Fixed nvidia

server
2025-04-02 20:50:09 +02:00 · 2025-04-02 20:50:09 +02:00 · b284928062
commit b284928062
parent 8cdc5557f9
9 changed files with 341 additions and 19 deletions
--- a/nixos/hosts/kylekrein-homepc/default.nix
+++ b/nixos/hosts/kylekrein-homepc/default.nix
@ -1,4 +1,6 @@
 {
+  options,
+  config,
  pkgs,
  lib,
  hwconfig,
@ -6,6 +8,7 @@
  ...
 }: {
  imports = [
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/matrix/conduwuit.nix"
    ../../hardware/nvidia

    ../../modules/hyprland
@ -21,7 +24,8 @@

    ../../users/tania
  ];
-
+options.services.conduwuit.settings.global.database_path = lib.mkOption { apply = old: "/persist/conduwuit/";};
+config = {
  sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
  environment.systemPackages = with pkgs; [
    blender
@ -34,6 +38,7 @@
  };
  services.zerotierone = {
    enable = true;
+    port = 9994;
    joinNetworks = [
      "A84AC5C10AD269CA"
      "db64858fed285e0f"
@ -42,7 +47,7 @@
  #LLMs
  services.ollama = {
    enable = true;
-    loadModels = [ "deepseek-r1:32b" "deepseek-r1:8b" "qwq" "gemma3:27b"];
+    loadModels = [ "deepseek-r1:32b" "qwq" "gemma3:27b"];
    acceleration = "cuda";
    home = "/persist/ollama";
    user = "ollama";
@ -67,31 +72,92 @@
  systemd.services.open-webui.serviceConfig.DynamicUser = lib.mkForce false;

  #Chat host
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 22 8448 9993 ] ++ [ config.services.zerotierone.port ];
+  networking.firewall.allowedUDPPorts = [config.services.zerotierone.port];
  security.acme = {
    acceptTerms = true;
    defaults.email = "alex.lebedev2003@icloud.com";
+    certs = {
+        "kylekrein.com" = {
+            webroot = "/var/lib/acme/challenges-kylekrein";
+            email = "alex.lebedev2003@icloud.com";
+            group = "nginx";
+	  extraDomainNames = [
+	    "matrix.kylekrein.com"
+	    "chat.kylekrein.com"
+	  ];
+        };
+    };
  };
-  services.nginx.enable = false;
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.hypridle.enable = lib.mkForce false;
+  programs.hyprlock.enable = lib.mkForce false;
+  sops.secrets."services/conduwuit" = {neededForUsers = true;};
+  
+  services.conduwuit = {
+    enable = false;
+    settings = {
+      global = {
+	server_name = "kylekrein.com";
+	port = [ 6167 ];
+	trusted_servers = [ "matrix.org" ];
+	allow_registration = true;
+	allow_federation = true;
+	allow_encryption = true;
+      };
+    };
+    extraEnvironment = {
+      CONDUWUIT_REGISTRATION_TOKEN = "";
+      #CONDUWUIT_REGISTRATION_TOKEN_FILE = ''"${config.sops.secrets."services/conduwuit".path}"'';
+      CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🐝";
+      CONDUWUIT_REQUIRE_AUTH_FOR_PROFILE_REQUESTS = "true";
+      CONDUWUIT_ALLOW_LOCAL_PRESENCE = "true";
+    };
+  };
+  systemd.services.conduwuit.serviceConfig = {
+    DynamicUser = lib.mkForce false;
+    StateDirectory = lib.mkForce "/persist/conduwuit";
+    RuntimeDirectory = lib.mkForce "/persist/conduwuit/runtime";
+  };
+
+  services.nginx.enable = true;
  services.nginx = {
    # Use recommended settings
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
+    clientMaxBodySize = "20000000";
  };
  services.nginx.virtualHosts = let
    SSL = {
-      enableACME = true;
+      #enableACME = true;
      forceSSL = true;
+      useACMEHost = "kylekrein.com";
+      acmeRoot = "/var/lib/acme/challenges-kylekrein";
    }; in {
+      "kylekrein.com" = (SSL // {
+	listen = [{port = 443;  addr="0.0.0.0"; ssl=true;} {port = 8448;  addr="0.0.0.0"; ssl=true;}];
+        locations."/" = {
+          proxyPass = "http://localhost:6167";
+          proxyWebsockets = true;
+        };
+      });
      "chat.kylekrein.com" = (SSL // {
        locations."/" = {
-          proxyPass = "http://127.0.0.1:8080/";
+          proxyPass = "http://localhost:8080/";
+          proxyWebsockets = true;
+        };
+      });
+      "matrix.kylekrein.com" = (SSL // {
+	listen = [{port = 443;  addr="0.0.0.0"; ssl=true;} {port = 8448;  addr="0.0.0.0"; ssl=true;}];
+        locations."/" = {
+          proxyPass = "http://localhost:6167";
          proxyWebsockets = true;
        };
      });
    };
-  
+
  systemd.network.wait-online.enable = lib.mkForce false;
+};
 }