wolcen/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: wolcen:931780c38f5d0a0d7038d47eeb77e5f6452f8bae
Branches Tags
wolcen:main
wolcen:hyprland
wolcen:novr
..
compare: wolcen:43a9eaed266292ca45035cb475fe73ebe0f27d58
Branches Tags
wolcen:main
wolcen:hyprland
wolcen:novr

No commits in common. "931780c38f5d0a0d7038d47eeb77e5f6452f8bae" and "43a9eaed266292ca45035cb475fe73ebe0f27d58" have entirely different histories.
931780c38f ... 43a9eaed26

2 changed files with 10 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758719930, "lastModified": 1755810213,
"narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", "narHash": "sha256-QdenO8f0PTg+tC6HuSvngKcbRZA5oZKmjUT+MXKOLQg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", "rev": "6911d3e7f475f7b3558b4f5a6aba90fa86099baa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -22,11 +22,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1758427187, "lastModified": 1755615617,
"narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "rev": "20075955deac2583bb12f07151c2df830ef346b4",
"type": "github" "type": "github"
}, },
"original": { "original": {

47
hosts/default/configuration.nix
View file

@ -214,9 +214,8 @@ in
logReversePathDrops = true; logReversePathDrops = true;
checkReversePath = "loose"; checkReversePath = "loose";
extraCommands = '' extraCommands = ''
# Enable connections to openweb-ui for VPN users: # Enable connections to Ollama for VPN users:
iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT
# Enable connections to ollama from the openweb-ui instance:
iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
''; '';
# wireguard trips rpfilter up # wireguard trips rpfilter up
@ -235,11 +234,9 @@ in
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ansible # automation/software-defined-configuration tool
binutils # gnu bin utils binutils # gnu bin utils
# conda # python environment management # conda # python environment management
uv # alternative for python env management... uv # alternative for python env management...
lazydocker # docker[/compose] tui
sqlite-interactive # sqlite cli sqlite-interactive # sqlite cli
duckdb # wanted mostly as cli for SQL on csv files duckdb # wanted mostly as cli for SQL on csv files
neovim # next gen vim w/lua neovim # next gen vim w/lua
@ -307,7 +304,6 @@ in
corectrl # provide hardware clock controls for AMDGPU corectrl # provide hardware clock controls for AMDGPU
gimp # GIMP image manipulation proggy gimp # GIMP image manipulation proggy
zed-editor # the most hopeful replacement for vscode...if I never learn nvim zed-editor # the most hopeful replacement for vscode...if I never learn nvim
noisetorch # noise/background filter for mic
]; ];
programs.zsh.enable = true; programs.zsh.enable = true;
programs.git = { programs.git = {
@ -402,43 +398,9 @@ in
services.ollama = { services.ollama = {
enable = true; enable = true;
acceleration = "rocm"; acceleration = "rocm";
environmentVariables = { #environmentVariables = {
HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore # HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
OLLAMA_LOAD_TIMEOUT = "2"; # Reduce load timeout (from 5 min)...if it's that big, forget it. #};
# OK, so origins is more about setting up CORS than firewalling things. (and requires e.g. http[s]://IP|Host/* etc)
#OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
# Default/mapped from config ENV vars:
#CUDA_VISIBLE_DEVICES:
#GPU_DEVICE_ORDINAL:
#HIP_VISIBLE_DEVICES:
#HSA_OVERRIDE_GFX_VERSION:10.3.0
#HTTPS_PROXY:
#HTTP_PROXY:
#NO_PROXY:
#OLLAMA_CONTEXT_LENGTH:4096
#OLLAMA_DEBUG:INFO
#OLLAMA_FLASH_ATTENTION:false
#OLLAMA_GPU_OVERHEAD:0
#OLLAMA_HOST:http://10.40.4.2:11434
#OLLAMA_INTEL_GPU:false
#OLLAMA_KEEP_ALIVE:5m0s
#OLLAMA_KV_CACHE_TYPE:
#OLLAMA_LLM_LIBRARY:
#OLLAMA_LOAD_TIMEOUT:2s
#OLLAMA_MAX_LOADED_MODELS:0
#OLLAMA_MAX_QUEUE:512
#OLLAMA_MODELS:/var/lib/ollama/models
#OLLAMA_MULTIUSER_CACHE:false
#OLLAMA_NEW_ENGINE:false
#OLLAMA_NEW_ESTIMATES:false
#OLLAMA_NOHISTORY:false
#OLLAMA_NOPRUNE:false
#OLLAMA_NUM_PARALLEL:1
#OLLAMA_ORIGINS:[http://localhost https://localhost http://localhost:* https://localhost:* http://127.0.0.1 https://127.0.0.1 http://127.0.0.1:* https://127.0.0.1:* http://0.0.0.0 https://0.0.0.0 http://0.0.0.0 https://0.0.0.0 http://0.0.0.0:* https://0.0.0.0:* app://* file://* tauri://* vscode-webview://* vscode-file://*]
#OLLAMA_SCHED_SPREAD:false
#ROCR_VISIBLE_DEVICES: http_proxy: https_proxy: no_proxy:
};
host = "10.40.4.2"; # See also ip46tables update in firewall extracommands host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
rocmOverrideGfx = "10.3.0"; rocmOverrideGfx = "10.3.0";
}; };
@ -452,7 +414,6 @@ in
docker.enable = true; docker.enable = true;
podman.enable = false; podman.enable = false;
docker.storageDriver = "btrfs"; # Only when using BTRFS! (wolcen approved!) docker.storageDriver = "btrfs"; # Only when using BTRFS! (wolcen approved!)
#docker.logDriver = "local"; # Default journald
oci-containers = { oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {