common, ... }@inputs: let @@ -40,30 +36,28 @@ ./configuration.nix ./hardware-configuration.nix ( - { pkgs, ... }: + { config, pkgs, ... }: { - imports = [ - ../../components/nix/tailscale.nix - ../../components/nix/lua.nix - ../../components/nix/rust-repl.nix - ../../components/nix/qdirstat.nix - ]; - mods = { - common = { - systemName = configuration_name; - allowUnfree = true; - primaryUser = "josh"; - docker = true; - zsh = true; + ringofstorms_common = { + systemName = configuration_name; + boot.systemd.enable = true; + desktopEnvironment.gnome.enable = true; + programs = { + qFlipper.enable = true; + rustDev.enable = true; + tailnet.enable = true; + ssh.enable = true; + docker.enable = true; + }; + users = { + # Users are all normal users and default password is password1 + admins = [ "josh" ]; # First admin is also the primary user owning nix config users = { josh = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDa0MUnXwRzHPTDakjzLTmye2GTFbRno+KVs0DSeIPb7 nix2gpdpocket3" ]; - initialPassword = "password1"; - isNormalUser = true; extraGroups = [ - "wheel" "networkmanager" "video" "input" @@ -73,28 +67,26 @@ google-chrome discordo discord - firefox-esr vlc ]; }; }; }; - home_manager = { + homeManager = { users = { josh = { - imports = [ - ../../components/hm/kitty.nix - ../../components/hm/tmux/tmux.nix - ../../components/hm/alacritty.nix - ../../components/hm/atuin.nix - ../../components/hm/direnv.nix - ../../components/hm/git.nix - ../../components/hm/nix_deprecations.nix - ../../components/hm/postgres.nix - ../../components/hm/ssh.nix - ../../components/hm/starship.nix - ../../components/hm/zoxide.nix - ../../components/hm/zsh.nix + imports = with common.homeManagerModules; [ + tmux + atuin + kitty + direnv + git + nix_deprecations + postgres + ssh + starship + zoxide + zsh ]; }; };