From f480a1f8c9b3bacc40c2e9fdde689db700c2f3d8 Mon Sep 17 00:00:00 2001
From: Nathan <nathanblunkall5@gmail.com>
Date: Thu, 15 Jan 2026 18:47:31 -0600
Subject: [PATCH] lots

---
 system/profiles/homebox/default.nix           | 28 ++++++--
 system/profiles/laptop/default.nix            | 13 +++-
 .../services/containers/authentik/default.nix |  4 --
 system/services/containers/default.nix        | 11 ++-
 .../containers/homeassistant/default.nix      |  9 ---
 .../services/containers/keycloak/default.nix  |  4 --
 .../services/containers/minecraft/default.nix | 11 ---
 system/services/containers/n8n/default.nix    | 20 ------
 .../services/containers/netbird/default.nix   |  8 +--
 system/services/containers/nginx/default.nix  |  5 --
 system/services/containers/novnc/default.nix  |  2 -
 system/services/containers/ntfy/default.nix   |  2 +-
 system/services/containers/ollama/default.nix | 16 ++++-
 system/services/containers/pihole/default.nix | 36 +++++++---
 .../services/containers/rustdesk/default.nix  |  2 +-
 .../services/containers/sandbox/default.nix   | 22 ++----
 .../services/containers/traefik/default.nix   | 41 +++++------
 system/services/default.nix                   | 11 ++-
 system/services/ollama/default.nix            |  2 +-
 system/services/wyoming/default.nix           | 68 +++++++++++++++++++
 .../nathan/home-manager/packages/default.nix  |  3 +-
 21 files changed, 195 insertions(+), 123 deletions(-)
 create mode 100644 system/services/wyoming/default.nix

diff --git a/system/profiles/homebox/default.nix b/system/profiles/homebox/default.nix
index b3da3cd..8aad092 100644
--- a/system/profiles/homebox/default.nix
+++ b/system/profiles/homebox/default.nix
@@ -39,11 +39,13 @@
                 enable = true;
                 dns = "none";
             };
+            useDHCP = false;
+            dhcpcd.enable = false;
 
             nftables = {};
             nat = {
                 enable = true;
-                internalInterfaces = [ "ve-+" ];
+                internalInterfaces = [ "ve-.+" ];
                 externalInterface = "wlp7s0"; # wifi
                 #externalInterface = "enp6s0"; # ethernet
             };
@@ -59,6 +61,14 @@
                 pipewire.enable = true;
                 netbird.enable = true;
                 minecraft.enable = false;
+
+                ollama.enable = true;
+                wyoming = {
+                    enable = true;
+                    piper = false;
+                    openwakeword = true;
+                    faster-whisper = true;
+                };
             };
 
             programs = {
@@ -77,19 +87,27 @@
                 n8n.enable = true;
                 keycloak.enable = true;
                 netbird.enable = true;
-                ollama.enable = true;
+                
+                ollama.enable = false;
+                
                 openwebui.enable = true;
                 homeassistant.enable = true;
+                
                 wyoming = {
-                    enable = true;
+                    enable = false;
                     piper = false;
                     openwakeword = true;
                     faster-whisper = true;
                 };
+                
                 rustdesk.enable = false; #broken
-                    #pihole.enable = false; #broken
-                    code-server.enable = false;
+                
+                pihole.enable = true; #broken
+                
+                code-server.enable = false;
+                
                 novnc.enable = false;
+                
                 minecraft.enable = true;
 
                 #sandbox.enable = false;
diff --git a/system/profiles/laptop/default.nix b/system/profiles/laptop/default.nix
index a5eb176..e83463d 100644
--- a/system/profiles/laptop/default.nix
+++ b/system/profiles/laptop/default.nix
@@ -105,8 +105,17 @@
         programs.zsh.enable = true;
 
         networking = {
-            nameservers = [ "1.1.1.1" "1.0.0.1" ];
-            networkmanager.enable = true;
+            nameservers = [ 
+                "1.1.1.1" 
+                "1.0.0.1" 
+                "127.0.0.1"
+            ];
+            networkmanager = {
+                enable = true;
+                dns = "none";
+            };
+            useDHCP = false;
+            dhcpcd.enable = false;
         };
 
 
diff --git a/system/services/containers/authentik/default.nix b/system/services/containers/authentik/default.nix
index e8ccacf..cb20f3f 100644
--- a/system/services/containers/authentik/default.nix
+++ b/system/services/containers/authentik/default.nix
@@ -5,10 +5,6 @@
         default = false;
     };
 
-    imports = [
-        sops-nix.nixosModules.sops
-    ];
-
     config = lib.mkIf config.sysconfig.virtualization.authentik.enable {
 
         sops.secrets."authentik/dbpass" = {};
diff --git a/system/services/containers/default.nix b/system/services/containers/default.nix
index 3527bc3..ba341b5 100644
--- a/system/services/containers/default.nix
+++ b/system/services/containers/default.nix
@@ -1,6 +1,13 @@
 { ... }: {
 
-    imports = [
+    imports = let 
+        dir = builtins.readDir ./.;
+    in builtins.map (x: ./${x}) (builtins.filter 
+        (file: (dir.${file} == "directory"))
+        (builtins.attrNames dir)
+    );
+
+    /*imports = [
         ./gitlab
         ./gitea
         ./traefik
@@ -21,5 +28,5 @@
         ./novnc
         ./minecraft
         #./sandbox
-    ];
+    ];*/
 }
diff --git a/system/services/containers/homeassistant/default.nix b/system/services/containers/homeassistant/default.nix
index 6e4637f..1b2fa93 100644
--- a/system/services/containers/homeassistant/default.nix
+++ b/system/services/containers/homeassistant/default.nix
@@ -5,19 +5,10 @@
             type = lib.types.bool;
             default = false;
         };
-        configvol = lib.options.mkOption {
-            type = lib.types.str;
-            default = "/ssd1/Home-Assistant/data:/config";
-        };
     };
 
     config = lib.mkIf config.sysconfig.virtualization.homeassistant.enable {
 
-        networking = {
-            hosts."192.168.100.25" = [ "hass.local" ];
-
-            nat.internalInterfaces = [ "ve-home-assnHYM" ];
-        };
         containers.home-assistant = {
 
             autoStart = true;
diff --git a/system/services/containers/keycloak/default.nix b/system/services/containers/keycloak/default.nix
index d7d7917..6b87968 100644
--- a/system/services/containers/keycloak/default.nix
+++ b/system/services/containers/keycloak/default.nix
@@ -9,10 +9,6 @@
 
         sops.secrets."keycloak/dbpass" = {};
 
-        networking = {
-
-            nat.internalInterfaces = [ "ve-keycloak" ];
-        };
 
         containers.keycloak = {
 
diff --git a/system/services/containers/minecraft/default.nix b/system/services/containers/minecraft/default.nix
index e2cc186..2cff6a2 100644
--- a/system/services/containers/minecraft/default.nix
+++ b/system/services/containers/minecraft/default.nix
@@ -5,17 +5,8 @@
             type = lib.types.bool;
             default = false;
         };
-        
-        services.minecraft.enable = lib.options.mkOption {
-            type = lib.types.bool;
-            default = false;
-        };
     };
 
-    /*imports = [
-        nix-minecraft.nixosModules.minecraft-servers
-    ];*/
-    
     config = lib.mkIf config.sysconfig.virtualization.minecraft.enable {
 
         networking = {
@@ -23,8 +14,6 @@
                 allowedTCPPorts = [ 25565 ];
                 allowedUDPPorts = [ 25565 ];
             };
-
-            nat.internalInterfaces = [ "ve-minecraft" ];
         };
                 
         nixpkgs.overlays = [ nix-minecraft.overlay ];
diff --git a/system/services/containers/n8n/default.nix b/system/services/containers/n8n/default.nix
index 82821b9..8ecc139 100644
--- a/system/services/containers/n8n/default.nix
+++ b/system/services/containers/n8n/default.nix
@@ -7,12 +7,6 @@
 
     config = lib.mkIf config.sysconfig.virtualization.n8n.enable {
         
-        networking = {
-            hosts."192.168.100.21" = [ "n8n.local" ];
-
-            nat.internalInterfaces = [ "ve-n8n" ];
-        };
-
         containers.n8n = {
 
             autoStart = true;
@@ -42,21 +36,7 @@
 
                     #webhookUrl = "https://n8n.blunkall.us/";
                 };
-/*
-                systemd.services.n8n = {
-                    environment = {
-                        N8N_DIAGNOSTICS_ENABLED = "false";
-                        N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
-                        N8N_TEMPLATES_ENABLED = "false";
 
-                        EXTERNAL_FRONTEND_HOOKS_URLS = "";
-                        N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
-                        N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
-
-                        N8N_SECURE_COOKIE = "false";
-                    };
-                };
-*/
                 system.stateVersion = "25.05";
             };
         };
diff --git a/system/services/containers/netbird/default.nix b/system/services/containers/netbird/default.nix
index 5879728..f8f5c83 100644
--- a/system/services/containers/netbird/default.nix
+++ b/system/services/containers/netbird/default.nix
@@ -16,7 +16,7 @@
     };
 
     config = let 
-        pkgs-com = import nixpkgs-us {
+        pkgs-us = import nixpkgs-us {
             system = "x86_64-linux";
             config.allowUnfree = true;
         };
@@ -26,9 +26,9 @@
             enable = config.sysconfig.services.netbird.enable;
             ui = {
                 enable = true;
-                #package = pkgs-com.netbird-ui;
+                #package = pkgs-us.netbird-ui;
             };
-            #package =   pkgs-com.netbird;
+            #package =   pkgs-us.netbird;
         };
 
         networking = {
@@ -96,7 +96,7 @@
                                 NETBIRD_TOKEN_SOURCE = "accessToken";
                             };
 
-                            package = pkgs-com.netbird-dashboard;
+                            package = pkgs-us.netbird-dashboard;
                         };
                         management = {
                             enable = true;
diff --git a/system/services/containers/nginx/default.nix b/system/services/containers/nginx/default.nix
index 2457dd0..fef5bdd 100644
--- a/system/services/containers/nginx/default.nix
+++ b/system/services/containers/nginx/default.nix
@@ -31,11 +31,6 @@
                             forceSSL = false;
                             root = "/var/www/data";
                         };
-                        "homebox.vpn/esotericbytes" = {
-                            enableACME = false;
-                            forceSSL = false;
-                            root = "/var/www/data";
-                        };
                     };
                 };
 
diff --git a/system/services/containers/novnc/default.nix b/system/services/containers/novnc/default.nix
index 8beca65..fd47969 100644
--- a/system/services/containers/novnc/default.nix
+++ b/system/services/containers/novnc/default.nix
@@ -8,8 +8,6 @@
     config = lib.mkIf config.sysconfig.virtualization.novnc.enable {
 
         networking = {
-            hosts."192.168.100.30" = [ "novnc.local" ];
-
             firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.virtualization.novnc.enable {
                 allowedTCPPorts = [ 5900 ];
                 allowedUDPPorts = [ 5900 ];
diff --git a/system/services/containers/ntfy/default.nix b/system/services/containers/ntfy/default.nix
index f5613bb..78c049f 100644
--- a/system/services/containers/ntfy/default.nix
+++ b/system/services/containers/ntfy/default.nix
@@ -22,7 +22,7 @@
                     
                     settings = {
                         
-                        base-url = "https://ntfy.blunkall.us";
+                        base-url = "https://ntfy.esotericbytes.com";
 
                         listen-http = ":80";
 
diff --git a/system/services/containers/ollama/default.nix b/system/services/containers/ollama/default.nix
index 2978258..89536a9 100644
--- a/system/services/containers/ollama/default.nix
+++ b/system/services/containers/ollama/default.nix
@@ -41,7 +41,15 @@
                     hostPath = "/dev/nvidia-uvm-tools";
                     isReadOnly = false;
                 };
+                "/etc/nvidia" = {
+                    hostPath = "/etc/nvidia";
+                    isReadOnly = false;
+                };
 
+                "/dev/dri" = {
+                    hostPath = "/dev/dri";
+                    isReadOnly = false;
+                };
                 "/dev/dri/renderD128" = {
                     hostPath = "/dev/dri/renderD128";
                     isReadOnly = false;
@@ -69,11 +77,15 @@
                     node = "/dev/nvidia-uvm-tools";
                     modifier = "rw";
                 }
-
+/*
+                {
+                    node = "/dev/dri";
+                    modifier = "rw";
+                }
                 {
                     node = "/dev/dri/renderD128";
                     modifier = "rw";
-                }
+                }*/
             ];
 
             config = {
diff --git a/system/services/containers/pihole/default.nix b/system/services/containers/pihole/default.nix
index 60d2a84..05b8857 100644
--- a/system/services/containers/pihole/default.nix
+++ b/system/services/containers/pihole/default.nix
@@ -19,8 +19,6 @@
 */
 
         networking = {
-
-            nat.internalInterfaces = [ "ve-pihole" ];
             nameservers = [ "192.168.100.28" ];
         };
 
@@ -46,9 +44,7 @@
                     pihole-web = {
                         enable = true;
 
-                        package = pkgs-us.pihole-web;
-
-#hostName = "192.168.100.28";
+                        hostName = "pihole.local";
 
                         ports = [ 80 ];
                     };
@@ -56,8 +52,6 @@
                     pihole-ftl = {
                         enable = true;
 
-                        package = pkgs-us.pihole-ftl;
-
                         openFirewallDNS = true;
                         openFirewallWebserver = true;
 
@@ -69,21 +63,43 @@
 
                         settings = {
                             dns.upstreams = [ "127.0.0.1#5335" ];
-                            files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
                         };
                     };
 
                     unbound = {
                         enable = true;
 
-                        resolveLocalQueries = true;
-
                         settings = {
                             server = {
                                 interface = [ "127.0.0.1" ];
                                 port = 5335;
+
+                                access-control = [ "127.0.0.1 allow" ];
+
+                                harden-glue = true;
+                                harden-dnssec-stripped = true;
+
+                                use-caps-for-id = false;
+
+                                prefetch = true;
+
+                                edns-buffer-size = 1232;
+
+                                hide-identity = true;
+                                hide-version = true;
                             };
 
+                            forward-zone = [
+                                {
+                                    name = "cloudflare";
+                                    forward-addr = [
+                                        "1.1.1.1#one.one.one.one"
+                                        "1.0.0.1#one.one.one.one"
+                                    ];
+                                    forward-tls-upstream = true;
+                                }
+                            ];
+
                         };
                     };
 
diff --git a/system/services/containers/rustdesk/default.nix b/system/services/containers/rustdesk/default.nix
index 3d3f949..8fa9a61 100644
--- a/system/services/containers/rustdesk/default.nix
+++ b/system/services/containers/rustdesk/default.nix
@@ -69,7 +69,7 @@
 
                     signal = {
                         enable = true;
-                        #relayHosts = [ "blunkall.us" ];
+                        #relayHosts = [ "esotericbytes.com" ];
                         relayHosts = [ "192.168.100.27" ];
                         extraArgs = [
                             "-k"
diff --git a/system/services/containers/sandbox/default.nix b/system/services/containers/sandbox/default.nix
index 6232a3f..7a6f4fd 100644
--- a/system/services/containers/sandbox/default.nix
+++ b/system/services/containers/sandbox/default.nix
@@ -1,23 +1,10 @@
-{ config, lib, nixpkgs-us, self, ... }: {
+{ config, lib, self, ... }: {
     
     options.sysconfig.virtualization.sandbox.enable = lib.mkOption {
         type = lib.types.bool;
         default = false;
     };
 
-    disabledModules = [
-        "virtualisation/nixos-containers.nix"
-    ];
-
-    imports = [
-        (import "${nixpkgs-us}/nixos/modules/virtualisation/nixos-containers.nix" { 
-            inherit config lib; 
-            pkgs = (import nixpkgs-us { 
-                system = "x86_64-linux"; 
-            });
-        })
-    ];
-
     config = lib.mkIf config.sysconfig.virtualization.sandbox.enable {
 
         networking = {
@@ -37,7 +24,7 @@
 
             flake = "${self}";
 
-            bindMounts = {
+            /*bindMounts = {
                 "/dev/nvidia0" = {
                     hostPath = "/dev/nvidia0";
                     isReadOnly = false;
@@ -81,7 +68,10 @@
                     node = "/dev/nvidia-uvm-tools";
                     modifier = "rw";
                 }
-            ];
+            ];*/
+
+            config = {
+            };
 
 
         };
diff --git a/system/services/containers/traefik/default.nix b/system/services/containers/traefik/default.nix
index a9722b2..b130ac5 100644
--- a/system/services/containers/traefik/default.nix
+++ b/system/services/containers/traefik/default.nix
@@ -12,10 +12,6 @@
 
                 "esotericbytes.com"
                 "*.esotericbytes.com"
-                
-                "esotericbytes.local"
-                "*.esotericbytes.local"
-                "traefik.esotericbytes.local"
             ];
 
             firewall.allowedTCPPorts = [ 22 80 443 ];
@@ -84,14 +80,17 @@
                                     certResolver = "cloudflare";
                                     domains = {
                                         main = "esotericbytes.com";
-                                        sans = [ "*.esotericbytes.com" ];
+                                        sans = [ 
+                                            "*.esotericbytes.com" 
+                                            "local.internal.esotericbytes.com" 
+                                        ];
                                     };
                                 };
                             };
                         };
                         log = {
-                            level = "DEBUG";
-                            filePath = "/etc/traefik/data/traefik.log";
+                            level = "INFO";
+                            filePath = "/etc/traefik/data/logs/traefik.log";
                             format = "json";
                         };
                         certificatesResolvers = {
@@ -125,12 +124,12 @@
                                     tls.certResolver = "cloudflare";
                                     #middlewares = [ "authentik" ];
                                 };*/
-                                /*homeassistant = {
+                                homeassistant = {
                                     entryPoints = [ "websecure" ];
-                                    rule = "Host(`hass.esotericbytes.com`)";
+                                    rule = "Host(`hass.local`)";
                                     service = "homeassistant";
                                     tls.certResolver = "cloudflare";
-                                };*/
+                                };
                                 jellyfin = {
                                     entryPoints = [ "websecure" ];
                                     rule = "Host(`jellyfin.esotericbytes.com`)";
@@ -167,7 +166,7 @@
                                 };
                                 traefik = {
                                     entryPoints = [ "websecure" ];
-                                    rule = "Host(`traefik.esotericbytes.local`)";
+                                    rule = "Host(`traefik.local`)";
                                     service = "api@internal";
                                     tls.certResolver = "cloudflare";
                                     #middlewares = [ "authentik" ];
@@ -179,12 +178,12 @@
                                     tls.certResolver = "cloudflare";
                                 };*/
 
-                                /*pihole = {
-                                    entryPoints = [ "localsecure" ];
-                                    rule = "Host(`pihole.esotericbytes.com`)";
+                                pihole = {
+                                    entryPoints = [ "websecure" ];
+                                    rule = "Host(`pihole.local`)";
                                     service = "pihole";
                                     tls.certResolver = "cloudflare";
-                                };*/
+                                };
 
                                 netbird = {
                                     entryPoints = [ "websecure" ];
@@ -193,12 +192,12 @@
                                     tls.certResolver = "cloudflare";
                                 };
 
-                                /*n8n = {
+                                n8n = {
                                     entryPoints = [ "websecure" ];
-                                    rule = "Host(`n8n.esotericbytes.com`)";
+                                    rule = "Host(`n8n.local`)";
                                     service = "n8n";
                                     tls.certResolver = "cloudflare";
-                                };*/
+                                };
                                 
                             };
 
@@ -221,7 +220,7 @@
 
                                 authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
 
-                                #pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
+                                pihole.loadBalancer.servers = [ { url = "http://192.168.100.28"; } ];
                                 
                                 keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
 
@@ -236,7 +235,9 @@
                                     servers = [ { url = "http://192.168.100.23:80"; } ];
                                 };
 
-                                #n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
+                                homeassistant.loadBalancer.servers = [ "http://192.168.100.25:8123" ];
+
+                                n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
                             };
                         };
                     };
diff --git a/system/services/default.nix b/system/services/default.nix
index 836e77a..2e559d1 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,12 +1,19 @@
 { ... }: {
 
-  imports = [
+    imports = let 
+        dir = builtins.readDir ./.;
+    in builtins.map (x: ./${x}) (builtins.filter 
+        (file: (dir.${file} == "directory"))
+        (builtins.attrNames dir)
+    );
+  /*imports = [
     ./ollama
+    ./wyoming
     ./openssh
     ./pipewire
     ./containers
     ./sddm
     ./novnc
     ./kdePlasma6
-  ];
+  ];*/
 }
diff --git a/system/services/ollama/default.nix b/system/services/ollama/default.nix
index 7ac6f61..f236d0a 100644
--- a/system/services/ollama/default.nix
+++ b/system/services/ollama/default.nix
@@ -12,7 +12,7 @@
             enable = true;
             acceleration = "cuda";
             environmentVariables = {
-                OLLAMA_CONTEXT_LENGTH = "16000";
+                OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
             };
             package = let 
                 pkgs-us = import nixpkgs-us { 
diff --git a/system/services/wyoming/default.nix b/system/services/wyoming/default.nix
new file mode 100644
index 0000000..38a8596
--- /dev/null
+++ b/system/services/wyoming/default.nix
@@ -0,0 +1,68 @@
+{ config, lib, ... }: {
+
+    options.sysconfig.wyoming = {
+        enable = lib.options.mkOption {
+            type = lib.types.bool;
+            default = false;
+        };
+        piper = lib.options.mkOption {
+            type = lib.types.bool;
+            default = false;
+        };
+        openwakeword = lib.options.mkOption {
+            type = lib.types.bool;
+            default = false;
+        };
+        faster-whisper = lib.options.mkOption {
+            type = lib.types.bool;
+            default = false;
+        };
+        satellite = lib.options.mkOption {
+            type = lib.types.bool;
+            default = false;
+        };
+    };
+
+    config = lib.mkIf config.sysconfig.wyoming.enable {
+
+        services.wyoming = {
+
+            piper = lib.mkIf config.sysconfig.wyoming.piper {
+
+                servers.piper = {
+                    enable = true;
+                    voice = "en-us-ryan-medium";
+                    uri = "tcp://0.0.0.0:11435";
+                };
+            };
+
+            openwakeword = lib.mkIf config.sysconfig.wyoming.openwakeword {
+                enable = true;
+                uri = "tcp://0.0.0.0:11432";
+
+                threshold = 0.5;
+                customModelsDirectories = [
+#./wake_words
+                ];
+            };
+
+            faster-whisper = lib.mkIf config.sysconfig.wyoming.faster-whisper {
+                servers.whisper = {
+                    enable = true;
+                    device = "auto";
+                    language = "en";
+                    model = "medium.en";
+                    uri = "tcp://0.0.0.0:11433";
+                };
+            };
+
+            satellite = lib.mkIf config.sysconfig.wyoming.satellite {
+                enable = true;
+                uri = "tcp://0.0.0.0:11431";
+#user = "nathan";
+                vad.enable = false;
+            };
+        };
+
+    };
+}
diff --git a/system/users/nathan/home-manager/packages/default.nix b/system/users/nathan/home-manager/packages/default.nix
index 6230a70..5f1cd6b 100644
--- a/system/users/nathan/home-manager/packages/default.nix
+++ b/system/users/nathan/home-manager/packages/default.nix
@@ -27,13 +27,12 @@
                 kjv
                 openssh
                 sops
-                killall
+                busybox
                 btop
                 zip    
                 unzip
                 rsync
                 curl
-                wget
                 (python313.withPackages (ps: with ps; [
                     gpustat
                     numpy