diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-03-08 00:02:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-08 00:02:17 +0000 |
commit | bca99088c2281d3105de5f28bb925c5b2bd0e790 (patch) | |
tree | bd1aa4de1a36c569e92cb01478ee66f2ee7729af /nixos | |
parent | b9f10d0e3e2e4b8805b265497a086fdd0a164e10 (diff) | |
parent | c8cd65298e567e1e604431e4544361e365410f8c (diff) | |
download | nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar.gz nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar.bz2 nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar.lz nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar.xz nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.tar.zst nixlib-bca99088c2281d3105de5f28bb925c5b2bd0e790.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/configuration/x-windows.chapter.md | 1 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2405.section.md | 5 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/backup/syncoid.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 43 | ||||
-rw-r--r-- | nixos/modules/services/misc/tabby.nix | 203 | ||||
-rw-r--r-- | nixos/modules/virtualisation/oci-containers.nix | 2 | ||||
-rw-r--r-- | nixos/tests/sanoid.nix | 3 |
8 files changed, 215 insertions, 45 deletions
diff --git a/nixos/doc/manual/configuration/x-windows.chapter.md b/nixos/doc/manual/configuration/x-windows.chapter.md index 0451e4d25265..bf1872ae01ac 100644 --- a/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixos/doc/manual/configuration/x-windows.chapter.md @@ -150,6 +150,7 @@ Or if you have an older card, you may have to use one of the legacy drivers: ```nix +services.xserver.videoDrivers = [ "nvidiaLegacy470" ]; services.xserver.videoDrivers = [ "nvidiaLegacy390" ]; services.xserver.videoDrivers = [ "nvidiaLegacy340" ]; services.xserver.videoDrivers = [ "nvidiaLegacy304" ]; diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 0abd28ad8f69..665e8590fc42 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -129,6 +129,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m [v0.31](https://github.com/derailed/k9s/releases/tag/v0.31.0) for details. It is recommended to back up your current configuration and let k9s recreate the new base configuration. +- The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it's + not declarative and is broken with newer postgresql versions. Consider using + [](#opt-services.postgresql.ensureUsers._.ensureDBOwnership) + instead or a tool that's more suited for managing the data inside a postgresql database. + - `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details. - `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index cfe2350d5762..41e369ac1c65 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -783,6 +783,7 @@ ./services/misc/svnserve.nix ./services/misc/synergy.nix ./services/misc/sysprof.nix + ./services/misc/tabby.nix ./services/misc/tandoor-recipes.nix ./services/misc/taskserver ./services/misc/tautulli.nix diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix index 7b8d3b431309..4a04f0aa1622 100644 --- a/nixos/modules/services/backup/syncoid.nix +++ b/nixos/modules/services/backup/syncoid.nix @@ -134,7 +134,7 @@ in localSourceAllow = mkOption { type = types.listOf types.str; # Permissions snapshot and destroy are in case --no-sync-snap is not used - default = [ "bookmark" "hold" "send" "snapshot" "destroy" ]; + default = [ "bookmark" "hold" "send" "snapshot" "destroy" "mount" ]; description = lib.mdDoc '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index ed5915735730..c4e76c82ba5c 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -161,33 +161,6 @@ in ''; }; - ensurePermissions = mkOption { - type = types.attrsOf types.str; - default = {}; - visible = false; # This option has been deprecated. - description = lib.mdDoc '' - This option is DEPRECATED and should not be used in nixpkgs anymore, - use `ensureDBOwnership` instead. It can also break with newer - versions of PostgreSQL (≥ 15). - - Permissions to ensure for the user, specified as an attribute set. - The attribute names specify the database and tables to grant the permissions for. - The attribute values specify the permissions to grant. You may specify one or - multiple comma-separated SQL privileges here. - - For more information on how to specify the target - and on which privileges exist, see the - [GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html). - The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`. - ''; - example = literalExpression '' - { - "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - } - ''; - }; - ensureDBOwnership = mkOption { type = types.bool; default = false; @@ -460,16 +433,6 @@ in Offender: ${name} has not been found among databases. ''; }) cfg.ensureUsers; - # `ensurePermissions` is now deprecated, let's avoid it. - warnings = lib.optional (any ({ ensurePermissions, ... }: ensurePermissions != {}) cfg.ensureUsers) " - `services.postgresql.ensureUsers.*.ensurePermissions` is used in your expressions, - this option is known to be broken with newer PostgreSQL versions, - consider migrating to `services.postgresql.ensureUsers.*.ensureDBOwnership` or - consult the release notes or manual for more migration guidelines. - - This option will be removed in NixOS 24.05 unless it sees significant - maintenance improvements. - "; services.postgresql.settings = { @@ -583,11 +546,6 @@ in concatMapStrings (user: let - userPermissions = concatStringsSep "\n" - (mapAttrsToList - (database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '') - user.ensurePermissions - ); dbOwnershipStmt = optionalString user.ensureDBOwnership ''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' ''; @@ -599,7 +557,6 @@ in userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' ''; in '' $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' - ${userPermissions} ${userClauses} ${dbOwnershipStmt} diff --git a/nixos/modules/services/misc/tabby.nix b/nixos/modules/services/misc/tabby.nix new file mode 100644 index 000000000000..a3072e5df75e --- /dev/null +++ b/nixos/modules/services/misc/tabby.nix @@ -0,0 +1,203 @@ +{ config, lib, pkgs, ... }: +let + inherit (lib) types; + + cfg = config.services.tabby; + format = pkgs.formats.toml { }; + tabbyPackage = cfg.package.override { + inherit (cfg) acceleration; + }; +in +{ + options = { + services.tabby = { + enable = lib.mkEnableOption ( + lib.mdDoc "Self-hosted AI coding assistant using large language models" + ); + + package = lib.mkPackageOption pkgs "tabby" { }; + + port = lib.mkOption { + type = types.port; + default = 11029; + description = lib.mdDoc '' + Specifies the bind port on which the tabby server HTTP interface listens. + ''; + }; + + model = lib.mkOption { + type = types.str; + default = "TabbyML/StarCoder-1B"; + description = lib.mdDoc '' + Specify the model that tabby will use to generate completions. + + This model will be downloaded automatically if it is not already present. + + If you want to utilize an existing model that you've already + downloaded you'll need to move it into tabby's state directory which + lives in `/var/lib/tabby`. Because the tabby.service is configured to + use a DyanmicUser the service will need to have been started at least + once before you can move the locally existing model into + `/var/lib/tabby`. You can set the model to 'none' and tabby will + startup and fail to download a model, but will have created the + `/var/lib/tabby` directory. You can then copy over the model manually + into `/var/lib/tabby`, update the model option to the name you just + downloaded and copied over then `nixos-rebuild switch` to start using + it. + + $ tabby download --model TabbyML/DeepseekCoder-6.7B + $ find ~/.tabby/ | tail -n1 + /home/ghthor/.tabby/models/TabbyML/DeepseekCoder-6.7B/ggml/q8_0.v2.gguf + $ sudo rsync -r ~/.tabby/models/ /var/lib/tabby/models/ + $ sudo chown -R tabby:tabby /var/lib/tabby/models/ + + See for Model Options: + > https://github.com/TabbyML/registry-tabby + ''; + }; + + acceleration = lib.mkOption { + type = types.nullOr (types.enum [ "cpu" "rocm" "cuda" "metal" ]); + default = null; + example = "rocm"; + description = lib.mdDoc '' + Specifies the device to use for hardware acceleration. + + - `cpu`: no acceleration just use the CPU + - `rocm`: supported by modern AMD GPUs + - `cuda`: supported by modern NVIDIA GPUs + - `metal`: supported on darwin aarch64 machines + + Tabby will try and determine what type of acceleration that is + already enabled in your configuration when `acceleration = null`. + + - nixpkgs.config.cudaSupport + - nixpkgs.config.rocmSupport + - if stdenv.isDarwin && stdenv.isAarch64 + + IFF multiple acceleration methods are found to be enabled or if you + haven't set either `cudaSupport or rocmSupport` you will have to + specify the device type manually here otherwise it will default to + the first from the list above or to cpu. + ''; + }; + + settings = lib.mkOption { + inherit (format) type; + default = { }; + description = lib.mdDoc '' + Tabby scheduler configuration + + See for more details: + > https://tabby.tabbyml.com/docs/configuration/#repository-context-for-code-completion + ''; + example = lib.literalExpression '' + settings = { + repositories = [ + { name = "tabby"; git_url = "https://github.com/TabbyML/tabby.git"; } + { name = "CTranslate2"; git_url = "git@github.com:OpenNMT/CTranslate2.git"; } + + # local directory is also supported, but limited by systemd DynamicUser=1 + # adding local repositories will need to be done manually + { name = "repository_a"; git_url = "file:///var/lib/tabby/repository_a"; } + ]; + }; + ''; + }; + + usageCollection = lib.mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable sending anonymous usage data. + + See for more details: + > https://tabby.tabbyml.com/docs/configuration#usage-collection + ''; + }; + + indexInterval = lib.mkOption { + type = types.str; + default = "5hours"; + example = "5hours"; + description = lib.mdDoc '' + Run tabby scheduler to generate the index database at this interval. + Updates by default every 5 hours. This value applies to + `OnUnitInactiveSec` + + The format is described in + {manpage}`systemd.time(7)`. + + To disable running `tabby scheduler --now` updates, set to `"never"` + ''; + }; + }; + }; + + # TODO(ghthor): firewall config + + config = lib.mkIf cfg.enable { + environment = { + etc."tabby/config.toml".source = format.generate "config.toml" cfg.settings; + systemPackages = [ tabbyPackage ]; + }; + + + systemd = let + serviceUser = { + WorkingDirectory = "/var/lib/tabby"; + StateDirectory = [ "tabby" ]; + ConfigurationDirectory = [ "tabby" ]; + DynamicUser = true; + User = "tabby"; + Group = "tabby"; + }; + + serviceEnv = lib.mkMerge [ + { + TABBY_ROOT = "%S/tabby"; + } + (lib.mkIf (!cfg.usageCollection) { + TABBY_DISABLE_USAGE_COLLECTION = "1"; + }) + ]; + in { + services.tabby = { + wantedBy = [ "multi-user.target" ]; + description = "Self-hosted AI coding assistant using large language models"; + after = [ "network.target" ]; + environment = serviceEnv; + serviceConfig = lib.mkMerge [ + serviceUser + { + ExecStart = + "${lib.getExe tabbyPackage} serve --model ${cfg.model} --port ${toString cfg.port} --device ${tabbyPackage.featureDevice}"; + } + ]; + }; + + services.tabby-scheduler = lib.mkIf (cfg.indexInterval != "never") { + wantedBy = [ "multi-user.target" ]; + description = "Tabby repository indexing service"; + after = [ "network.target" ]; + environment = serviceEnv; + preStart = "cp -f /etc/tabby/config.toml \${TABBY_ROOT}/config.toml"; + serviceConfig = lib.mkMerge [ + serviceUser + { + # Type = "oneshot"; + ExecStart = "${lib.getExe tabbyPackage} scheduler --now"; + } + ]; + }; + timers.tabby-scheduler = lib.mkIf (cfg.indexInterval != "never") { + description = "Update timer for tabby-scheduler"; + partOf = [ "tabby-scheduler.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnUnitInactiveSec = cfg.indexInterval; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ ghthor ]; +} diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index a88715587d65..5bffb3f04716 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -312,7 +312,7 @@ let preStop = if cfg.backend == "podman" then "podman stop --ignore --cidfile=/run/podman-${escapedName}.ctr-id" - else "${cfg.backend} stop ${name}"; + else "${cfg.backend} stop ${name} || true"; postStop = if cfg.backend == "podman" then "podman rm -f --ignore --cidfile=/run/podman-${escapedName}.ctr-id" diff --git a/nixos/tests/sanoid.nix b/nixos/tests/sanoid.nix index 411ebcead9f6..1575634e6284 100644 --- a/nixos/tests/sanoid.nix +++ b/nixos/tests/sanoid.nix @@ -115,8 +115,11 @@ in { source.systemctl("start --wait syncoid-pool-sanoid.service") target.succeed("cat /mnt/pool/sanoid/test.txt") source.systemctl("start --wait syncoid-pool-syncoid.service") + source.systemctl("start --wait syncoid-pool-syncoid.service") target.succeed("cat /mnt/pool/syncoid/test.txt") + assert(len(source.succeed("zfs list -H -t snapshot pool/syncoid").splitlines()) == 1), "Syncoid should only retain one sync snapshot" + source.systemctl("start --wait syncoid-pool.service") target.succeed("[[ -d /mnt/pool/full-pool/syncoid ]]") |