nixos/modules/services/search/qdrant.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / search / qdrant.nix
at 25.11-pre 4.6 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7let
  8
  9  cfg = config.services.qdrant;
 10
 11  settingsFormat = pkgs.formats.yaml { };
 12  configFile = settingsFormat.generate "config.yaml" cfg.settings;
 13in
 14{
 15
 16  options = {
 17    services.qdrant = {
 18      enable = lib.mkEnableOption "Vector Search Engine for the next generation of AI applications";
 19
 20      settings = lib.mkOption {
 21        description = ''
 22          Configuration for Qdrant
 23          Refer to <https://github.com/qdrant/qdrant/blob/master/config/config.yaml> for details on supported values.
 24        '';
 25
 26        type = settingsFormat.type;
 27
 28        example = {
 29          storage = {
 30            storage_path = "/var/lib/qdrant/storage";
 31            snapshots_path = "/var/lib/qdrant/snapshots";
 32          };
 33          hsnw_index = {
 34            on_disk = true;
 35          };
 36          service = {
 37            host = "127.0.0.1";
 38            http_port = 6333;
 39            grpc_port = 6334;
 40          };
 41          telemetry_disabled = true;
 42        };
 43
 44        defaultText = lib.literalExpression ''
 45          {
 46            storage = {
 47              storage_path = "/var/lib/qdrant/storage";
 48              snapshots_path = "/var/lib/qdrant/snapshots";
 49            };
 50            hsnw_index = {
 51              on_disk = true;
 52            };
 53            service = {
 54              host = "127.0.0.1";
 55              http_port = 6333;
 56              grpc_port = 6334;
 57            };
 58            telemetry_disabled = true;
 59          }
 60        '';
 61      };
 62    };
 63  };
 64
 65  config = lib.mkIf cfg.enable {
 66    services.qdrant.settings = {
 67      service.static_content_dir = lib.mkDefault pkgs.qdrant-web-ui;
 68      storage.storage_path = lib.mkDefault "/var/lib/qdrant/storage";
 69      storage.snapshots_path = lib.mkDefault "/var/lib/qdrant/snapshots";
 70      # The following default values are the same as in the default config,
 71      # they are just written here for convenience.
 72      storage.on_disk_payload = lib.mkDefault true;
 73      storage.wal.wal_capacity_mb = lib.mkDefault 32;
 74      storage.wal.wal_segments_ahead = lib.mkDefault 0;
 75      storage.performance.max_search_threads = lib.mkDefault 0;
 76      storage.performance.max_optimization_threads = lib.mkDefault 1;
 77      storage.optimizers.deleted_threshold = lib.mkDefault 0.2;
 78      storage.optimizers.vacuum_min_vector_number = lib.mkDefault 1000;
 79      storage.optimizers.default_segment_number = lib.mkDefault 0;
 80      storage.optimizers.max_segment_size_kb = lib.mkDefault null;
 81      storage.optimizers.memmap_threshold_kb = lib.mkDefault null;
 82      storage.optimizers.indexing_threshold_kb = lib.mkDefault 20000;
 83      storage.optimizers.flush_interval_sec = lib.mkDefault 5;
 84      storage.optimizers.max_optimization_threads = lib.mkDefault 1;
 85      storage.hnsw_index.m = lib.mkDefault 16;
 86      storage.hnsw_index.ef_construct = lib.mkDefault 100;
 87      storage.hnsw_index.full_scan_threshold_kb = lib.mkDefault 10000;
 88      storage.hnsw_index.max_indexing_threads = lib.mkDefault 0;
 89      storage.hnsw_index.on_disk = lib.mkDefault false;
 90      storage.hnsw_index.payload_m = lib.mkDefault null;
 91      service.max_request_size_mb = lib.mkDefault 32;
 92      service.max_workers = lib.mkDefault 0;
 93      service.http_port = lib.mkDefault 6333;
 94      service.grpc_port = lib.mkDefault 6334;
 95      service.enable_cors = lib.mkDefault true;
 96      cluster.enabled = lib.mkDefault false;
 97      # the following have been altered for security
 98      service.host = lib.mkDefault "127.0.0.1";
 99      telemetry_disabled = lib.mkDefault true;
100    };
101
102    systemd.services.qdrant = {
103      description = "Vector Search Engine for the next generation of AI applications";
104      wantedBy = [ "multi-user.target" ];
105      after = [ "network.target" ];
106
107      serviceConfig = {
108        LimitNOFILE = 65536;
109        ExecStart = "${pkgs.qdrant}/bin/qdrant --config-path ${configFile}";
110        DynamicUser = true;
111        Restart = "on-failure";
112        StateDirectory = "qdrant";
113        CapabilityBoundingSet = "";
114        NoNewPrivileges = true;
115        PrivateTmp = true;
116        ProtectHome = true;
117        ProtectClock = true;
118        ProtectProc = "noaccess";
119        ProcSubset = "pid";
120        ProtectKernelLogs = true;
121        ProtectKernelModules = true;
122        ProtectKernelTunables = true;
123        ProtectControlGroups = true;
124        ProtectHostname = true;
125        RestrictSUIDSGID = true;
126        RestrictRealtime = true;
127        RestrictNamespaces = true;
128        LockPersonality = true;
129        RemoveIPC = true;
130        SystemCallFilter = [
131          "@system-service"
132          "~@privileged"
133        ];
134      };
135    };
136  };
137}