Cradicle Explorer
dots
/ nixosModules / qdrant.nix
qdrant.nix
 1  {
 2    self,
 3    config,
 4    lib,
 5    ...
 6  }:
 7  let
 8    cfg = config.services.qdrant;
 9  
10    clanLib = self.inputs.clan-core.lib;
11  
12    wgPrefix = clanLib.getPublicValue {
13      flake = config.clan.core.settings.directory;
14      machine = "taps";
15      generator = "wireguard-network-wireguard";
16      file = "prefix";
17    };
18    localSuffix = config.clan.core.vars.generators.wireguard-network-wireguard.files.suffix.value;
19    localWgIP = "${wgPrefix}:${localSuffix}";
20  in
21  {
22    config = lib.mkIf cfg.enable {
23      users.users.qdrant = {
24        isSystemUser = true;
25        group = "qdrant";
26        home = "/var/lib/qdrant";
27      };
28      users.groups.qdrant = { };
29  
30      systemd.services.qdrant.serviceConfig.DynamicUser = lib.mkForce false;
31      systemd.services.qdrant.serviceConfig.User = "qdrant";
32      systemd.services.qdrant.serviceConfig.Group = "qdrant";
33  
34      # ZFS dataset for Qdrant data
35      disko.devices.zpool.zroot.datasets."qdrant" = {
36        type = "zfs_fs";
37        mountpoint = "/var/lib/qdrant";
38        options = {
39          compression = "lz4";
40          recordsize = "128K"; # Good for sequential vector reads
41          "com.sun:auto-snapshot" = "true";
42        };
43      };
44  
45      services.qdrant = {
46        settings = {
47          # Network: bind to WireGuard IP only
48          service = {
49            host = localWgIP;
50            http_port = 6333;
51            grpc_port = 6334;
52            # Performance settings
53            max_workers = 2; # Conservative for N100
54            enable_cors = true;
55          };
56  
57          # Storage paths
58          storage = {
59            storage_path = "/var/lib/qdrant/storage";
60            snapshots_path = "/var/lib/qdrant/snapshots";
61            # Performance: keep HNSW index on disk for memory efficiency
62            on_disk_payload = true;
63          };
64  
65          # HNSW index settings (memory efficient)
66          hnsw_index = {
67            on_disk = true;
68          };
69  
70          # Disable telemetry
71          telemetry_disabled = true;
72  
73          # Logging
74          log_level = "INFO";
75        };
76      };
77  
78      # Resource limits for N100 + 32GB
79      systemd.services.qdrant.serviceConfig = {
80        MemoryMax = "6G";
81        CPUQuota = "200%"; # 2 cores
82      };
83  
84      # Ensure correct ownership for ZFS dataset
85      systemd.tmpfiles.rules = [
86        "Z /var/lib/qdrant 0750 qdrant qdrant -"
87      ];
88  
89      # Firewall: allow access from WireGuard network
90      networking.firewall.interfaces."wireguard".allowedTCPPorts = [
91        6333 # HTTP API
92        6334 # gRPC API
93      ];
94    };
95  }