ai toggles
This commit is contained in:
Danilo Reyes
@@ -6,6 +6,9 @@
|
||||
...
|
||||
}:
|
||||
let
|
||||
derekUid = config.users.users.bearded_dragonn.uid;
|
||||
openWebuiPort = config.services.open-webui.port;
|
||||
sillytavernPort = config.services.sillytavern.port;
|
||||
enableForDerek = {
|
||||
enable = true;
|
||||
users = "bearded_dragonn";
|
||||
@@ -36,8 +39,6 @@ in
|
||||
};
|
||||
services = {
|
||||
tailscale.enable = true;
|
||||
open-webui.enable = lib.mkForce false;
|
||||
ollama.enable = lib.mkForce false;
|
||||
sunshine = {
|
||||
enable = true;
|
||||
autoStart = false;
|
||||
@@ -45,7 +46,23 @@ in
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
networking.nftables = {
|
||||
enable = true;
|
||||
tables = {
|
||||
local-uid-block = {
|
||||
family = "inet";
|
||||
content = ''
|
||||
chain output {
|
||||
type filter hook output priority 0; policy accept;
|
||||
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
||||
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
users.users.bearded_dragonn = {
|
||||
uid = 1002;
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.derek-password.path;
|
||||
|
||||
@@ -60,6 +60,7 @@ in
|
||||
"networkmanager"
|
||||
"scanner"
|
||||
"lp"
|
||||
"ai"
|
||||
"piracy"
|
||||
"core"
|
||||
"glue"
|
||||
|
||||
@@ -58,6 +58,8 @@ in
|
||||
allowedTCPPorts = [
|
||||
6674 # ns-usbloader
|
||||
8384 # syncthing
|
||||
config.services.open-webui.port
|
||||
config.services.sillytavern.port
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{
|
||||
@@ -67,19 +69,22 @@ in
|
||||
];
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = [
|
||||
(pkgs.google-cloud-sdk.withExtraComponents [
|
||||
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
|
||||
])
|
||||
]
|
||||
++ builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
distrobox # install packages from other os
|
||||
gocryptfs # encrypted filesystem! shhh!!!
|
||||
vcsi # video thumbnails for torrents, can I replace it with ^?
|
||||
keypunch # practice typing
|
||||
google-cloud-sdk-gce
|
||||
;
|
||||
users = {
|
||||
groups.ai = { };
|
||||
users.jawz.packages = [
|
||||
(pkgs.google-cloud-sdk.withExtraComponents [
|
||||
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
|
||||
])
|
||||
]
|
||||
++ builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
distrobox # install packages from other os
|
||||
gocryptfs # encrypted filesystem! shhh!!!
|
||||
vcsi # video thumbnails for torrents, can I replace it with ^?
|
||||
keypunch # practice typing
|
||||
google-cloud-sdk-gce
|
||||
;
|
||||
};
|
||||
};
|
||||
environment = {
|
||||
pathsToLink = [ "share/thumbnailers" ];
|
||||
@@ -129,7 +134,11 @@ in
|
||||
];
|
||||
services = {
|
||||
flatpak.enable = true;
|
||||
open-webui.enable = true;
|
||||
open-webui = {
|
||||
enable = true;
|
||||
port = 2345;
|
||||
host = config.my.ips.workstation;
|
||||
};
|
||||
scx = {
|
||||
enable = true;
|
||||
scheduler = "scx_lavd";
|
||||
@@ -146,6 +155,15 @@ in
|
||||
enable = true;
|
||||
acceleration = "cuda";
|
||||
models = "/srv/ai/ollama";
|
||||
user = "ollama";
|
||||
group = "ai";
|
||||
};
|
||||
sillytavern = {
|
||||
enable = true;
|
||||
group = "ai";
|
||||
listen = true;
|
||||
port = 9324;
|
||||
listenAddressIPv4 = config.my.ips.workstation;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user