diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 3b5dd8c..2873101 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -5,7 +5,6 @@ config, lib, inputs, - pkgs, ... }: let @@ -167,9 +166,10 @@ in # Containers containers = { + jellyfin.enable = true; + ollama.enable = true; plex.enable = true; scrypted.enable = true; - jellyfin.enable = true; }; # System diff --git a/nixos/modules/nixos/containers/default.nix b/nixos/modules/nixos/containers/default.nix index ddaee30..f63bb84 100644 --- a/nixos/modules/nixos/containers/default.nix +++ b/nixos/modules/nixos/containers/default.nix @@ -2,6 +2,7 @@ imports = [ ./jellyfin ./lego-auto + ./ollama ./plex ./scrutiny ./scrypted diff --git a/nixos/modules/nixos/containers/jellyfin/default.nix b/nixos/modules/nixos/containers/jellyfin/default.nix index 3570126..5c3fbb4 100644 --- a/nixos/modules/nixos/containers/jellyfin/default.nix +++ b/nixos/modules/nixos/containers/jellyfin/default.nix @@ -39,7 +39,7 @@ in set -o nounset set -o pipefail - podman rm -f ${app} || true + ${pkgs.podman}/bin/podman rm -f ${app} || true rm -f /run/${app}.ctr-id ''}"; ExecStart = '' diff --git a/nixos/modules/nixos/containers/ollama/default.nix b/nixos/modules/nixos/containers/ollama/default.nix new file mode 100644 index 0000000..8d1cbfe --- /dev/null +++ b/nixos/modules/nixos/containers/ollama/default.nix @@ -0,0 +1,136 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; +let + app = "ollama"; + # renovate: depName=docker.io/ollama/ollama datasource=docker + version = "0.4.3"; + image = "docker.io/ollama/ollama:${version}"; + cfg = config.mySystem.containers.${app}; +in +{ + # Options + options.mySystem.containers.${app} = { + enable = mkEnableOption "${app}"; + # TODO add to homepage + # addToHomepage = mkEnableOption "Add ${app} to homepage" // { + # default = true; + # }; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + }; + + # Implementation + config = mkIf cfg.enable { + # Systemd service for container + systemd.services.${app} = { + description = "Ollama"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStartPre = "${pkgs.writeShellScript "ollama-start-pre" '' + set -o errexit + set -o nounset + set -o pipefail + + ${pkgs.podman}/bin/podman rm -f ${app} || true + rm -f /run/${app}.ctr-id + ''}"; + ExecStart = '' + ${pkgs.podman}/bin/podman run \ + --rm \ + --name=${app} \ + --user=568:568 \ + --device='nvidia.com/gpu=all' \ + --log-driver=journald \ + --cidfile=/run/${app}.ctr-id \ + --cgroups=no-conmon \ + --sdnotify=conmon \ + --volume="/nahar/containers/volumes/ollama:/.ollama:rw" \ + --volume="/nahar/ollama/models:/models:rw" \ + --volume="tmpfs:/cache:rw" \ + --volume="tmpfs:/tmp:rw" \ + --env=TZ=America/Chicago \ + --env=OLLAMA_HOST=0.0.0.0 \ + --env=OLLAMA_ORIGINS=* \ + --env=OLLAMA_MODELS=/models \ + --env=OLLAMA_KEEP_ALIVE=24h \ + -p 11434:11434 \ + ${image} + ''; + ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id"; + ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id"; + Type = "simple"; + Restart = "always"; + }; + }; + + # Firewall + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ + 11434 # HTTP web interface + ]; + allowedUDPPorts = [ ]; + }; + + # TODO add nginx proxy + # services.nginx.virtualHosts."${app}.${config.networking.domain}" = { + # useACMEHost = config.networking.domain; + # forceSSL = true; + # locations."^~ /" = { + # proxyPass = "http://${app}:${builtins.toString port}"; + # extraConfig = "resolver 10.88.0.1;"; + + # }; + # }; + + ## TODO add to homepage + # mySystem.services.homepage.media = mkIf cfg.addToHomepage [ + # { + # Plex = { + # icon = "${app}.svg"; + # href = "https://${app}.${config.mySystem.domain}"; + + # description = "Media streaming service"; + # container = "${app}"; + # widget = { + # type = "tautulli"; + # url = "https://tautulli.${config.mySystem.domain}"; + # key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}"; + # }; + # }; + # } + # ]; + + # TODO add gatus monitor + # mySystem.services.gatus.monitors = [ + # { + + # name = app; + # group = "media"; + # url = "https://${app}.${config.mySystem.domain}/web/"; + # interval = "1m"; + # conditions = [ + # "[CONNECTED] == true" + # "[STATUS] == 200" + # "[RESPONSE_TIME] < 50" + # ]; + # } + # ]; + + # TODO add restic backup + # services.restic.backups = config.lib.mySystem.mkRestic { + # inherit app user; + # excludePaths = [ "Backups" ]; + # paths = [ appFolder ]; + # inherit appFolder; + # }; + + }; +} diff --git a/nixos/modules/nixos/containers/plex/default.nix b/nixos/modules/nixos/containers/plex/default.nix index 453dd8a..e7354a0 100644 --- a/nixos/modules/nixos/containers/plex/default.nix +++ b/nixos/modules/nixos/containers/plex/default.nix @@ -39,7 +39,7 @@ in set -o nounset set -o pipefail - podman rm -f ${app} || true + ${pkgs.podman}/bin/podman rm -f ${app} || true rm -f /run/${app}.ctr-id ''}"; ExecStart = '' diff --git a/nixos/modules/nixos/containers/scrypted/default.nix b/nixos/modules/nixos/containers/scrypted/default.nix index 4a97bb9..8c8a709 100644 --- a/nixos/modules/nixos/containers/scrypted/default.nix +++ b/nixos/modules/nixos/containers/scrypted/default.nix @@ -39,7 +39,7 @@ in set -o nounset set -o pipefail - podman rm -f ${app} || true + ${pkgs.podman}/bin/podman rm -f ${app} || true rm -f /run/${app}.ctr-id ''}"; ExecStart = '' diff --git a/nixos/modules/nixos/containers/scrypted/systemd/start-pre.sh b/nixos/modules/nixos/containers/scrypted/systemd/start-pre.sh deleted file mode 100644 index 3beb40a..0000000 --- a/nixos/modules/nixos/containers/scrypted/systemd/start-pre.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail - -podman rm -f scrypted || true -rm -f /run/scrypted.ctr-id