ai toggles
This commit is contained in:
Danilo Reyes
@@ -6,6 +6,9 @@
|
|||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
derekUid = config.users.users.bearded_dragonn.uid;
|
||||||
|
openWebuiPort = config.services.open-webui.port;
|
||||||
|
sillytavernPort = config.services.sillytavern.port;
|
||||||
enableForDerek = {
|
enableForDerek = {
|
||||||
enable = true;
|
enable = true;
|
||||||
users = "bearded_dragonn";
|
users = "bearded_dragonn";
|
||||||
@@ -36,8 +39,6 @@ in
|
|||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
tailscale.enable = true;
|
tailscale.enable = true;
|
||||||
open-webui.enable = lib.mkForce false;
|
|
||||||
ollama.enable = lib.mkForce false;
|
|
||||||
sunshine = {
|
sunshine = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autoStart = false;
|
autoStart = false;
|
||||||
@@ -45,7 +46,23 @@ in
|
|||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
networking.nftables = {
|
||||||
|
enable = true;
|
||||||
|
tables = {
|
||||||
|
local-uid-block = {
|
||||||
|
family = "inet";
|
||||||
|
content = ''
|
||||||
|
chain output {
|
||||||
|
type filter hook output priority 0; policy accept;
|
||||||
|
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
||||||
|
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
users.users.bearded_dragonn = {
|
users.users.bearded_dragonn = {
|
||||||
|
uid = 1002;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.derek-password.path;
|
hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.derek-password.path;
|
||||||
|
|||||||
@@ -60,6 +60,7 @@ in
|
|||||||
"networkmanager"
|
"networkmanager"
|
||||||
"scanner"
|
"scanner"
|
||||||
"lp"
|
"lp"
|
||||||
|
"ai"
|
||||||
"piracy"
|
"piracy"
|
||||||
"core"
|
"core"
|
||||||
"glue"
|
"glue"
|
||||||
|
|||||||
@@ -58,6 +58,8 @@ in
|
|||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
6674 # ns-usbloader
|
6674 # ns-usbloader
|
||||||
8384 # syncthing
|
8384 # syncthing
|
||||||
|
config.services.open-webui.port
|
||||||
|
config.services.sillytavern.port
|
||||||
];
|
];
|
||||||
allowedTCPPortRanges = [
|
allowedTCPPortRanges = [
|
||||||
{
|
{
|
||||||
@@ -67,19 +69,22 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users.users.jawz.packages = [
|
users = {
|
||||||
(pkgs.google-cloud-sdk.withExtraComponents [
|
groups.ai = { };
|
||||||
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
|
users.jawz.packages = [
|
||||||
])
|
(pkgs.google-cloud-sdk.withExtraComponents [
|
||||||
]
|
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
|
||||||
++ builtins.attrValues {
|
])
|
||||||
inherit (pkgs)
|
]
|
||||||
distrobox # install packages from other os
|
++ builtins.attrValues {
|
||||||
gocryptfs # encrypted filesystem! shhh!!!
|
inherit (pkgs)
|
||||||
vcsi # video thumbnails for torrents, can I replace it with ^?
|
distrobox # install packages from other os
|
||||||
keypunch # practice typing
|
gocryptfs # encrypted filesystem! shhh!!!
|
||||||
google-cloud-sdk-gce
|
vcsi # video thumbnails for torrents, can I replace it with ^?
|
||||||
;
|
keypunch # practice typing
|
||||||
|
google-cloud-sdk-gce
|
||||||
|
;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
pathsToLink = [ "share/thumbnailers" ];
|
pathsToLink = [ "share/thumbnailers" ];
|
||||||
@@ -129,7 +134,11 @@ in
|
|||||||
];
|
];
|
||||||
services = {
|
services = {
|
||||||
flatpak.enable = true;
|
flatpak.enable = true;
|
||||||
open-webui.enable = true;
|
open-webui = {
|
||||||
|
enable = true;
|
||||||
|
port = 2345;
|
||||||
|
host = config.my.ips.workstation;
|
||||||
|
};
|
||||||
scx = {
|
scx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
scheduler = "scx_lavd";
|
scheduler = "scx_lavd";
|
||||||
@@ -146,6 +155,15 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
acceleration = "cuda";
|
acceleration = "cuda";
|
||||||
models = "/srv/ai/ollama";
|
models = "/srv/ai/ollama";
|
||||||
|
user = "ollama";
|
||||||
|
group = "ai";
|
||||||
|
};
|
||||||
|
sillytavern = {
|
||||||
|
enable = true;
|
||||||
|
group = "ai";
|
||||||
|
listen = true;
|
||||||
|
port = 9324;
|
||||||
|
listenAddressIPv4 = config.my.ips.workstation;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user