From bc36afa89d71e5b106b480d3111aae28222ac2a5 Mon Sep 17 00:00:00 2001 From: "Chris (wolcen) Thompson" Date: Sat, 31 May 2025 17:45:30 -0400 Subject: [PATCH 1/5] Update nix flake.lock --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 88c5383..865bc8c 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1746413188, - "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=", + "lastModified": 1748668774, + "narHash": "sha256-fYk/vk4ClmvHIgnGv/5GNRiDLtNCwXo9aLq36L/x+P4=", "owner": "nix-community", "repo": "home-manager", - "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a", + "rev": "60e4624302d956fe94d3f7d96a560d14d70591b9", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746328495, - "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { From f304b823991d16b6168d644be515f3f38825f75d Mon Sep 17 00:00:00 2001 From: "Chris (wolcen) Thompson" Date: Sat, 31 May 2025 17:46:40 -0400 Subject: [PATCH 2/5] Clean up formats and remove some unused packages --- hosts/default/configuration.nix | 16 ++++++++-------- hosts/default/main-user.nix | 33 ++++++++++++++++++--------------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index 4876a16..8004e5a 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -# New TODO: +# New TODO: # - investigate tmux-session-wizard, and tpm # - see if zoxide can import .z file (from z.sh) # - so far, have added aliases and bashrc directly, along with bin folder and ssh setup. @@ -17,7 +17,7 @@ inputs.home-manager.nixosModules.default ./main-user.nix ]; - + boot.initrd.luks.devices."nvme2n1p2_oldcrypt".device = "/dev/disk/by-uuid/44235dca-99e8-4ea8-9516-97d9f5a2d702"; boot.initrd.luks.devices."altssd".device = "/dev/disk/by-partuuid/c0500656-1527-a84d-82f0-8ad764dddc92"; @@ -47,7 +47,7 @@ { device = "/dev/disk/by-partuuid/8a735e2c-01"; fsType = "ext4"; }; - + # Add flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -61,7 +61,7 @@ boot.kernelModules = [ "kvm-amd" "nct6775" ]; # Direct patching for enabling for async reprojection (for SteamVR) on AMD - #boot.kernelPatches = [ + # boot.kernelPatches = [ # { # name = "amdgpu-ignore-ctx-privileges"; # patch = pkgs.fetchpatch { @@ -70,7 +70,7 @@ # hash = "sha256-Y3a0+x2xvHsfLax/uwycdJf3xLxvVfkfDVqjkxNaYEo="; # }; # } - #]; + # ]; services.fwupd.enable = true; services.hardware.openrgb.enable = true; @@ -174,7 +174,7 @@ "wolcen" = import ./home.nix; }; }; - + # Install firefox. programs.firefox.enable = true; @@ -257,7 +257,7 @@ pigz # muti-treaded replacement for gzip unzip # old standard zip handler rpi-imager # rasbperry pi os burner util - screenkey # broadcast key presses + # screenkey # broadcast key presses superfile # cli file manager mpv # movie player #obs-studio # open broadcast studio @@ -341,7 +341,7 @@ services.openssh.settings.LogLevel = "VERBOSE"; # required for fail2ban to work properly services.fail2ban.enable = true; # by default, the SSH jail enabled # Enable mobile shell (for roaming, intermittent connectivity, etc) - programs.mosh.enable = true; + # programs.mosh.enable = true; # Enable remote desktop access via rustdesk #services.rustdesk-server.enable = false; #services.rustdesk-server.openFirewall = false; diff --git a/hosts/default/main-user.nix b/hosts/default/main-user.nix index d860345..2c4ad3f 100644 --- a/hosts/default/main-user.nix +++ b/hosts/default/main-user.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: -let +let cfg = config.main-user; # Create a customized version of logseq # logseq-patch = pkgs.logseq.override { @@ -28,35 +28,38 @@ in packages = with pkgs; [ #kdePackages.kate # ... why did I add this? mkcert + prismlauncher # minecraft launcher/manager thunderbird # email client keepassxc # passwords! macchina # like *fetch - display basics z-lua # jump around directories (be careful with same-named ones!) logseq # logs in sequence note keeping signal-desktop-bin # messaging - ddev # local docker dev awesome + ddev # local docker dev awesomeness vscodium # vs code editor, but free #yubikey-manager-qt # yubi key mgmgt - more needed yubioath-flutter # replacement manager for deprecated manager-qt #pavucontrol # pulse audio vol control # go to 2.17 when no more servers w/python issues (elizabeth) - ansible_2_16 # deployment/automation + # ansible_2_16 # deployment/automation - removed, use docker! #python311Full # troubleshooting ansible things. #python311Packages.ansible # php added for ansible composer build temporarily # switch to an ansible build environment instead. - php81 - php81Packages.composer - php81Extensions.zip - php81Extensions.xml - php81Extensions.dom - php81Extensions.bz2 - #php81Extensions.yaml - php81Extensions.zlib - php81Extensions.zstd - php81Extensions.intl - php81Extensions.curl - php81Extensions.posix + + # compose didn't work anyway...shut it down! + # php81 + # php81Packages.composer + # php81Extensions.zip + # php81Extensions.xml + # php81Extensions.dom + # php81Extensions.bz2 + # #php81Extensions.yaml + # php81Extensions.zlib + # php81Extensions.zstd + # php81Extensions.intl + # php81Extensions.curl + # php81Extensions.posix ]; shell = pkgs.zsh; }; From 2da8f22d2da53111aa31a0246ed83f7ad55758e8 Mon Sep 17 00:00:00 2001 From: "Chris (wolcen) Thompson" Date: Sat, 31 May 2025 17:50:40 -0400 Subject: [PATCH 3/5] Allow access to ollama from VPN servers --- hosts/default/configuration.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index 8004e5a..2348a66 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -195,6 +195,11 @@ # if packets are still dropped, they will show up in dmesg logReversePathDrops = true; checkReversePath = "loose"; + extraCommands = '' + # Enable connections to Ollama for VPN users: + iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT + iptables -t filter -I INPUT --protocol TCP --source 10.0.7.0/24 --destination 10.40.4.2 --dport 11434 -j ACCEPT + ''; # wireguard trips rpfilter up #extraCommands = '' # ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN @@ -375,6 +380,7 @@ #environmentVariables = { # HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore #}; + host = "10.40.4.2"; # See also ip46tables update in firewall extracommands rocmOverrideGfx = "10.3.0"; }; system.activationScripts = { @@ -395,8 +401,8 @@ environment = { "TZ" = "America/New York"; - "OLLAMA_API_BASE_URL" = "http://127.0.0.1:11434/api"; - "OLLAMA_BASE_URL" = "http://127.0.0.1:11434"; + "OLLAMA_API_BASE_URL" = "http://10.40.4.2:11434/api"; + "OLLAMA_BASE_URL" = "http://10.40.4.2:11434"; "WEBUI_URL" = "http://127.0.0.1:8080/"; }; From 18ab34b062031a918a39c87c5044c059a0a16ad9 Mon Sep 17 00:00:00 2001 From: "Chris (wolcen) Thompson" Date: Sun, 1 Jun 2025 02:41:48 -0400 Subject: [PATCH 4/5] Update nix flake.lock --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 865bc8c..18ba42e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748668774, - "narHash": "sha256-fYk/vk4ClmvHIgnGv/5GNRiDLtNCwXo9aLq36L/x+P4=", + "lastModified": 1748737919, + "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "60e4624302d956fe94d3f7d96a560d14d70591b9", + "rev": "5675a9686851d9626560052a032c4e14e533c1fa", "type": "github" }, "original": { From a072873cc32381383df696721a98e9022ba27b19 Mon Sep 17 00:00:00 2001 From: "Chris (wolcen) Thompson" Date: Sun, 1 Jun 2025 02:42:10 -0400 Subject: [PATCH 5/5] Disable Zen kernel Possible source of stability issues? --- hosts/default/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index 2348a66..c48d659 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -55,7 +55,7 @@ # Temporarily pin to 6.12 to fix llvm/rocm build # https://github.com/NixOS/nixpkgs/issues/368672#issuecomment-2608697421 # boot.kernelPackages = pkgs.linuxPackages_6_12; - boot.kernelPackages = pkgs.linuxPackages_zen; + # boot.kernelPackages = pkgs.linuxPackages_zen; # nct6775 - for monitoring functions on ASUS ROG STRIX B550-F GAMING WIFI II # kvm-amd - AMD virtualization support boot.kernelModules = [ "kvm-amd" "nct6775" ];