From c4008417df8320a2a043826a518e9a093ccb0913 Mon Sep 17 00:00:00 2001 From: nx2 Date: Wed, 6 Mar 2024 22:22:27 +0100 Subject: [PATCH] working on ollama + pnxvpn --- configuration.nix | 23 ++++++++++++++ flake.nix | 2 +- home.nix | 42 ++++++++++++++++++++++--- secrets/passwords-and-certificates.nix | Bin 1203 -> 1372 bytes 4 files changed, 62 insertions(+), 5 deletions(-) diff --git a/configuration.nix b/configuration.nix index 8de343f..aa09459 100644 --- a/configuration.nix +++ b/configuration.nix @@ -126,6 +126,8 @@ neofetch direnv openssl + openvpn + ollama # maybe ]; environment.sessionVariables = rec { @@ -162,8 +164,29 @@ }; + ### OLLAMA + systemd.services.ollama = { + description = "Ollama Service"; + after = [ "network-online.target" ]; + serviceConfig.Type = "simple"; + serviceConfig.ExecStart = "${pkgs.ollama} serve"; + serviceConfig.User = "ollama"; + serviceConfig.Group = "ollama"; + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "3"; + wantedBy = [ "default.target" ]; + }; + users.users.ollama = { + isSystemUser = true; + home = "/usr/share/ollama"; + shell = "/bin/false"; + group = "ollama"; + }; + users.groups.ollama = {}; + ### END OLLAMA + # List services that you want to enable: diff --git a/flake.nix b/flake.nix index caf4b32..815aa3b 100644 --- a/flake.nix +++ b/flake.nix @@ -39,7 +39,7 @@ nx2 = home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = [ ./home.nix ]; - extraSpecialArgs = {inherit user allowed secrets;}; + extraSpecialArgs = {inherit system user allowed secrets;}; }; }; diff --git a/home.nix b/home.nix index 644278e..7cab7b3 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, allowed, secrets, ... }: +{ config, pkgs, lib, system, allowed, secrets, ... }: { imports = [ @@ -43,14 +43,40 @@ element sssnake pipes - # # You can also create simple shell scripts directly inside your # # configuration. For example, this adds a command 'my-hello' to your # # environment: - (pkgs.writeShellScriptBin "nx_connect_to_pnx" '' + (writeShellScriptBin "nx_connect_to_pnx" '' cd /home/nx2/PNX/vpn - sudo openvpn /home/nx2/PNX/vpn/firewall_phoenix_1_local_RW_Phoenix.ovpn + sudo openvpn /home/nx2/.ssl/ljk-pnx.ovpn --auth-user-pass ~/.ssl/ljk-pnx-pass.txt #gets put there by home-manager '') + + (writeShellScriptBin "nxrbs-nix" '' + set -e + pushd ~/.nix-dots/ + git diff + + '') + + # only works on spec arch, chage url for others + (stdenv.mkDerivation { + name = "easycommit"; + src = pkgs.fetchurl { + url = "https://github.com/blackironj/easycommit/releases/download/v0.0.1/easycommit-v0.0.1-linux-amd64.tar.gz"; + sha256 = "sha256-Ip5wfVe/RzCxGGh1YFBllAn84nD7mUXbnMko+ue/C2E="; + }; + phases = ["installPhase"]; + installPhase = '' + mkdir -p $out/bin + tar xf $src -C $out/ + ls -la $out + mv $out/easycommit $out/bin/ + chmod +x $out/bin/easycommit + ''; + }) + + + ]; @@ -70,6 +96,7 @@ + # systemd.user.services = { # ydotoold = { # Unit = { @@ -90,6 +117,13 @@ home.file = { + ".ssl/ljk-pnx-cert.pem" = secrets.pnxVpn.cert; + ".ssl/ljk-pnx-cert.key" = secrets.pnxVpn.certKey; + ".ssl/ljk-pnx-ca.pem" = secrets.pnxVpn.ca; + ".ssl/ljk-pnx.ovpn" = secrets.pnxVpn.ovpn; + ".ssl/ljk-pnx-pass.txt" = secrets.pnxVpn.pass; + + # ".config/libinput/gestures".text = '' # # Swipe threshold (0-100) # swipe_threshold 0 diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix index 038fa552e74d84a3100e735876795350981dbc82..715cd390942dcec768c8d6f57025d029913c1728 100644 GIT binary patch literal 1372 zcmZQ@_Y83kiVO&0=u0b!@7yEs`TydAxn_RTawZ?keG)t4_%UA_n>$>#YHOMv+wmDp z{Cz;D|FZJlv=5;R<@woveG!vrbh~u4U@pu2-Fu?h=Kk5nxMsIn=XPf)4b!LZ)E+DU zy0?;l3eUF>NB7s&>=##6cbwgr@qAs;$rhv$cQe{7S3(9wH0c=>IX zHEcOFKSXb)=_%jjfR00)etu`|=GJcfb>{x3?Tm+>wDcuj*rZ?SQn6p3V2mBGy`yoP1U()D*{a349T^~g`UDq#M)_T3vQ z;(Zjacimx`D!i=T{J>2C>xM~Z)^VLl+?gVfwWH|GEN5*4Q}5@;6(>i__`H70HTy@p zdCh|<&OM=5HQW_`u4Dh~V!?at#LTb_?`Ik()+%Ty3Uj?mlUs6MsMUMv{Pd;m7Aw^j z?JYYLr;-r0ob&whhaCUCXWVD2DwzA0xh{8IYWD((Ij0&I{q%miX?w=zo=K~|xaTXC zR=-K6m$N6}@f4#-W6K_};>wWd?de`h;u=I%p)7f+8lgdgv&WSVBemQa3Z>eRY zsr1I=C)s7f-=}hYz5Lg9#g#<9&E;1<`{f3{+{6^&bNJGa%L&yEDU63(H-5=9wCmav zw(wPw^-f(K(YH~C5)(sw9*DC^e}BEdPB%X^C3xmr!FNugQ(NEM2-@vZ>=YPw)l9_h z<#slmh<7>dNjugok<>6t^|scP@XuW@D`qd7UoX7)(8L)F>hmzJb3sp)hf7V}{<1{ficaF}>HyOfJDmtsoFCUP9Z+T*l ziO>yK?j=lh0{e}%Z1xviR=N8}`*HaD^w~1H#~T*J7u2i%ZMuJWQI6B}FDtmKyyiEh zi6l+uT%Eq$fAY5OJ5%=0*zhmo*rAD?M{Z?L_siTA{At~(RVz~S4zLyUc=W8On&*oA-B;gN_1P7=bugs8^gB7-xm{ zDfa}{kgJ#1n>2A$7X&=sRXe9>O+wC^%^5WX*^(x1%Dd()Ulp$5R5WGbu|xZejqbG_ zTYZ#wuH3Dd)hA`%_ay}MUraq!GGG736V3Fs^_9g{{EgA?@+->nx3g;0&+`&CT9S4! z_o`OfOaF%oi8dL%eHnLeG}+wyTFlJb*-*c-_?CP`h2z>o#hYCs1k|NPIuoQT6NM|bR~nR`;9W6PJP6OFK@H-GV6vg=6E zjYs8?w--$)jB4HStMZIahFIeMZH8JF={MTyLyC?~7M|O_@ylZWqo&WJ7R{4X^$sbF z(_$11*u9-6c0=dN&Y7)?YKvR-CfM=G#jKgvyRP-p`?8?a<2&w4vd?p7(0w5(@@{tO zO;Nl0fXY)2xm!NWWj@s-vZl(Z@JZ}-;eCHrFza;k&t7T&(BXbqVv26Y_n>v3_E6+Nt^*ZmV#i#mCd5WpC_Vn-6T@gS1*yVH4`62TA%cW-@ v)9|X7pCIOavFm3eQ{cusbBxcYFX{0XJ9^1)+LPdW4TArs3BTRi_Use@OGu!9 literal 1203 zcmZQ@_Y83kiVO&0So!l|a39Bi z*Uzl;`G2}>XKp$A>QBYj>7q7IO=41Z{XE0LZfUSY@6yff#sBTUDE7WOQ@l#==@qS1 zmYZJ-9vQq?W5vke^q;+1E=Fcf-V6R!DO&z@??Uwpdv|7POm&a=%~r7Hz~Y`KHtB|z zJ?aik>vL{Ng{WS7^r2lv{oKxZod4Gclz&^6wRL)9w_Mssw>f^t0)j8BnLJNqwoj)| zxN@@L{VeSTSv7q#$`&qV z?Dv0JX1;hU+pPli7lBXy7wb=96OZ*NpZs+B#w>wNiUD<3{FwIm6xjx3AFNt`!FB4q zYA)8}lVropstyJ3-LX)i(=NDc%fz(DCY~HIZ!~_sK3}O-adEx4jg^e^OWsC zpys!~tOi^RA`x1jZ7S;g&dM3ff16WTb9P;pvtf*!NY`SgBeE+pm0x~&60|lJBLwpU0(EtCf+^F#qmy{w$W=Gkn7CoxD0l^TXx|+mB|=Z|+)gDJ|5#X|vXX z!#T_U78c2HC$h19eEK{6Que3WvN56@2}e^`@RjO1aP3-rOn=iNd85Mfcip#oeM`Q6 z%fzm^R?1lS<`V_yIT^O znXUhwOX9l!MBYufJ4rfFmifq|Me|OtKEG-D`Td-^hW{3Id1mj@QMfSO*5u9QUxu+U z&Wm1bU7}z8eRf`#?B@G12g-V8%awKg$g#hd{Ku%J_jbmW*IyFYewuNqzx&7i)wSUK z`lI)5$}`NldPYU8lp(J?;I^X^j)sCH^9{0 zZ)5BocO#Q$qT-F=y(d}1-76EGu@=p1n)OF&9ozJt&5h#I=j-2DwD$6^H!OX8YvQe^ ZoeNi!`Zw#X+1-GEPEjKjCf4=l%K);1P4)l)