From f0cc26304722a6cf259a3f09121075834dabf6cc Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Sun, 7 Sep 2025 17:18:08 -0400
Subject: [PATCH 1/6] Update flake.lock

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9d84693..c36cdeb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755810213,
-        "narHash": "sha256-QdenO8f0PTg+tC6HuSvngKcbRZA5oZKmjUT+MXKOLQg=",
+        "lastModified": 1757256385,
+        "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6911d3e7f475f7b3558b4f5a6aba90fa86099baa",
+        "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1755615617,
-        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "lastModified": 1757068644,
+        "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
         "type": "github"
       },
       "original": {

From a13deb82775011c8770521af1cfd3141717175dd Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Sun, 7 Sep 2025 17:18:27 -0400
Subject: [PATCH 2/6] Additional ollama settings

---
 hosts/default/configuration.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 28d673f..b364c3e 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -214,8 +214,9 @@ in
     logReversePathDrops = true;
     checkReversePath = "loose";
     extraCommands = ''
-      # Enable connections to Ollama for VPN users:
+      # Enable connections to openweb-ui for VPN users:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT
+      # Enable connections to ollama from the openweb-ui instance:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
     '';
     # wireguard trips rpfilter up
@@ -398,9 +399,11 @@ in
   services.ollama = {
     enable = true;
     acceleration = "rocm";
-    #environmentVariables = {
-    #  HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
-    #};
+    environmentVariables = {
+      HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
+      OLLAMA_LOAD_TIMEOUT = "2"; # Reduce load timeout (from 5 min)...if it's that big, forget it.
+      OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
+    };
     host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
     rocmOverrideGfx = "10.3.0";
   };

From ad9b8a05e2e70ffd584c7f010a5e44ec8b3e9e43 Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Sun, 7 Sep 2025 17:18:41 -0400
Subject: [PATCH 3/6] Add packages lazydocker and noisetorch

---
 hosts/default/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index b364c3e..b7f725e 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -238,6 +238,7 @@ in
     binutils # gnu bin utils
     # conda # python environment management
     uv # alternative for python env management...
+    lazydocker # docker[/compose] tui
     sqlite-interactive # sqlite cli
     duckdb # wanted mostly as cli for SQL on csv files
     neovim # next gen vim w/lua
@@ -305,6 +306,7 @@ in
     corectrl # provide hardware clock controls for AMDGPU
     gimp # GIMP image manipulation proggy
     zed-editor # the most hopeful replacement for vscode...if I never learn nvim
+    noisetorch # noise/background filter for mic
   ];
   programs.zsh.enable = true;
   programs.git = {

From c60a1fdf345dd7a62d9335d24298e4b55440f0c0 Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Wed, 24 Sep 2025 10:29:39 -0400
Subject: [PATCH 4/6] Update flake.lock

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index c36cdeb..d9edbf2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757256385,
-        "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=",
+        "lastModified": 1758719930,
+        "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37",
+        "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1757068644,
-        "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
+        "lastModified": 1758427187,
+        "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
+        "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
         "type": "github"
       },
       "original": {

From 9f901f7a30ec5b05f567bd317ed6e1e3018bb94b Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Wed, 24 Sep 2025 10:30:06 -0400
Subject: [PATCH 5/6] Add ansible (mostly for diffs and vault editing)

---
 hosts/default/configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index b7f725e..1c74636 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -235,6 +235,7 @@ in
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
+    ansible # automation/software-defined-configuration tool
     binutils # gnu bin utils
     # conda # python environment management
     uv # alternative for python env management...

From 931780c38f5d0a0d7038d47eeb77e5f6452f8bae Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Wed, 24 Sep 2025 10:30:40 -0400
Subject: [PATCH 6/6] Add some comments re ollama

Need to clean this up, but would be nice to have API key or more security on it first
---
 hosts/default/configuration.nix | 35 ++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 1c74636..0686e82 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -405,7 +405,39 @@ in
     environmentVariables = {
       HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
       OLLAMA_LOAD_TIMEOUT = "2"; # Reduce load timeout (from 5 min)...if it's that big, forget it.
-      OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
+      # OK, so origins is more about setting up CORS than firewalling things. (and requires e.g. http[s]://IP|Host/* etc)
+      #OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
+
+      # Default/mapped from config ENV vars:
+      #CUDA_VISIBLE_DEVICES: 
+      #GPU_DEVICE_ORDINAL: 
+      #HIP_VISIBLE_DEVICES: 
+      #HSA_OVERRIDE_GFX_VERSION:10.3.0 
+      #HTTPS_PROXY: 
+      #HTTP_PROXY: 
+      #NO_PROXY: 
+      #OLLAMA_CONTEXT_LENGTH:4096 
+      #OLLAMA_DEBUG:INFO 
+      #OLLAMA_FLASH_ATTENTION:false 
+      #OLLAMA_GPU_OVERHEAD:0 
+      #OLLAMA_HOST:http://10.40.4.2:11434 
+      #OLLAMA_INTEL_GPU:false 
+      #OLLAMA_KEEP_ALIVE:5m0s 
+      #OLLAMA_KV_CACHE_TYPE: 
+      #OLLAMA_LLM_LIBRARY: 
+      #OLLAMA_LOAD_TIMEOUT:2s 
+      #OLLAMA_MAX_LOADED_MODELS:0 
+      #OLLAMA_MAX_QUEUE:512 
+      #OLLAMA_MODELS:/var/lib/ollama/models 
+      #OLLAMA_MULTIUSER_CACHE:false 
+      #OLLAMA_NEW_ENGINE:false 
+      #OLLAMA_NEW_ESTIMATES:false 
+      #OLLAMA_NOHISTORY:false 
+      #OLLAMA_NOPRUNE:false 
+      #OLLAMA_NUM_PARALLEL:1 
+      #OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://* vscode-webview://* vscode-file://*] 
+      #OLLAMA_SCHED_SPREAD:false 
+      #ROCR_VISIBLE_DEVICES: http_proxy: https_proxy: no_proxy:
     };
     host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
     rocmOverrideGfx = "10.3.0";
@@ -420,6 +452,7 @@ in
     docker.enable = true;
     podman.enable = false;
     docker.storageDriver = "btrfs"; # Only when using BTRFS! (wolcen approved!)
+    #docker.logDriver = "local"; # Default journald
     oci-containers = {
       backend = "docker";
       containers = {