add nixos & move home-manager config

README.md

@@ -1,37 +1,43 @@
-# Nix Home Manager Configuration
+# Deploy NixOS
 
-## Upgrade
+## Copy Config
 
 ```bash
-# Update System Channels
+scp -r * nixos@10.10.10.10:/tmp/
-sudo nix-channel --add https://nixos.org/channels/nixpkgs-24.11-darwin nixpkgs
-sudo nix-channel --update
-
-# Update Home Manager
-nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager
-nix-channel --update
-
-# Build Home Manager
-home-manager switch
 ```
 
-## Clean Garbage
+## Partition Drives
-
-NOTE: This will remove previous generations
 
 ```bash
-sudo nix-collect-garbage --delete-old
+# WARNING: Be sure to check drive mappings
-nix-collect-garbage --delete-old
+sudo fdisk -l
+
+# Partition Disk
+sudo nix \
+    --experimental-features "nix-command flakes" \
+    run github:nix-community/disko -- \
+    --mode disko \
+    --flake /tmp#lin-va-llama1
 ```
 
-## OS Update
+## Install NixOS
-
-`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:
 
 ```bash
-# Nix
+# Install
-if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
+sudo nixos-install --flake /tmp#lin-va-llama1
-  . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
+
-fi
+# Reboot
-# End Nix
+sudo reboot
+```
+
+## Copy Config to Host
+
+```bash
+scp -r * nixos@10.10.10.10:/etc/nixos
+```
+
+## Rebuild NixOS
+
+```bash
+sudo nixos-rebuild switch
 ```

flake.nix

@@ -0,0 +1,32 @@
+{
+  description = "NixOS Hosts";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    disko.url = "github:nix-community/disko";
+  };
+
+  outputs = { self, nixpkgs, disko }: {
+    nixosConfigurations.lin-va-llama1 = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        disko.nixosModules.disko
+        ./hosts/llama-server.nix
+        {
+          networking.hostName = "lin-va-llama1";
+        }
+      ];
+    };
+
+    nixosConfigurations.lin-va-k3s1 = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        disko.nixosModules.disko
+        ./hosts/k3s.nix
+        {
+          networking.hostName = "lin-va-k3s1";
+        }
+      ];
+    };
+  };
+}

home-manager/README.md

@@ -0,0 +1,37 @@
+# Nix Home Manager Configuration
+
+## Upgrade
+
+```bash
+# Update System Channels
+sudo nix-channel --add https://nixos.org/channels/nixpkgs-24.11-darwin nixpkgs
+sudo nix-channel --update
+
+# Update Home Manager
+nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager
+nix-channel --update
+
+# Build Home Manager
+home-manager switch
+```
+
+## Clean Garbage
+
+NOTE: This will remove previous generations
+
+```bash
+sudo nix-collect-garbage --delete-old
+nix-collect-garbage --delete-old
+```
+
+## OS Update
+
+`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:
+
+```bash
+# Nix
+if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
+  . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
+fi
+# End Nix
+```

hosts/k3s.nix

@@ -0,0 +1,119 @@
+{ config, pkgs, ... }:
+
+{
+  # Enable Flakes
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # System Configuration
+  boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement
+  boot.kernel.sysctl = {
+    "vm.nr_hugepages" = 1024;
+  };
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  # Disk Configuration
+  disko.devices = {
+    disk = {
+      sda = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00"; # EFI
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+
+  # Network Configuration
+  networking = {
+    networkmanager.enable = true;
+    firewall = {
+      enable = true;
+
+      # Single Node Required Ports
+      allowedTCPPorts = [ 6443 ];
+
+      # Multi Node Required Ports
+      # allowedTCPPorts = [ 6443 2379 2380 10250 ];
+      # allowedUDPPorts = [ 8472 ];
+    };
+  };
+
+  # Enable K3s
+  services.k3s = {
+    enable = true;
+    role = "server";
+    extraFlags = toString [
+      "--disable=traefik" # Should we enable?
+      "--disable=servicelb"
+    ];
+  };
+
+  # Enable SSH Server
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false; # Disable Password Login
+      PermitRootLogin = "prohibit-password"; # Disable Password Login
+    };
+  };
+
+  # User Configuration
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
+    ];
+    hashedPassword = null; # Disable Password Login
+  };
+
+  # System Packages
+  environment.systemPackages = with pkgs; [
+    k9s
+    kubectl
+    kubernetes-helm
+    nfs-utils
+    vim
+  ];
+
+  # Enable Container Features
+  virtualisation = {
+    docker.enable = false;
+    containerd = {
+      enable = true;
+      settings = {
+        version = 2;
+        plugins."io.containerd.grpc.v1.cri" = {
+          containerd.runtimes.runc = {
+            runtime_type = "io.containerd.runc.v2";
+          };
+        };
+      };
+    };
+  };
+
+  # System State Version
+  system.stateVersion = "24.11";
+}

hosts/llama-server.nix

@@ -0,0 +1,187 @@
+{ config, pkgs, ... }:
+
+let
+  cuda-llama = (pkgs.llama-cpp.override {
+    cudaSupport = true;
+  }).overrideAttrs (oldAttrs: {
+    cmakeFlags = oldAttrs.cmakeFlags ++ [
+      "-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=ON"
+
+      # Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
+      "-DLLAMA_FMA=OFF"
+      "-DLLAMA_AVX2=OFF"
+      "-DLLAMA_AVX512=OFF"
+      "-DGGML_FMA=OFF"
+      "-DGGML_AVX2=OFF"
+      "-DGGML_AVX512=OFF"
+    ];
+  });
+
+  # Define Model Vars
+  modelDir = "/models";
+  modelName = "qwen2.5-coder-7b-q8_0.gguf";
+  modelPath = "${modelDir}/${modelName}";
+  modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
+in
+
+{
+  # Enable Flakes
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # System Configuration
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot";
+
+  # Allow Nvidia & CUDA
+  nixpkgs.config.allowUnfree = true;
+
+  # Enable Graphics
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+    extraPackages = [ pkgs.cudatoolkit ];
+  };
+
+  # Load Nvidia Driver Module
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  # Nvidia Package Configuration
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    modesetting.enable = true;
+    powerManagement.enable = true;
+    open = false;
+    nvidiaSettings = true;
+  };
+
+  # Disk Configuration
+  disko.devices = {
+    disk = {
+      sda = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "512M";
+              type = "EF00"; # EFI
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+
+  # Network Configuration
+  networking.networkmanager.enable = true;
+
+  # Download Model
+  systemd.services.download-model = {
+    description = "Download Model";
+    wantedBy = [ "multi-user.target" ];
+    before = [ "llama-cpp.service" ];
+    path = [ pkgs.curl pkgs.coreutils ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "root";
+      Group = "root";
+    };
+    script = ''
+      set -euo pipefail
+
+      if [ ! -f "${modelPath}" ]; then
+        mkdir -p "${modelDir}"
+        # Add -f flag to follow redirects and -L for location
+        # Add --fail flag to exit with error on HTTP errors
+        # Add -C - to resume interrupted downloads
+        curl -f -L -C - \
+          -H "Accept: application/octet-stream" \
+          --retry 3 \
+          --retry-delay 5 \
+          --max-time 1800 \
+          "${modelUrl}" \
+          -o "${modelPath}.tmp" && \
+        mv "${modelPath}.tmp" "${modelPath}"
+      fi
+    '';
+  };
+
+
+  # Setup LLama API Service
+  systemd.services.llama-cpp = {
+    after = [ "download-model.service" ];
+    requires = [ "download-model.service" ];
+  };
+
+  # Enable LLama API
+  services.llama-cpp = {
+    enable = true;
+    host = "0.0.0.0";
+    package = cuda-llama;
+    model = modelPath;
+    port = 8080;
+    openFirewall = true;
+    extraFlags = [
+      "-ngl"
+      "99"
+      "-fa"
+      "-ub"
+      "512"
+      "-b"
+      "512"
+      "-dt"
+      "0.1"
+      "--ctx-size"
+      "4096"
+      "--cache-reuse"
+      "256"
+    ];
+  };
+
+  # Enable SSH Server
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false; # Disable Password Login
+      PermitRootLogin = "prohibit-password"; # Disable Password Login
+    };
+  };
+
+  # User Configuration
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
+    ];
+    hashedPassword = null; # Disable Password Login
+  };
+
+  # System Packages
+  environment.systemPackages = with pkgs; [
+    htop
+    nvtop
+    tmux
+    vim
+    wget
+  ];
+
+  # System State Version
+  system.stateVersion = "24.11";
+}