feat: add ollama and nftables

2025-08-08 15:32:51 +08:00
parent eda9a84cb7
commit 085bdaf84e
3 changed files with 58 additions and 29 deletions
--- a/penguin/configuration.nix
+++ b/penguin/configuration.nix
@@ -18,6 +18,13 @@
    enable = true;
  };

+  networking.nftables.enable = true;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 ];
+    trustedInterfaces = [ "tailscale0" ];
+  };
+
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
@@ -28,12 +35,18 @@
  };
  programs.zsh.enable = true;

-  nix.settings={
-    trusted-users = [ "root" "yadunut" ];
-    experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
+
+  nix = {
+    optimise = {
+      automatic = true;
+    };
+    settings = {
+      trusted-users = [ "root" "yadunut" ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+    };
  };

  services.tailscale.enable = true;
@@ -58,7 +71,16 @@
  services.blueman.enable = true;
  security.rtkit.enable = true;

-  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config = {
+    allowUnfree = true;
+    rocmSupport = true;
+  };
+
+  services.ollama = {
+    enable = true;
+    host = "0.0.0.0";
+    port = 11434;
+  };

  programs.hyprland = {
    enable = true;
@@ -78,6 +100,7 @@
    hyprpolkitagent
    nixd
    brightnessctl
+    open-webui
  ];

  services.sunshine = {
--- a/penguin/home.nix
+++ b/penguin/home.nix
@@ -15,6 +15,12 @@
  services.hyprpolkitagent.enable = true;
  services.cliphist.enable = true;

+  services.ollama = {
+    enable = true;
+    host = "0.0.0.0";
+    port = 11434;
+  };
+
  imports = [
    (import ../modules/zsh.nix)
    # (import ../modules/neovim.nix)