From 085bdaf84eb1dc28ef812e443a043e3997524e8e Mon Sep 17 00:00:00 2001 From: Yadunand Prem Date: Fri, 8 Aug 2025 15:32:51 +0800 Subject: [PATCH] feat: add ollama and nftables --- flake.lock | 44 +++++++++++++++++++-------------------- penguin/configuration.nix | 37 +++++++++++++++++++++++++------- penguin/home.nix | 6 ++++++ 3 files changed, 58 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 1fc88cd..a801f01 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -166,11 +166,11 @@ ] }, "locked": { - "lastModified": 1754085240, - "narHash": "sha256-kVHCrTWEe8B1thAhFag1bk4QPY0ZP45V9vPbrwPHoNo=", + "lastModified": 1754613544, + "narHash": "sha256-ueR1mGX4I4DWfDRRxxMphbKDNisDeMPMusN72VV1+cc=", "owner": "nix-community", "repo": "home-manager", - "rev": "e102920c1becb114645c6f92fe14edc0b05cc229", + "rev": "cc2fa2331aebf9661d22bb507d362b39852ac73f", "type": "github" }, "original": { @@ -209,27 +209,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "type": "github" }, "original": { @@ -265,11 +265,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1753977315, - "narHash": "sha256-AM3CZh+Emk/cr5Gf6RUf2xzkWdRB+yewP1YWoRxUbYQ=", + "lastModified": 1754572513, + "narHash": "sha256-BN2a2Lft9BwdDPBplaWe8kYW2wLaaVLDwcWwMJeBw3I=", "owner": "nix-community", "repo": "nixvim", - "rev": "a16c89c175277309fd3dd065fb5bc4eab450ae07", + "rev": "1db179502524f21fe4e3175e3348202ed0ef253f", "type": "github" }, "original": { @@ -288,11 +288,11 @@ ] }, "locked": { - "lastModified": 1753450833, - "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", + "lastModified": 1754301638, + "narHash": "sha256-aRgzcPDd2axHFOuMlPLuzmDptUM2JU8mUL3jfgbBeyc=", "owner": "NuschtOS", "repo": "search", - "rev": "40987cc1a24feba378438d691f87c52819f7bd75", + "rev": "a60091045273484c040a91f5c229ba298f8ecc27", "type": "github" }, "original": { diff --git a/penguin/configuration.nix b/penguin/configuration.nix index ba2f37b..e39a521 100644 --- a/penguin/configuration.nix +++ b/penguin/configuration.nix @@ -18,6 +18,13 @@ enable = true; }; + networking.nftables.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + trustedInterfaces = [ "tailscale0" ]; + }; + services.openssh = { enable = true; settings.PasswordAuthentication = false; @@ -28,12 +35,18 @@ }; programs.zsh.enable = true; - nix.settings={ - trusted-users = [ "root" "yadunut" ]; - experimental-features = [ - "nix-command" - "flakes" - ]; + + nix = { + optimise = { + automatic = true; + }; + settings = { + trusted-users = [ "root" "yadunut" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; }; services.tailscale.enable = true; @@ -58,7 +71,16 @@ services.blueman.enable = true; security.rtkit.enable = true; - nixpkgs.config.allowUnfree = true; + nixpkgs.config = { + allowUnfree = true; + rocmSupport = true; + }; + + services.ollama = { + enable = true; + host = "0.0.0.0"; + port = 11434; + }; programs.hyprland = { enable = true; @@ -78,6 +100,7 @@ hyprpolkitagent nixd brightnessctl + open-webui ]; services.sunshine = { diff --git a/penguin/home.nix b/penguin/home.nix index 2a74564..0b6e08d 100644 --- a/penguin/home.nix +++ b/penguin/home.nix @@ -15,6 +15,12 @@ services.hyprpolkitagent.enable = true; services.cliphist.enable = true; + services.ollama = { + enable = true; + host = "0.0.0.0"; + port = 11434; + }; + imports = [ (import ../modules/zsh.nix) # (import ../modules/neovim.nix)