rutrum

Typically when I'm working with photos, I'm doing graphic design type work. I've been using GIMP for this. GIMP is meant for raster graphics editing.

You could also use Inkscape for vector graphics, or Krita for more digital painting type work. But I know all these tools are very powerful and overlap on some use cases.

Do you use any AI-type tools? I use a image upscaler called Upscayl. It works really well and works entirely locally.

Do you know of any tools that can remove backgrounds? This would help with help with the type of graphic design I do.

What other tools do you like to use as it pertains to images?

I just setup my first automated and encrypted backup with borg. It's got me thinking about other chaotic events, and how to respond accordingly. I figured now is a good time to document my infrastructure: hardware, network, a files. This way if something bad happens, like my house burns down, I or a family member has instructions for how to quickly recover data and services. Examples:

1. If my website goes down, with my nextcloud on it, what steps do I need to take to recover the data and restore service?
2. If my harddrive fails, how do I access lost data and reimplement redundancy after a replacement is stood up?
3. If someone important to me needs to access encrypted files, how can that access that data and get access to the passwords/encryption keys?
4. If my phone bricks, how to recover 2fa codes?

So I'd like to have a physical printing copy that tries to cover these emergency scenarios. Of course, I'll have digital copy around as well.

I'm focusing more on digital assets, like encryption keys, personal files and media, cloud service access, accessing inaccessible machines, how to restart/recover from self hosted service if its down, etc. I understand how much wider this document can be to include physical assets, so to start I want to start with digital infrastructure.

So my big questions: what scenarios should be documented in this disaster recovery document? What should I prepare for? The nice correlary of this is that documenting a recovery plan will force me to actually stand up the backups/redundancy needed to recover.

I just got a drawing tablet, and have been wanting some software that would allow me to work out math problems, draw architecture diagrams, etc. I've seen some tools like Excalidraw, which look handy for the sharing capabilities. I also have just used plain krita, which has great feedback for the pen sensitivity, but obviously is overkill for whiteboarding.

Are there any tools you use or recommend for handwriting or picture drawing? Pen or mouse?

I love coffee, but have a surplus of tea bags that I want to experiment with. Does anyone have suggestions for how to get started with tea? Or a simple recipe to use as a baseline? I'm only working with tea bags at this time, which appear to be 2g. I would also love to know how much agitation you are supposed to do with the tea bag itself.

I'm in desparate need of setting up borgmatic for borg backup. I would like to encrypt my backups. (I suppose, an unencrypted backup is better than none in my case, so I should get it done today regardless.)

How do I save those keys? Is there a directory structure I follow? Do you backup the keys as well? Are there keys that I need to write down by hand? Should I use a cloud service like bitwarden secrets manager? Could I host something?

Im ignorant on this matter. The most I've done is add ssh keys to git forges and use ssh-copyid. But I've always been able to access what I need to without keeping those (I login to the web interface.) Can you share with me best practices or what you do to manage non-password secrets?

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

• Tor relay, or exit node
• Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
• Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
• Search engines like searxng (I currently use a public instance)
• Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

• Tor relay, or exit node
• Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
• Crypto miners (I know, I know, but you understand how it fits the "public contribution" usecase)
• Search engines like searxng (I currently use a public instance)
• Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

TabbyML is a self-hosted code assistant. I have been unsuccessful at running it using my Nvidia GPU. There's two ways I've tried to deploy this.

As a docker container

Following the docs, it states I run the following docker run command. Below is what I run, modified to use the correct port:

docker run -it --gpus all \
  -p 11029:8080 -v $HOME/.tabby:/data \
  tabbyml/tabby serve --model StarCoder-1B --device cuda

Then I get the following error:

docker: Error response from daemon: could not select device driver "" with capabilities: [[gpu]].

So this would appear that I don't have the "nvidia-container-toolkit" installed on my machine. So I go ahead and enable this in nixos:

hardware.nvidia-container-toolkit.enable = true;

To validate that this works, I should be able to run nvidia-smi from within a container. I can run this from the host without issue:

$ nvidia-smi
Wed Jun  5 08:14:50 2024
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 550.78                 Driver Version: 550.78         CUDA Version: 12.4     |
|-----------------------------------------+------------------------+----------------------+
...and so on

But if test this from a container, as the nvidia docs suggest as follows, I unable to access it from within the container.

$ sudo docker run --rm --runtime=nvidia --gpus all ubuntu nvidia-smi
docker: Error response from daemon: unknown or invalid runtime name: nvidia.

Okay, so I go and read the instructions further. Install instructions state that after installation, I need to configure the runtime like so:

$ sudo nvidia-ctk runtime configure --runtime=docker
sudo: nvidia-ctk: command not found

Ah nuts. That's a bug in nixos. I made a PR for this here: https://github.com/NixOS/nixpkgs/pull/317199 Still awaiting results from this. I don't know if this is a bug that will be backported to 24.05. Regardless, I wouldn't expect this ad-hoc configuration when I enable the nvidia-container-toolkit option in NixOS. Anyway, this option could still work but with some more time. If you have advice doing this let me know.

FOUND Docker method solution

So looking closer at people with the error message "no such runtime nvidia" I found this thread. It specifies that what nvidia-ctk is supposed to do is add a "runtime" that points to the nvidia-container-runtime executable. So I tried manually adding that my nixos configuration by using the virtualisation.docker.daemon.settings options. I was having trouble getting that working, because I needed to find the exact path to the nvidia-container-runtime executable. If you know Nix, you know that it isn't just in /usr/bin/.

But that's still not a satisfying solution anyway...I shouldn't have to this. I went in deeper and looked at module for nvidia-container-toolkit. This module calls a script called cdi-generate.nix. It outputs the results of nvidia-ctk to a file called nvidia-container-toolkit.json.

Let's go look for that file...can't find it. I do more searching...anyway, I found the solution.

The nvidia-container-toolkit is a new option in NixOS 24.05. It explicitly states in the release notes that it is supposed to replace the now deprecated virtualisation.{docker, podman}.enableNvidia options. Well, when you go look at the module that defines docker.enableNvidia you see it there at the bottom! This file actually defines the nvidia runtime!

And yes, it works. Using the now "deprecated" option is the one that actually works. I guess this is another bug to file to NixOS.

This seems to work so far, but I don't know why the solution using a NixOS module doesn't work either.

As a NixOS module

Let's just do it the full NixOS module way (which is what I tried first). That should be easy. Let's enable the feature and set some options:

services.tabby = {
    enable = true;
    port = 11029;
    acceleration = "cuda";
  };
  networking.firewall.allowedTCPPorts = [ 11029 ];

It appears to be working! VSCodium extension sees the server and prompts for a authentication token. I add the token. I type some code and set for a manual trigger...then tabby dies. Let''s look at the systemd logs.

tabby[76786]: 📄 Version 0.11.1
tabby[76786]: 🚀 Listening at 0.0.0.0:11029
tabby[76786]:   JWT secret is not set
tabby[76786]:   Tabby server will generate a one-time (non-persisted) JWT secret for the current process.
tabby[76786]:   Please set the TABBY_WEBSERVER_JWT_TOKEN_SECRET environment variable for production usage.
systemd[1]: tabby.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: tabby.service: Failed with result 'exit-code'.
systemd[1]: tabby.service: Consumed 2.285s CPU time, received 121.0K IP traffic, sent 1.6M IP traffic

That's it. It's not very descriptive about what happened. I've had success running it this way using the "cpu" option for acceleration (no GPU) but that's too slow to be useful.

GPU specs

I am running a Nvidia RTX 2060 and using the proprietary drivers version 550.

Thanks for the read, if you have any input on what to do next let me know what I can try. Ideally, I'd like to have both options work, since I think the docker implementation may have the same problem as the NixOS module option.

I've been seeing easy ways to store and view tabular data. I'm aware of tools like nocodb, baserow, and mathesar. I'm currently playtesting nocodb. But I wanted to start a discussion on what everyone uses for easily storing tabular data, and if anyone uses these tools.

I've also tried nextcloud tables but it still is very early in development from what I can tell.