From 8872f527328e4e347ac031721752a361acc9c92a Mon Sep 17 00:00:00 2001 From: happysalada Date: Sun, 26 Feb 2023 01:08:53 -0500 Subject: [PATCH] qdrant: service module init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/search/qdrant.nix | 128 +++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 nixos/modules/services/search/qdrant.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a814845413d8..de390d801478 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1053,6 +1053,7 @@ ./services/search/kibana.nix ./services/search/meilisearch.nix ./services/search/opensearch.nix + ./services/search/qdrant.nix ./services/search/solr.nix ./services/security/aesmd.nix ./services/security/certmgr.nix diff --git a/nixos/modules/services/search/qdrant.nix b/nixos/modules/services/search/qdrant.nix new file mode 100644 index 000000000000..a843c44dbb5f --- /dev/null +++ b/nixos/modules/services/search/qdrant.nix @@ -0,0 +1,128 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cfg = config.services.qdrant; + + settingsFormat = pkgs.formats.yaml { }; + configFile = settingsFormat.generate "config.yaml" cfg.settings; +in { + + options = { + services.qdrant = { + enable = mkEnableOption (lib.mdDoc "Vector Search Engine for the next generation of AI applications"); + + settings = mkOption { + description = lib.mdDoc '' + Configuration for Qdrant + Refer to for details on supported values. + ''; + + type = settingsFormat.type; + + example = { + storage = { + storage_path = "/var/lib/qdrant/storage"; + snapshots_path = "/var/lib/qdrant/snapshots"; + }; + hsnw_index = { + on_disk = true; + }; + service = { + host = "127.0.0.1"; + http_port = 6333; + grpc_port = 6334; + }; + telemetry_disabled = true; + }; + + defaultText = literalExpression '' + { + storage = { + storage_path = "/var/lib/qdrant/storage"; + snapshots_path = "/var/lib/qdrant/snapshots"; + }; + hsnw_index = { + on_disk = true; + }; + service = { + host = "127.0.0.1"; + http_port = 6333; + grpc_port = 6334; + }; + telemetry_disabled = true; + } + ''; + }; + }; + }; + + config = mkIf cfg.enable { + services.qdrant.settings = { + storage.storage_path = mkDefault "/var/lib/qdrant/storage"; + storage.snapshots_path = mkDefault "/var/lib/qdrant/snapshots"; + # The following default values are the same as in the default config, + # they are just written here for convenience. + storage.on_disk_payload = mkDefault true; + storage.wal.wal_capacity_mb = mkDefault 32; + storage.wal.wal_segments_ahead = mkDefault 0; + storage.performance.max_search_threads = mkDefault 0; + storage.performance.max_optimization_threads = mkDefault 1; + storage.optimizers.deleted_threshold = mkDefault 0.2; + storage.optimizers.vacuum_min_vector_number = mkDefault 1000; + storage.optimizers.default_segment_number = mkDefault 0; + storage.optimizers.max_segment_size_kb = mkDefault null; + storage.optimizers.memmap_threshold_kb = mkDefault null; + storage.optimizers.indexing_threshold_kb = mkDefault 20000; + storage.optimizers.flush_interval_sec = mkDefault 5; + storage.optimizers.max_optimization_threads = mkDefault 1; + storage.hnsw_index.m = mkDefault 16; + storage.hnsw_index.ef_construct = mkDefault 100; + storage.hnsw_index.full_scan_threshold_kb = mkDefault 10000; + storage.hnsw_index.max_indexing_threads = mkDefault 0; + storage.hnsw_index.on_disk = mkDefault false; + storage.hnsw_index.payload_m = mkDefault null; + service.max_request_size_mb = mkDefault 32; + service.max_workers = mkDefault 0; + service.http_port = mkDefault 6333; + service.grpc_port = mkDefault 6334; + service.enable_cors = mkDefault true; + cluster.enabled = mkDefault false; + # the following have been altered for security + service.host = mkDefault "127.0.0.1"; + telemetry_disabled = mkDefault true; + }; + + systemd.services.qdrant = { + description = "Vector Search Engine for the next generation of AI applications"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.qdrant}/bin/qdrant --config-path ${configFile}"; + DynamicUser = true; + Restart = "on-failure"; + StateDirectory = "qdrant"; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectClock = true; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectHostname = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + RemoveIPC = true; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + }; + }; + }; +}