titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:4e76882106b9218fb3754da67992a37313d6c84a
Branches Tags
titaniumtown:main
..
compare: titaniumtown:6557a81167b40a97b76ea3c6e48cda24a55d249c
Branches Tags
titaniumtown:main

7 Commits
4e76882106 ... 6557a81167

Author SHA1 Message Date
Simon Gardling
6557a81167 update 2026-01-08 21:46:01 -05:00
Simon Gardling
68f1f6bbc4 cleanup flake deps 2026-01-08 06:24:58 -05:00
Simon Gardling
1048f261d4 vaapiVdpau -> libva-vdpau-driver 2026-01-08 06:17:48 -05:00
Simon Gardling
16d3050eb8 fully remove llama-cpp 2026-01-08 05:41:10 -05:00
Simon Gardling
d4172a5886 25.05 -> 25.11 2025-12-30 16:38:30 -05:00
Simon Gardling
a549b01111 organize 2025-12-28 15:49:18 -05:00
Simon Gardling
b5d2e3188d update 2025-12-20 01:17:09 -05:00
17 changed files with 98 additions and 213 deletions
Expand all files Collapse all files

18
configuration.nix
View File

@@ -11,13 +11,13 @@
}:
{
imports = [
./hardware.nix
./zfs.nix
./impermanence.nix
./usb-secrets.nix
./age-secrets.nix
./secureboot.nix
./no-rgb.nix
./modules/hardware.nix
./modules/zfs.nix
./modules/impermanence.nix
./modules/usb-secrets.nix
./modules/age-secrets.nix
./modules/secureboot.nix
./modules/no-rgb.nix
./services/postgresql.nix
./services/jellyfin.nix
@@ -33,8 +33,6 @@
./services/soulseek.nix
# ./services/llama-cpp.nix
./services/ups.nix
./services/bitwarden.nix
@@ -127,7 +125,7 @@
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
libva-vdpau-driver
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];

211
flake.lock generated
View File

@@ -2,8 +2,10 @@
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"darwin": [],
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
@@ -25,11 +27,11 @@
},
"crane": {
"locked": {
"lastModified": 1763938834,
"narHash": "sha256-j8iB0Yr4zAvQLueCZ5abxfk6fnG/SJ5JnGUziETjwfg=",
"lastModified": 1767461147,
"narHash": "sha256-TH/xTeq/RI+DOzo+c+4F431eVuBpYVwQwBxzURe7kcI=",
"owner": "ipetkov",
"repo": "crane",
"rev": "d9e753122e51cee64eb8d2dddfe11148f339f5a2",
"rev": "7d59256814085fd9666a2ae3e774dc5ee216b630",
"type": "github"
},
"original": {
@@ -38,28 +40,6 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
@@ -69,11 +49,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1762286984,
"narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
"lastModified": 1766051518,
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa",
"type": "github"
},
"original": {
@@ -89,11 +69,11 @@
]
},
"locked": {
"lastModified": 1765794845,
"narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=",
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community",
"repo": "disko",
"rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github"
},
"original": {
@@ -121,15 +101,15 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
@@ -150,24 +130,6 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
@@ -229,20 +191,20 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1767910483,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@@ -250,31 +212,35 @@
"home-manager_2": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763992789,
"narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
"lastModified": 1747978958,
"narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
"rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"lastModified": 1767822991,
"narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5",
"type": "github"
},
"original": {
@@ -293,38 +259,16 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1764622702,
"narHash": "sha256-HggOVvg2U3EwT44wPHEwFKromf9qR9rTqfV1i3q7rYs=",
"lastModified": 1767697030,
"narHash": "sha256-0iVZ99H3kR5h6Lhw8kDDuUc5C/k6iismeWgCS1qWTQ4=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "6242b3b2b5e5afcf329027ed4eb5fa6e2eab10f1",
"rev": "657469e8f036334db768daaf7732b1174676054b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "6242b3b2b5e5afcf329027ed4eb5fa6e2eab10f1",
"type": "github"
}
},
"llamacpp": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1765869446,
"narHash": "sha256-1sR0DIh41+BMzAbx9rY7XUkqIaHUiThDeKf1ggLUC2M=",
"owner": "ggml-org",
"repo": "llama.cpp",
"rev": "d6742125c317b7daafec038ab54a7c2fb1e2beaf",
"type": "github"
},
"original": {
"owner": "ggml-org",
"repo": "llama.cpp",
"type": "github"
}
},
@@ -337,11 +281,11 @@
]
},
"locked": {
"lastModified": 1765591348,
"narHash": "sha256-GI5eC3BWNBnYk+FV1cTYrjPLrqv1Q5HXD7kwHkqnZ8c=",
"lastModified": 1767838769,
"narHash": "sha256-KCLU6SUU80tEBKIVZsBrSjRYX6kn1eVIYI3fEEqOp24=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "37f2aad139533c27689c00cef0d43f7c51d0b14e",
"rev": "4da21f019f6443f513f16af7f220ba4db1cdfc04",
"type": "github"
},
"original": {
@@ -352,11 +296,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1764440730,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"lastModified": 1767185284,
"narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
"type": "github"
},
"original": {
@@ -368,44 +312,32 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1765687488,
"narHash": "sha256-7YAJ6xgBAQ/Nr+7MI13Tui1ULflgAdKh63m1tfYV7+M=",
"owner": "NixOS",
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d02bcc33948ca19b0aaa0213fe987ceec1f4ebe1",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764517877,
"narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"lastModified": 1767799921,
"narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
@@ -420,11 +352,11 @@
]
},
"locked": {
"lastModified": 1763988335,
"narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"type": "github"
},
"original": {
@@ -438,13 +370,12 @@
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"llamacpp": "llamacpp",
"nix-minecraft": "nix-minecraft",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"senior_project-website": "senior_project-website",
"srvos": "srvos",
"trackerlist": "trackerlist",
@@ -461,11 +392,11 @@
]
},
"locked": {
"lastModified": 1764470739,
"narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=",
"lastModified": 1767495280,
"narHash": "sha256-hEEgtE/RSRigw8xscchGymf/t1nluZwTfru4QF6O1CQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a",
"rev": "cb24c5cc207ba8e9a4ce245eedd2d37c3a988bc1",
"type": "github"
},
"original": {
@@ -518,11 +449,11 @@
]
},
"locked": {
"lastModified": 1765840762,
"narHash": "sha256-4/FBert3MYpKjwEM85tXDi9OQkdLKygoFSmKJ8pEkro=",
"lastModified": 1767835990,
"narHash": "sha256-SJVH9fySPFqE8lYEQ5JsggGgSxTJQuhXpg/BrvlaOcc=",
"owner": "nix-community",
"repo": "srvos",
"rev": "e6c8b81a7eabacf6b93c7fe18f7a0bf6a7493f33",
"rev": "23022726b63ebef9d28dba289f1fac4f6d5a527f",
"type": "github"
},
"original": {
@@ -594,11 +525,11 @@
"trackerlist": {
"flake": false,
"locked": {
"lastModified": 1765840086,
"narHash": "sha256-e9e1C1f6S+NpEKMuypBj8i2qZLpgfPs3WoXhjddcedk=",
"lastModified": 1767913709,
"narHash": "sha256-F/KKwb1xsWtWIt0VG+TBHSpQGTJV/y5uzv1im+Yc08w=",
"owner": "ngosang",
"repo": "trackerslist",
"rev": "8c5f9496510b9a3e1060568443bcd4174b57a914",
"rev": "963d4fec850035e9f65e1e7d4936c779598cf13e",
"type": "github"
},
"original": {
@@ -627,11 +558,11 @@
},
"vpn-confinement": {
"locked": {
"lastModified": 1765634578,
"narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=",
"lastModified": 1767604552,
"narHash": "sha256-FddhMxnc99KYOZ/S3YNqtDSoxisIhVtJ7L4s8XD2u0A=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a",
"rev": "a6b2da727853886876fd1081d6bb2880752937f3",
"type": "github"
},
"original": {
@@ -659,7 +590,9 @@
"ytbn-graphing-software": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {

21
flake.nix
View File

@@ -2,11 +2,10 @@
description = "Flake for server muffin";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
lanzaboote = {
# Pin to commit to fix: https://github.com/nix-community/lanzaboote/issues/518
url = "github:nix-community/lanzaboote/6242b3b2b5e5afcf329027ed4eb5fa6e2eab10f1";
url = "github:nix-community/lanzaboote";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -20,7 +19,7 @@
vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -29,11 +28,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
llamacpp = {
url = "github:ggml-org/llama.cpp";
inputs.nixpkgs.follows = "nixpkgs";
};
srvos = {
url = "github:nix-community/srvos";
inputs.nixpkgs.follows = "nixpkgs";
@@ -51,6 +45,8 @@
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
inputs.darwin.follows = "";
};
senior_project-website = {
@@ -70,6 +66,7 @@
ytbn-graphing-software = {
url = "git+https://git.gardling.com/titaniumtown/YTBN-Graphing-Software";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@@ -171,7 +168,7 @@
hostPlatform = system;
buildPlatform = builtins.currentSystem;
};
lib = import ./lib.nix { inherit inputs pkgs; };
lib = import ./modules/lib.nix { inherit inputs pkgs; };
in
{
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
@@ -224,7 +221,7 @@
{
nixpkgs.overlays = [
nix-minecraft.overlay
(import ./overlays.nix)
(import ./modules/overlays.nix)
];
}
@@ -239,7 +236,7 @@
...
}:
{
home-manager.users.${username} = import ./home.nix;
home-manager.users.${username} = import ./modules/home.nix;
}
)
]

14
age-secrets.nix → modules/age-secrets.nix
View File

@@ -9,7 +9,7 @@
age.secrets = {
# ZFS encryption key
zfs-key = {
file = ./secrets/zfs-key.age;
file = ../secrets/zfs-key.age;
mode = "0400";
owner = "root";
group = "root";
@@ -17,7 +17,7 @@
# Secureboot keys archive
secureboot-tar = {
file = ./secrets/secureboot.tar.age;
file = ../secrets/secureboot.tar.age;
mode = "0400";
owner = "root";
group = "root";
@@ -25,7 +25,7 @@
# System passwords
hashedPass = {
file = ./secrets/hashedPass.age;
file = ../secrets/hashedPass.age;
mode = "0400";
owner = "root";
group = "root";
@@ -33,21 +33,21 @@
# Service authentication
caddy_auth = {
file = ./secrets/caddy_auth.age;
file = ../secrets/caddy_auth.age;
mode = "0400";
owner = "caddy";
group = "caddy";
};
jellyfin-api-key = {
file = ./secrets/jellyfin-api-key.age;
file = ../secrets/jellyfin-api-key.age;
mode = "0400";
owner = "root";
group = "root";
};
slskd_env = {
file = ./secrets/slskd_env.age;
file = ../secrets/slskd_env.age;
mode = "0400";
owner = "root";
group = "root";
@@ -55,7 +55,7 @@
# Network configuration
wg0-conf = {
file = ./secrets/wg0.conf.age;
file = ../secrets/wg0.conf.age;
mode = "0400";
owner = "root";
group = "root";

0
hardware.nix → modules/hardware.nix
View File

0
home.nix → modules/home.nix
View File

0
impermanence.nix → modules/impermanence.nix
View File

0
lib.nix → modules/lib.nix
View File

0
no-rgb.nix → modules/no-rgb.nix
View File

0
overlays.nix → modules/overlays.nix
View File

0
secureboot.nix → modules/secureboot.nix
View File

0
usb-secrets.nix → modules/usb-secrets.nix
View File

0
zfs.nix → modules/zfs.nix
View File

0
install.sh → scripts/install.sh
View File

43
services/llama-cpp.nix
View File

@@ -1,43 +0,0 @@
{
pkgs,
service_configs,
config,
inputs,
lib,
...
}:
{
services.llama-cpp = {
enable = true;
model = builtins.toString (
pkgs.fetchurl {
url = "https://huggingface.co/unsloth/Apriel-1.5-15b-Thinker-GGUF/resolve/main/Apriel-1.5-15b-Thinker-Q4_0.gguf";
sha256 = "4d9439b76b6f4380ab5205617c1ef3d10b0e8897146a0a7ccb7155bca1771df7";
}
);
port = service_configs.ports.llama_cpp;
host = "0.0.0.0";
# vulkan broken: https://github.com/ggml-org/llama.cpp/issues/13801
package = (
lib.optimizePackage (
inputs.llamacpp.packages.${pkgs.system}.vulkan.overrideAttrs (old: {
postPatch = "";
})
)
);
extraFlags = [
"-ngl"
"12"
"-c"
"16384"
];
};
# have to do this in order to get vulkan to work
systemd.services.llama-cpp.serviceConfig.DynamicUser = lib.mkForce false;
services.caddy.virtualHosts."llm.${service_configs.https.domain}".extraConfig = ''
import ${config.age.secrets.caddy_auth.path}
reverse_proxy :${builtins.toString config.services.llama-cpp.port}
'';
}

2
tests/minecraft.nix
View File

@@ -12,7 +12,7 @@ let
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "minecraft-server" ];
overlays = [
inputs.nix-minecraft.overlay
(import ../overlays.nix)
(import ../modules/overlays.nix)
];
};

2
tests/zfs.nix
View File

@@ -7,7 +7,7 @@
}:
let
# Create pkgs with ensureZfsMounts overlay
testPkgs = pkgs.appendOverlays [ (import ../overlays.nix) ];
testPkgs = pkgs.appendOverlays [ (import ../modules/overlays.nix) ];
in
testPkgs.testers.runNixOSTest {
name = "zfs test";