Disable Zen kernel

Possible source of stability issues?
Update nix flake.lock
2025-06-01 02:42:10 -04:00 · 2025-06-01 02:41:48 -04:00 · 2025-05-31 17:50:40 -04:00 · 2025-05-31 17:46:40 -04:00 · 2025-05-31 17:45:30 -04:00
3 changed files with 41 additions and 32 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746413188,
-        "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=",
+        "lastModified": 1748737919,
+        "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a",
+        "rev": "5675a9686851d9626560052a032c4e14e533c1fa",
        "type": "github"
      },
      "original": {
@ -22,11 +22,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1746328495,
-        "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=",
+        "lastModified": 1748460289,
+        "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e",
+        "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
        "type": "github"
      },
      "original": {
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-# New TODO: 
+# New TODO:
 # - investigate tmux-session-wizard, and tpm
 # - see if zoxide can import .z file (from z.sh)
 # - so far, have added aliases and bashrc directly, along with bin folder and ssh setup.
@ -17,7 +17,7 @@
      inputs.home-manager.nixosModules.default
      ./main-user.nix
    ];
-  
+
  boot.initrd.luks.devices."nvme2n1p2_oldcrypt".device = "/dev/disk/by-uuid/44235dca-99e8-4ea8-9516-97d9f5a2d702";
  boot.initrd.luks.devices."altssd".device = "/dev/disk/by-partuuid/c0500656-1527-a84d-82f0-8ad764dddc92";

@ -47,7 +47,7 @@
    { device = "/dev/disk/by-partuuid/8a735e2c-01";
      fsType = "ext4";
    };
-  
+
  # Add flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

@ -55,13 +55,13 @@
  # Temporarily pin to 6.12 to fix llvm/rocm build
  # https://github.com/NixOS/nixpkgs/issues/368672#issuecomment-2608697421
  # boot.kernelPackages = pkgs.linuxPackages_6_12;
-  boot.kernelPackages = pkgs.linuxPackages_zen;
+  # boot.kernelPackages = pkgs.linuxPackages_zen;
  # nct6775 - for monitoring functions on ASUS ROG STRIX B550-F GAMING WIFI II
  # kvm-amd - AMD virtualization support
  boot.kernelModules = [ "kvm-amd" "nct6775" ];

  # Direct patching for enabling for async reprojection (for SteamVR) on AMD
-  #boot.kernelPatches = [
+  # boot.kernelPatches = [
  #  {
  #    name = "amdgpu-ignore-ctx-privileges";
  #    patch = pkgs.fetchpatch {
@ -70,7 +70,7 @@
  #      hash = "sha256-Y3a0+x2xvHsfLax/uwycdJf3xLxvVfkfDVqjkxNaYEo=";
  #    };
  #  }
-  #];
+  # ];
  services.fwupd.enable = true;
  services.hardware.openrgb.enable = true;

@ -174,7 +174,7 @@
      "wolcen" = import ./home.nix;
    };
  };
-  
+
  # Install firefox.
  programs.firefox.enable = true;

@ -195,6 +195,11 @@
    # if packets are still dropped, they will show up in dmesg
    logReversePathDrops = true;
    checkReversePath = "loose";
+    extraCommands = ''
+      # Enable connections to Ollama for VPN users:
+      iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
+      iptables -t filter -I INPUT --protocol TCP --source 10.0.7.0/24 --destination 10.40.4.2 --dport 11434 -j ACCEPT
+    '';
    # wireguard trips rpfilter up
    #extraCommands = ''
    #  ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
@ -257,7 +262,7 @@
    pigz # muti-treaded replacement for gzip
    unzip # old standard zip handler
    rpi-imager # rasbperry pi os burner util
-    screenkey # broadcast key presses 
+    # screenkey # broadcast key presses
    superfile # cli file manager
    mpv # movie player
    #obs-studio # open broadcast studio
@ -341,7 +346,7 @@
  services.openssh.settings.LogLevel = "VERBOSE"; # required for fail2ban to work properly
  services.fail2ban.enable = true; # by default, the SSH jail enabled
  # Enable mobile shell (for roaming, intermittent connectivity, etc)
-  programs.mosh.enable = true;
+  # programs.mosh.enable = true;
  # Enable remote desktop access via rustdesk
  #services.rustdesk-server.enable = false;
  #services.rustdesk-server.openFirewall = false;
@ -375,6 +380,7 @@
    #environmentVariables = {
    #  HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
    #};
+    host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
    rocmOverrideGfx = "10.3.0";
  };
  system.activationScripts = {
@ -395,8 +401,8 @@

            environment = {
              "TZ" = "America/New York";
-              "OLLAMA_API_BASE_URL" = "http://127.0.0.1:11434/api";
-              "OLLAMA_BASE_URL" = "http://127.0.0.1:11434";
+              "OLLAMA_API_BASE_URL" = "http://10.40.4.2:11434/api";
+              "OLLAMA_BASE_URL" = "http://10.40.4.2:11434";
              "WEBUI_URL" = "http://127.0.0.1:8080/";
            };

--- a/hosts/default/main-user.nix
+++ b/hosts/default/main-user.nix
@ -1,6 +1,6 @@
 { lib, config, pkgs, ... }:

-let 
+let
  cfg = config.main-user;
  # Create a customized version of logseq
 #  logseq-patch = pkgs.logseq.override {
@ -28,35 +28,38 @@ in
      packages = with pkgs; [
        #kdePackages.kate # ... why did I add this?
        mkcert
+        prismlauncher # minecraft launcher/manager
        thunderbird # email client
        keepassxc # passwords!
        macchina # like *fetch - display basics
        z-lua # jump around directories (be careful with same-named ones!)
        logseq # logs in sequence note keeping
        signal-desktop-bin # messaging
-        ddev # local docker dev awesome
+        ddev # local docker dev awesomeness
        vscodium # vs code editor, but free
        #yubikey-manager-qt # yubi key mgmgt - more needed
        yubioath-flutter # replacement manager for deprecated manager-qt
        #pavucontrol # pulse audio vol control
        # go to 2.17 when no more servers w/python issues (elizabeth)
-        ansible_2_16 # deployment/automation
+        # ansible_2_16 # deployment/automation - removed, use docker!
        #python311Full # troubleshooting ansible things.
        #python311Packages.ansible
        # php added for ansible composer build temporarily
        # switch to an ansible build environment instead.
-        php81
-        php81Packages.composer
-        php81Extensions.zip
-        php81Extensions.xml
-        php81Extensions.dom
-        php81Extensions.bz2
-        #php81Extensions.yaml
-        php81Extensions.zlib
-        php81Extensions.zstd
-        php81Extensions.intl
-        php81Extensions.curl
-        php81Extensions.posix
+
+        # compose didn't work anyway...shut it down!
+        # php81
+        # php81Packages.composer
+        # php81Extensions.zip
+        # php81Extensions.xml
+        # php81Extensions.dom
+        # php81Extensions.bz2
+        # #php81Extensions.yaml
+        # php81Extensions.zlib
+        # php81Extensions.zstd
+        # php81Extensions.intl
+        # php81Extensions.curl
+        # php81Extensions.posix
      ];
      shell = pkgs.zsh;
    };
Author	SHA1	Message	Date
Chris (wolcen) Thompson	a072873cc3	Disable Zen kernel Possible source of stability issues?	2025-06-01 02:42:10 -04:00
Chris (wolcen) Thompson	18ab34b062	Update nix flake.lock	2025-06-01 02:41:48 -04:00
Chris (wolcen) Thompson	2da8f22d2d	Allow access to ollama from VPN servers	2025-05-31 17:50:40 -04:00
Chris (wolcen) Thompson	f304b82399	Clean up formats and remove some unused packages	2025-05-31 17:46:40 -04:00
Chris (wolcen) Thompson	bc36afa89d	Update nix flake.lock	2025-05-31 17:45:30 -04:00