From 96ab25c6ad01c6aab46a3038fec51113a9035b26 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 18 Jan 2026 17:08:05 -0600 Subject: [PATCH] move options --- machines/homebox | 2 +- system/profiles/homebox/default.nix | 6 - system/profiles/homebox/disko.nix | 145 ------------- .../homebox/hardware-configuration.nix | 39 ---- system/profiles/homebox/secrets.yaml | 41 ---- system/profiles/laptop/secrets.yaml | 18 -- system/services/containers/ollama/default.nix | 128 ----------- system/services/containers/pihole/default.nix | 204 ------------------ .../nathan/home-manager/packages/default.nix | 4 +- 9 files changed, 4 insertions(+), 583 deletions(-) delete mode 100644 system/profiles/homebox/disko.nix delete mode 100644 system/profiles/homebox/hardware-configuration.nix delete mode 100644 system/profiles/homebox/secrets.yaml delete mode 100644 system/profiles/laptop/secrets.yaml delete mode 100644 system/services/containers/ollama/default.nix delete mode 100644 system/services/containers/pihole/default.nix diff --git a/machines/homebox b/machines/homebox index 58bbf94..07b9b65 160000 --- a/machines/homebox +++ b/machines/homebox @@ -1 +1 @@ -Subproject commit 58bbf942d8b0a147bfab7d62efd84c5a504d337d +Subproject commit 07b9b65382f6645a3edd4cd4f5cb2fdf15707658 diff --git a/system/profiles/homebox/default.nix b/system/profiles/homebox/default.nix index 78f12f8..e5493fb 100644 --- a/system/profiles/homebox/default.nix +++ b/system/profiles/homebox/default.nix @@ -3,12 +3,8 @@ { imports = [ - ./hardware-configuration.nix - disko.nixosModules.default - (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; }) - sops-nix.nixosModules.sops home-manager.nixosModules.default @@ -79,8 +75,6 @@ docker = { enable = true; - nvidia = true; - portainer.enable = true; pihole.enable = true; ollama.enable = true; diff --git a/system/profiles/homebox/disko.nix b/system/profiles/homebox/disko.nix deleted file mode 100644 index 9aba623..0000000 --- a/system/profiles/homebox/disko.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ - device1 ? throw "Set this to your disk device, e.g. /dev/sda", - device2, - device3, - ... -}: { - disko.devices = { - disk = { - main = { - device = device1; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - swap = { - size = "4G"; - content = { - type = "swap"; - resumeDevice = true; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "root_vg"; - }; - }; - }; - }; - }; - ssd1 = { - device = device2; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ssd1 = { - name = "ssd1"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "ssd1_vg"; - }; - }; - }; - }; - }; - hdd1 = { - device = device3; - type = "disk"; - content = { - type = "gpt"; - partitions = { - hdd1 = { - name = "hdd1"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "hdd1_vg"; - }; - }; - }; - }; - }; - }; - lvm_vg = { - root_vg = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = ["-f"]; - - subvolumes = { - "/root" = { - mountpoint = "/"; - }; - - "/nix" = { - mountOptions = ["subvol=nix" "noatime"]; - mountpoint = "/nix"; - }; - }; - }; - }; - }; - }; - ssd1_vg = { - type = "lvm_vg"; - lvs = { - ssd1 = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/ssd1" = { - mountOptions = [ "subvol=ssd1" "noatime" ]; - mountpoint = "/ssd1"; - }; - }; - }; - }; - }; - }; - hdd1_vg = { - type = "lvm_vg"; - lvs = { - hdd1 = { - size = "100%FREE"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/hdd1" = { - mountOptions = [ "subvol=hdd1" "noatime" ]; - mountpoint = "/hdd1"; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/system/profiles/homebox/hardware-configuration.nix b/system/profiles/homebox/hardware-configuration.nix deleted file mode 100644 index 622fabb..0000000 --- a/system/profiles/homebox/hardware-configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.br-de2feead48ad.useDHCP = lib.mkDefault true; - # networking.interfaces.docker0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-blunkall-us.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-gitea.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-home-assnHYM.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-jellyfin.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-keycloak.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-n8n.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-netbird.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-nextcloud.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-ollama.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-traefik.useDHCP = lib.mkDefault true; - # networking.interfaces.ve-wyoming.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/system/profiles/homebox/secrets.yaml b/system/profiles/homebox/secrets.yaml deleted file mode 100644 index b8c9849..0000000 --- a/system/profiles/homebox/secrets.yaml +++ /dev/null @@ -1,41 +0,0 @@ -nathan: - pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str] -authentik: - pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str] - secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str] -pihole: - pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str] -gitea: - dbpass: ENC[AES256_GCM,data:hVRLXACRECNSnXRn8BEP0ZFT,iv:zuIvzStek6OEu+P4Nh8Wsq9eRVt/zP8KGVXYZWjSvW0=,tag:m4t8vKNGhz8NqkDWbCRgnA==,type:str] -keycloak: - dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str] -netbird: - coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str] -gitlab: - db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str] - root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str] - secrets: - secret: ENC[AES256_GCM,data:3/26giCD58RErtEDxQ90KxRl3aa8oH4co2Urw21r7hHCKaoSti1VpYoBtlvHdr5j,iv:SwliwLWSFfTZoc31JSm9YKBDGKiPQE7ujkiGaZmCQUc=,tag:2KT5BpJukixvhb6tnZb6lw==,type:str] - otp: ENC[AES256_GCM,data:RWOkQVPRsrJgPVtx49hiWRMAxVOszKxaDl40XQDL+QoDuoZi03wSxHiu4Ix9X2BR,iv:uO+CTR5S4r1q7n1ycQw0hYdu8JflSrvkgLiBbCmT8mk=,tag:gqCwNOqD78lFtgxUPyUw3A==,type:str] - db: ENC[AES256_GCM,data:rF4IIp1uFSGa67LVm8fy4/qFOmZLInRcG2IAfnuZG3+xtS9Z2RXpNcTZNFBDdOaD,iv:/KYwf3ZH6w48L49rY/FmaGQOt3jGdOUTZ9vFhmLZG60=,tag:f38iYIgpgdjWF34qD1fz2w==,type:str] - jws: ENC[AES256_GCM,data:C+GVDeO319QGjq2+fBMr1LaY6/6Tuz6jWomkvFVul6ydJjmMFO3A9dYI66WWY6g2iZgYEWDKUikW1qDK5sGgU5ZAZzaqS01LUsSsPHUcMqIg/AjtcRfaEvHYODYPPSEwdISzhceDaim8yqhrNTIOHUHvOxcILvtUmsI61hNfVSnOQbqifIJDgGP7bKaf96t8+qcBvp/UBwP1qHj/m4jD83yc8Pdih+ZuPmyNdo3Ew0nbLTykYVX3XsrO1RlJ/Gp+KPfRSJzVGAnqUKr8mI+32LUpXSJ96bEGA67/blSh1dbBxSVo3K83aZYuY6vvXb+Et6qd4piZYKGCxA+waSrTkYHvSgS5vJRbCGWauXKCYFASxxqmdJ3cu+rbphbshBVA3SIPHhZxun6BWaP0qTYZyfB/YsSU4J+kYiE3UEYX9GYEAY9bsO89IYZSsTsmYke2EI4KMcjyUFstZ2WTYqCpwJ6CMAuerDEMHP6N3xCO5MVDZfE4sKKHpfSCVQg8ak7IxV+3jZvZi2tUbvZZf/tYORzPeTUSEpcC4cGwwAJd3XKUetaiuDwQVkLa13xotfL0d+Lwc6eZil0e/sureLqvQM6kpWhK7yscu2hKGOzxx/OZClry2Uyc1fL5iWWxvM8Djg+ShoAS5m3Nt0R+mcLdgaylkZvMl9gNWFO1uzlnhGnJQtekVaXCJ9f9QZt5RizJYwM9pMKhSDTZ0vd4y69iZpz3YXhKtkvYX02RIFtTiqsbyU0pXVjK0SpKsb5T+yphacGeZRwQS9QadW9dE6xQsxwwYC//swm5l6ke+DyZrcsc/J+MBHFuN71D2st+jtfywZYg/YT9EcCFOMjqEgfDq7YICgyqfqRGAdVWQy660T5Mi+gYKcHqbYXaaB3VNL2RGIu/uybih/7ynGRM2+0ro9oKJ+fEbdi1alSFFJ0IvA5lU6XHd2CSyizEC9ak+HBLkYeSqOPfItfLH82jRiUtrY5u4fIlioLQTA1aKHax6q8cIf30FCGenhjM6jMj2WpXKI16+1xK9Om9mg94YmFjM+erQh3o/fbPuMbkNaNJQwabupshBK2h3caaE0cDUnDukUFUANHz9q5LVxSkw39GTjGpovxQJiZHbSdeIC/AzFXRVA1ojhzkeuefygdP27Aa+fLjEBn2x8AcdhyP1n8lQyjy0Wnxq9hJDbVXJF93FIdcCmF/JGejgHcr3YZUMY4OFG9gzISDEdgR99fYvKM+A9Pj2JNtCQ5iKCctg5opIEKA1z4RIpRQs0KmXq3JgjWhU1LeOWaX2YzS5rCJWyhxnTJXGk4a/cMvhbLRjFOKcDNNMp8yJrXk1pth7nFOJ4Put6o67jtjbgpgnPuEdelnXEEaReCfJEo2z8zka63kYqbIvcG4W2pKwsA4tT0QctVwltRdYU8YyKuOpQJtKvVdlZL0oxOwxPioTT8fOebRBaecKhQKF4fp9UGlE/GStud6oFSbN685U2TKihvYNmfLRSWQk1Y/APyCRlhOmhFLaIzJxogdlKzpg4AEg/2SRoEZPsqyZThI8uhCIT1qG0UBiZBTjey322fsEEZtNxO5nX/JeBDOVty3sIGs1OKBTjMXSZ+nzU9AIH6dek9Bz+Fix7a90IkQUB5xtgrIYgCH34L4a0o1jWy5bzT9fl53VnbzrICcT/wdRU/GznYYjxlF2uRBKIu7s0glDmsPXCZuorqvJlr2hySgN/hJKOlrCghraUD14pRk4OfRVKULkPQ7betgaCVbsihXplodrAgJ0BdIbf3tKRC8Ghx8+mYAWNXj+PtWBydEjEirCH70SJu53gjF5mNgl2EIaHNK7jqBgXhDr2/7uH97Tl+S9ue+TDlpr067T5JAqU3fOqq+ZS4wqEvqMYRfXd/V2FjNbBpoH8UW6pMuFaM06DBI+6p9O9xBl1eP3Sy3vrBwK2pCwLbi0LdJ2apQTl/51ZXp2xaaUAAh1Fu/bM21V7ENa5sGxpSTYwdSLyPnd8usqECw9W1XDNUI2EmJnp9AelD/joNwuL6U7pydrNUCguCjxHfbd+m0vc/te53GerJlSXbjEWz53f3RjSB90AaA6sOGhi1BFiHYSAjzMdqVSj4M68r+UF3YIuEuoaOzrVrkb5st3tYD0dz+ORhxo44aKEzgohseha5fg0wcTz9orqkeP/FyoOeItG2UwNVAWWGh/lBtXh8c4ILUMolZ1m2DWiYj/pyDvODVnP96u6TvyMC0H8aolgGHn7nDMTi+mCIvNFQYeXdVrRCpWS9aQik=,iv:cxdargXx2a7pET7BjCSZ/yXL7AnxNqncyDQ7CR3E3AA=,tag:2xKXfhBjynDqlvH377lpSA==,type:str] - oidc: - id: ENC[AES256_GCM,data:b6o2cCCSXJ5bIhA47InfhqwjO5Tjr0Mls+7VT5cunFfEHkdOInxplw==,iv:txren/8jnAUvCI/k9cxN29ZkSgCuPEAo0IpyREf2E9A=,tag:BFOZrM18zUJMEACpLz7KRw==,type:str] - secret: ENC[AES256_GCM,data:4HPPbVBOeDjdL81d402Rz6Luk1DZbk8InHfO+Sx/OJIvUf/shkCRyp3hStIDC03bA8HV66GeejvWFte+vQ2b5X3Fl2GXfHQi7brMFVEYfYdR2XRdra0aOeSrHtW5uUn0MpVCRwYDb1JahIWhLyqcYyOpV91xjNiIVg8S3MHr+mo=,iv:c3Q4qPMxZJuoO5XRzUDZh5XJOtff9eiMTlOx+MDMSaE=,tag:07fIkN9YXXJMEV59QEFIag==,type:str] -nextcloud: - pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str] -sops: - age: - - recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVFhtcWkreVV6UmJkcW1P - WUluUTlOcjYzME1yVVNpVWJldXVsWG1vN3dNCmlvYURNV285anlIa3FrbXRVTERB - dXZDWHhEbFp3YWw5d2w4Y09vbUVCNHcKLS0tIEF4ZU5ZdWI5MVBtN0FOUUZDQUR4 - S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M - 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-19T05:54:41Z" - mac: ENC[AES256_GCM,data:hLxsJDB3kr00fVVlkGC7L/pP3AH+W+IZbt4zHxGb9C7bhgs1zkLdDGGW8uqitsYQP5ZqSq00raym+JGGREH0q+SepQB+yrB26yDsac6thzKV1Yr3sIMhKdzSHJiNEawUxI7pTToKG3e6XDz2S0r0i0AvAoA6abPHoPH4ihojoXE=,iv:lSKAiSdkP1FxVoeKtSYs4i3HcyouNUeBHRvAXXqiBKY=,tag:hJGw0QhvbUf9M3AXC67iFA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/system/profiles/laptop/secrets.yaml b/system/profiles/laptop/secrets.yaml deleted file mode 100644 index fa2e25d..0000000 --- a/system/profiles/laptop/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -nathan: - pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str] -remoteBuildKey: ENC[AES256_GCM,data:CN7AyOCV4iYzYrwVh2Af5YB0nwR4raXfj5FbbeIZg5Bfha0sUPnLAG+oqVUyzVQA3yftFhfwPGaALOyb6VlT13pTifG+uEoyiq1dQP6dimlmk/p/6kVtg4aiETJ/61EUeQF/HTVTZ3F7akgQRsKNFQYbF2srcurPQSY0Q2gjlkkFA3A3aLoN2LrkFPJvtnNP6SJzXDFHVOTPmbc/DvF9UbMiYu0viIlfiPqeBs26lAqcOWhrYlOxKqEL2IoP3kADDncedxT42c1rCPB/2kGvKg+mXSlaIH3a0Hb8hrnjVUB0edyqYnNCurVhPF8mg2yoqrtyaxRkZKvUsa5LBZwS+iL9bYQdU/4hxT9c7wRC+ZtWkwF4l/gy8Ggc+VuB+YT9JUCJY96o8f2wKFup0BS+oiYLGJKpcOLMFrPJLEtOMrqPN/Z6+gZ9LVbhlSliIV/yUTJAa26el0w6tP9Ebs6tHiFakpkMahsBbRxmHBmqkHW5zfa5YpvD5Ii/EC+F8Vb/Efn6LkBZBwSB6K33NSOy,iv:4i0bGQe7wiDSvmygY2VNSEhuYfYIi9YY1g7qLgDTcMo=,tag:MJqOovOcZ97COsVjxZus8w==,type:str] -sops: - age: - - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MEIyRjR0a25UU3hnR2Zw - WXFaaXJYNWFSMmZsR1FsYVB1WlBkZWptSHhzCkRGRitnNkc3MEtjV05KRXlXT3RR - TVhnVlpUdzFiSEwxbHNOT3dyQ0dzbG8KLS0tIElMc3g4SHRxZTVnOCtVcktRb25D - Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu - y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-23T03:46:50Z" - mac: ENC[AES256_GCM,data:QJLMqnmkrgtTqqmLN9NCfV8PPm5N/F0gtGw/XlX+nnfbesGVeYubSjtHmYWmY7ha41jEvLYu8rmIXaxDepfogyOf4wzuRPLkJxO7Wu0UVdr5uZlHNrcxZh4Ex6YGgg8Lbcjs0iVCev66lWfuhuxuvPOKsGLZvoNTq0V1hLpo/Fw=,iv:VFrL0L6tC1JvWM3BOJP4Dh+q1xSMBecCtPnNcY/loAU=,tag:p5VmBaGPTxyTmm1Ha9Le3Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/system/services/containers/ollama/default.nix b/system/services/containers/ollama/default.nix deleted file mode 100644 index 89536a9..0000000 --- a/system/services/containers/ollama/default.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ config, lib, nixpkgs-us, ... }: { - - options = { - sysconfig.virtualization.ollama.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - }; - - config = lib.mkIf config.sysconfig.virtualization.ollama.enable { - - networking = { - nat.internalInterfaces = [ "ve-ollama" ]; - }; - - containers.ollama = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.24"; - - bindMounts = { - "/dev/nvidia0" = { - hostPath = "/dev/nvidia0"; - isReadOnly = false; - }; - "/dev/nvidiactl" = { - hostPath = "/dev/nvidiactl"; - isReadOnly = false; - }; - "/dev/nvidia-uvm" = { - hostPath = "/dev/nvidia-uvm"; - isReadOnly = false; - }; - "/dev/nvidia-modeset" = { - hostPath = "/dev/nvidia-modeset"; - isReadOnly = false; - }; - "/dev/nvidia-uvm-tools" = { - hostPath = "/dev/nvidia-uvm-tools"; - isReadOnly = false; - }; - "/etc/nvidia" = { - hostPath = "/etc/nvidia"; - isReadOnly = false; - }; - - "/dev/dri" = { - hostPath = "/dev/dri"; - isReadOnly = false; - }; - "/dev/dri/renderD128" = { - hostPath = "/dev/dri/renderD128"; - isReadOnly = false; - }; - }; - - allowedDevices = [ - { - node = "/dev/nvidia0"; - modifier = "rw"; - } - { - node = "/dev/nvidiactl"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm"; - modifier = "rw"; - } - { - node = "/dev/nvidia-modeset"; - modifier = "rw"; - } - { - node = "/dev/nvidia-uvm-tools"; - modifier = "rw"; - } -/* - { - node = "/dev/dri"; - modifier = "rw"; - } - { - node = "/dev/dri/renderD128"; - modifier = "rw"; - }*/ - ]; - - config = { - - services.ollama = { - enable = true; - acceleration = "cuda"; - package = let - pkgs-us = import nixpkgs-us { - system = "x86_64-linux"; - config.allowUnfree = true; - }; - in pkgs-us.ollama-cuda; - - environmentVariables = { - OLLAMA_CONTEXT_LENGTH = "24000"; - }; - - host = "0.0.0.0"; - - loadModels = [ "llama3.1:8b" ]; - - openFirewall = true; - - user = "ollama"; - }; - - users.users.ollama.extraGroups = [ "video" "render" ]; - - systemd.services.ollama.serviceConfig = { - PrivateDevices = lib.mkForce false; - DevicePolicy = lib.mkForce "auto"; - }; - - system.stateVersion = "25.05"; - }; - }; - - }; -} diff --git a/system/services/containers/pihole/default.nix b/system/services/containers/pihole/default.nix deleted file mode 100644 index f0a2ecf..0000000 --- a/system/services/containers/pihole/default.nix +++ /dev/null @@ -1,204 +0,0 @@ -{ config, lib, nixpkgs-us, ... }: { - - options.sysconfig.virtualization.pihole.enable = lib.options.mkOption { - type = lib.types.bool; - default = false; - }; - - - config = lib.mkIf config.sysconfig.virtualization.pihole.enable { -/* sops.secrets."pihole/pass" = {}; - - sops.templates."pihole.env" = { - content = '' - WEBPASSWORD=${config.sops.placeholder."pihole/pass"} - ''; - - path = "/ssd1/Pihole/.env"; - }; -*/ - - networking = { - nameservers = [ - "192.168.100.28" - "1.1.1.1" - "1.0.0.1" - ]; - - nat.internalInterfaces = [ "ve-pihole" ]; - - /*firewall.interfaces."ve-traefik" = { - allowedTCPPorts = [ 53 80 ]; - allowedUDPPorts = [ 53 ]; - };*/ - }; - - /*services = { - pihole-web = { - enable = true; - - hostName = "pihole.local"; - - ports = [ 80 ]; - }; - - pihole-ftl = { - enable = true; - - openFirewallDNS = true; - openFirewallWebserver = true; - - lists = [ - { - url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; - } - ]; - - settings = { - dns = { - upstreams = [ -#"127.0.0.1#5335" - "1.0.0.1" - "1.1.1.1" - ]; - - cnameRecords = [ - "traefik.local,local.internal.esotericbytes.com" - "pihole.local,local.internal.esotericbytes.com" - "hass.local,local.internal.esotericbytes.com" - ]; - }; - - misc.dnsmasq_lines = [ "interface=ve-traefik" ]; - }; - }; - };*/ - - - containers.pihole = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.28"; - - timeoutStartSec = "infinity"; - - config = let - pkgs-us = import nixpkgs-us { system = "x86_64-linux"; }; - in { - - /*imports = [ - (import "${nixpkgs-us}/nixos/modules/services/networking/pihole-ftl.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;}) - (import "${nixpkgs-us}/nixos/modules/services/web-apps/pihole-web.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;}) - ];*/ - - services = { - pihole-web = { - enable = true; - - hostName = "pihole.local"; - - ports = [ 80 ]; - }; - - pihole-ftl = { - enable = true; - - openFirewallDNS = true; - openFirewallWebserver = true; - - lists = [ - { - url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; - } - ]; - - settings = { - dns = { - upstreams = [ - #"127.0.0.1#5335" - "1.0.0.1" - "1.1.1.1" - ]; - - cnameRecords = [ - "traefik.local,local.internal.esotericbytes.com" - "pihole.local,local.internal.esotericbytes.com" - "hass.local,local.internal.esotericbytes.com" - ]; - }; - - misc.dnsmasq_lines = [ "except-interface=nonexisting" ]; - }; - }; - - /*unbound = { - enable = true; - - resolveLocalQueries = false; - - settings = { - server = { - interface = [ "127.0.0.1" ]; - port = 5335; - - access-control = [ "127.0.0.1 allow" ]; - - harden-glue = true; - harden-dnssec-stripped = true; - - use-caps-for-id = false; - - prefetch = true; - - edns-buffer-size = 1232; - - hide-identity = true; - hide-version = true; - }; - - forward-zone = [ - { - name = "cloudflare"; - forward-addr = [ - "1.1.1.1#one.one.one.one" - "1.0.0.1#one.one.one.one" - ]; - forward-tls-upstream = true; - } - ]; - - }; - };*/ - - }; - - /*systemd.services.pihole-ftl-setup.preStart = '' - while [[ ! ''$(ip l | grep eth0 | grep UP) ]]; do sleep 1; done; - '';*/ - - systemd.network = { - enable = true; - networks."eth0" = { - linkConfig.RequiredForOnline = "yes"; - dns = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; - - networking = { - useHostResolvConf = false; - firewall.allowedTCPPorts = [ 5335 ]; - firewall.allowedUDPPorts = [ 5335 ]; - }; - - system.stateVersion = "25.05"; - }; - }; - }; - - -} diff --git a/system/users/nathan/home-manager/packages/default.nix b/system/users/nathan/home-manager/packages/default.nix index 5f1cd6b..7e61b06 100644 --- a/system/users/nathan/home-manager/packages/default.nix +++ b/system/users/nathan/home-manager/packages/default.nix @@ -27,12 +27,14 @@ kjv openssh sops - busybox + host + toybox btop zip unzip rsync curl + (python313.withPackages (ps: with ps; [ gpustat numpy