3 changed files with 32 additions and 41 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748737919,
-        "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
+        "lastModified": 1746413188,
+        "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "5675a9686851d9626560052a032c4e14e533c1fa",
+        "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a",
        "type": "github"
      },
      "original": {
@ -22,11 +22,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1748460289,
-        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
+        "lastModified": 1746328495,
+        "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
+        "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e",
        "type": "github"
      },
      "original": {
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-# New TODO:
+# New TODO: 
 # - investigate tmux-session-wizard, and tpm
 # - see if zoxide can import .z file (from z.sh)
 # - so far, have added aliases and bashrc directly, along with bin folder and ssh setup.
@ -17,7 +17,7 @@
      inputs.home-manager.nixosModules.default
      ./main-user.nix
    ];
-
+  
  boot.initrd.luks.devices."nvme2n1p2_oldcrypt".device = "/dev/disk/by-uuid/44235dca-99e8-4ea8-9516-97d9f5a2d702";
  boot.initrd.luks.devices."altssd".device = "/dev/disk/by-partuuid/c0500656-1527-a84d-82f0-8ad764dddc92";

@ -47,7 +47,7 @@
    { device = "/dev/disk/by-partuuid/8a735e2c-01";
      fsType = "ext4";
    };
-
+  
  # Add flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

@ -55,13 +55,13 @@
  # Temporarily pin to 6.12 to fix llvm/rocm build
  # https://github.com/NixOS/nixpkgs/issues/368672#issuecomment-2608697421
  # boot.kernelPackages = pkgs.linuxPackages_6_12;
-  # boot.kernelPackages = pkgs.linuxPackages_zen;
+  boot.kernelPackages = pkgs.linuxPackages_zen;
  # nct6775 - for monitoring functions on ASUS ROG STRIX B550-F GAMING WIFI II
  # kvm-amd - AMD virtualization support
  boot.kernelModules = [ "kvm-amd" "nct6775" ];

  # Direct patching for enabling for async reprojection (for SteamVR) on AMD
-  # boot.kernelPatches = [
+  #boot.kernelPatches = [
  #  {
  #    name = "amdgpu-ignore-ctx-privileges";
  #    patch = pkgs.fetchpatch {
@ -70,7 +70,7 @@
  #      hash = "sha256-Y3a0+x2xvHsfLax/uwycdJf3xLxvVfkfDVqjkxNaYEo=";
  #    };
  #  }
-  # ];
+  #];
  services.fwupd.enable = true;
  services.hardware.openrgb.enable = true;

@ -174,7 +174,7 @@
      "wolcen" = import ./home.nix;
    };
  };
-
+  
  # Install firefox.
  programs.firefox.enable = true;

@ -195,11 +195,6 @@
    # if packets are still dropped, they will show up in dmesg
    logReversePathDrops = true;
    checkReversePath = "loose";
-    extraCommands = ''
-      # Enable connections to Ollama for VPN users:
-      iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
-      iptables -t filter -I INPUT --protocol TCP --source 10.0.7.0/24 --destination 10.40.4.2 --dport 11434 -j ACCEPT
-    '';
    # wireguard trips rpfilter up
    #extraCommands = ''
    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
@ -262,7 +257,7 @@
    pigz # muti-treaded replacement for gzip
    unzip # old standard zip handler
    rpi-imager # rasbperry pi os burner util
-    # screenkey # broadcast key presses
+    screenkey # broadcast key presses 
    superfile # cli file manager
    mpv # movie player
    #obs-studio # open broadcast studio
@ -346,7 +341,7 @@
  services.openssh.settings.LogLevel = "VERBOSE"; # required for fail2ban to work properly
  services.fail2ban.enable = true; # by default, the SSH jail enabled
  # Enable mobile shell (for roaming, intermittent connectivity, etc)
-  # programs.mosh.enable = true;
+  programs.mosh.enable = true;
  # Enable remote desktop access via rustdesk
  #services.rustdesk-server.enable = false;
  #services.rustdesk-server.openFirewall = false;
@ -380,7 +375,6 @@
    #environmentVariables = {
    #  HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
    #};
-    host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
    rocmOverrideGfx = "10.3.0";
  };
  system.activationScripts = {
@ -401,8 +395,8 @@

            environment = {
              "TZ" = "America/New York";
-              "OLLAMA_API_BASE_URL" = "http://10.40.4.2:11434/api";
-              "OLLAMA_BASE_URL" = "http://10.40.4.2:11434";
+              "OLLAMA_API_BASE_URL" = "http://127.0.0.1:11434/api";
+              "OLLAMA_BASE_URL" = "http://127.0.0.1:11434";
              "WEBUI_URL" = "http://127.0.0.1:8080/";
            };

--- a/hosts/default/main-user.nix
+++ b/hosts/default/main-user.nix
@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }:

-let
+let 
  cfg = config.main-user;
  # Create a customized version of logseq
 #  logseq-patch = pkgs.logseq.override {
@ -28,38 +28,35 @@ in
      packages = with pkgs; [
        #kdePackages.kate # ... why did I add this?
        mkcert
-        prismlauncher # minecraft launcher/manager
        thunderbird # email client
        keepassxc # passwords!
        macchina # like *fetch - display basics
        z-lua # jump around directories (be careful with same-named ones!)
        logseq # logs in sequence note keeping
        signal-desktop-bin # messaging
-        ddev # local docker dev awesomeness
+        ddev # local docker dev awesome
        vscodium # vs code editor, but free
        #yubikey-manager-qt # yubi key mgmgt - more needed
        yubioath-flutter # replacement manager for deprecated manager-qt
        #pavucontrol # pulse audio vol control
        # go to 2.17 when no more servers w/python issues (elizabeth)
-        # ansible_2_16 # deployment/automation - removed, use docker!
+        ansible_2_16 # deployment/automation
        #python311Full # troubleshooting ansible things.
        #python311Packages.ansible
        # php added for ansible composer build temporarily
        # switch to an ansible build environment instead.
-
-        # compose didn't work anyway...shut it down!
-        # php81
-        # php81Packages.composer
-        # php81Extensions.zip
-        # php81Extensions.xml
-        # php81Extensions.dom
-        # php81Extensions.bz2
-        # #php81Extensions.yaml
-        # php81Extensions.zlib
-        # php81Extensions.zstd
-        # php81Extensions.intl
-        # php81Extensions.curl
-        # php81Extensions.posix
+        php81
+        php81Packages.composer
+        php81Extensions.zip
+        php81Extensions.xml
+        php81Extensions.dom
+        php81Extensions.bz2
+        #php81Extensions.yaml
+        php81Extensions.zlib
+        php81Extensions.zstd
+        php81Extensions.intl
+        php81Extensions.curl
+        php81Extensions.posix
      ];
      shell = pkgs.zsh;
    };