adriangl/nix-dotfiles-v2
1
1
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: adriangl:ce86eafd38e9ae304d833d982a3c4ddc256a3c30
Branches Tags
adriangl:main adriangl:galadriel-fra-legolas
...
compare: adriangl:main
Branches Tags
adriangl:main adriangl:galadriel-fra-legolas

78 Commits
ce86eafd38 ... main

Author SHA1 Message Date
Adrian G L
09c72c3384 feat: add android-cli package with FHS environment wrapper 2026-04-17 19:20:51 +02:00
Adrian G L
1cfeec1918 chore: remove unused uv2nix and pyproject-nix flake inputs 2026-04-13 16:51:32 +02:00
Your Name
0e034361b2 update llama 2026-04-12 15:45:07 +02:00
Your Name
11d33abdae fix(thermal): add util-linux to service path for logger command 2026-04-12 12:12:10 +02:00
Your Name
bc9ddbabb6 fix(thermal): remove unavailable options for NixOS 25.11 2026-04-12 12:03:44 +02:00
Your Name
9e0da9a1d2 feat(aragon): add thermal monitoring with thermald, mcelog and lm_sensors 2026-04-12 11:59:43 +02:00
Adrian Gunnar Lauterer
b200beb7ac ai updated 2026-04-07 17:48:27 +02:00
Adrian G L
0cd2f1ea6d fix: disable glm4.7, fix gemma4 quant typo, set omnivoice to cpu mode 2026-04-06 10:06:33 +02:00
Adrian G L
dbdb16fde2 feat: add llama-cpp-nightly package (b8667) and replace unstable llama-cpp-vulkan 2026-04-06 09:49:43 +02:00
Adrian Gunnar Lauterer
ea5c79367c llama swap oci edition 2026-04-06 09:45:55 +02:00
Adrian Gunnar Lauterer
4e406aeadb updates 2026-04-05 22:36:26 +02:00
Adrian Gunnar Lauterer
0ca7e7a219 added gemma 4 2026-04-05 22:35:41 +02:00
Adrian Gunnar Lauterer
17df27edee updates 2026-04-05 22:35:40 +02:00
Adrian G L
11710d6573 ai 2026-04-05 22:32:10 +02:00
Adrian G L
8b73151a1b fix(chatterbox-tts-api): skip django tests to fix cascading build failures 2026-04-02 17:50:45 +02:00
Adrian G L
25ee286ff7 feat: add chatterbox-tts-api package and authelia session secret 2026-04-02 12:29:08 +02:00
Adrian G L
c426b2b621 nvim updates 2026-03-31 13:48:33 +02:00
Adrian G L
994b321c8a feat: tts 
:q
 2026-03-31 13:27:06 +02:00
Adrian G L
45d13b7dbc feat: tts 
:q
 2026-03-24 15:36:31 +01:00
Adrian G L
bba4bd532c feat: llama-swap transcribe 2026-03-24 13:46:20 +01:00
Adrian G L
6d61867bc7 refactor: niri keybinds 2026-03-24 11:20:07 +01:00
Your Name
ed8523e77b image models 2026-03-24 00:45:14 +01:00
Your Name
461b9c1a2c fix swap 2026-03-23 23:48:36 +01:00
Your Name
18abd6f613 llama swap updates 2026-03-23 23:22:51 +01:00
Adrian Gunnar Lauterer
83fdef416e format and llama tuning 2026-03-23 22:19:15 +01:00
Adrian G L
8173b617e7 refactor: unify python packages across jupyter, devel and home configs 
- Create modules/python-packages.nix as single source of truth for 51 packages
- Update develPackages.nix to use shared package list with jupyter included
- Update jupyterhub.nix kernel to use shared package list
- Update home/python.nix to use shared package list
- Disable kicad/easyeda2kicad (transient GitLab download corruption)
 2026-03-23 14:41:09 +01:00
Adrian G L
cef3df711d refactor: simplify noctalia config and update xdg portals 2026-03-23 13:54:31 +01:00
Your Name
fa3792be0e qwen-asr and clenaup 2026-03-22 12:24:01 +01:00
Adrian Gunnar Lauterer
16ca4c733b some llama swap fixes 2026-03-03 21:20:22 +01:00
Your Name
c8f305a5bd updated models 2026-03-03 00:48:40 +01:00
Your Name
30a4f1e83f added cache to llama swap 2026-03-02 23:24:21 +01:00
Adrian G L
a6e5b1e0eb :redid llama-swap 2026-03-02 17:38:45 +01:00
Adrian Gunnar Lauterer
ca06437580 llama-cpp 2026-03-02 15:36:10 +01:00
Adrian Gunnar Lauterer
327f6dc6f0 llama-cpp instead of swap, native swap functionality is coming 2026-03-02 15:36:10 +01:00
Adrian G L
9ae8480f1b handy 2026-03-02 15:35:32 +01:00
Your Name
87bb5605d5 remove ollama its bad 2026-03-01 22:57:40 +01:00
Your Name
1139d767b1 application and dev stuff 2026-03-01 22:17:23 +01:00
Your Name
66c8320ef6 aragon aarch crossbuild 2026-03-01 22:16:29 +01:00
Adrian G L
d7ebdab4df galadriel intel stuff 2026-02-25 12:17:18 +01:00
Adrian Gunnar Lauterer
f6f95fdbdc galadriel stash 2026-02-25 10:24:48 +01:00
Adrian G L
eb792800a1 add more intel hardware drivers to galadriel 2026-02-25 10:19:52 +01:00
Adrian G L
1e33700125 niri noctalia keybind updates 2026-02-25 10:04:46 +01:00
Adrian Gunnar Lauterer
fb14fbcc13 added ollama models 2026-02-10 23:53:33 +01:00
Adrian G L
4c012d7100 niri noctalia keybind updates 2026-02-10 10:51:03 +01:00
Adrian G L
e933df2150 noctalia plugins 2026-02-10 10:51:03 +01:00
Adrian G L
0fa36a0b71 noctalia plugins 2026-02-09 14:00:20 +01:00
Adrian G L
c9ec662395 fix noctalia 2026-02-03 13:50:55 +01:00
Adrian G L
ad68106bd3 authelia 2026-02-03 13:00:19 +01:00
Adrian Gunnar Lauterer
4185127c3e fix qbit 2026-02-03 11:17:25 +01:00
Adrian G L
30af7733db fix xfs 2026-02-03 11:13:48 +01:00
Adrian G L
0c4354f120 move fcxit to system options. 2026-02-02 12:22:06 +01:00
Adrian G L
95fa504dc8 snapshot 2026-02-02 11:21:26 +01:00
Adrian Gunnar Lauterer
7a9781e260 galadriel hardware uppgrade 2026-01-28 17:20:08 +01:00
Adrian G L
c17203e6a5 more noctalia 2026-01-28 17:19:52 +01:00
Adrian G L
1653f58e52 noctalia 2026-01-27 19:30:01 +01:00
Adrian G L
9f2b5eeaf7 mako silent mode 2026-01-27 14:26:32 +01:00
Adrian G L
36cf6a4fc3 update pangolin 2026-01-24 19:52:46 +01:00
Adrian G L
828cbc67c7 pangolin env 2026-01-24 19:47:48 +01:00
Adrian G L
2cf89a9a1a pangolin 2026-01-24 19:37:59 +01:00
Adrian G L
084cdc1f36 python 2026-01-19 12:49:29 +01:00
Adrian G L
66beefe0b3 revert fuzzel to custom 2026-01-07 08:26:29 +01:00
Your Name
9419e8cd30 stuff 2026-01-06 20:28:43 +01:00
Adrian G L
101ee551b5 inital homemanager reconfig 2026-01-06 20:22:40 +01:00
Adrian G L
685fab808e nixpkgs cleanup 2026-01-02 22:41:52 +01:00
Adrian G L
32aa882014 diffs 2025-12-17 17:36:45 +01:00
Adrian Gunnar Lauterer
c43f27e371 jupyter fix 2025-12-16 19:19:29 +01:00
Your Name
23eb2ae842 testing elros 2025-12-16 19:10:32 +01:00
Your Name
8defa56f4f fix: remove boot.nix import from elros configuration 
Co-authored-by: aider (openrouter/mistralai/devstral-2512:free) <aider@aider.chat>
 2025-12-16 19:08:29 +01:00
Your Name
31ae9a3583 feat: add unstable.nix module to flake modules 2025-12-16 19:08:28 +01:00
Adrian Gunnar Lauterer
a44ec01dab Update flake.nix 2025-12-16 18:53:22 +01:00
Your Name
c30e1479cf alros 2025-12-16 18:39:10 +01:00
Your Name
48bfbd1f30 feat: add explicit ROCm and Vulkan support for compilation 
Co-authored-by: aider (openrouter/mistralai/devstral-2512:free) <aider@aider.chat>
 2025-12-16 18:39:10 +01:00
Adrian Gunnar Lauterer
ddda931c58 galadriel nvidia 2025-12-15 20:54:42 +01:00
Adrian Gunnar Lauterer
9898acd20b jupyter 2025-12-15 20:54:41 +01:00
Adrian Gunnar Lauterer
c82983b6d5 jupyter new packages 2025-12-15 20:53:51 +01:00
Adrian Gunnar Lauterer
338655e0b1 nvidia 2025-12-15 20:53:04 +01:00
Adrian Gunnar Lauterer
2cd032ef2a nvidia 2025-12-15 20:53:02 +01:00
Adrian G L
5c25748fec fix 2025-12-14 12:35:24 +01:00
71 changed files with 3620 additions and 1018 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
flake.lock
result

102
flake.nix
View File

@@ -10,6 +10,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-colors.url = "github:misterio77/nix-colors";
stylix = {
url = "github:nix-community/stylix/release-25.11";
@@ -28,7 +33,18 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
blog-generator.url = "github:adrlau/blog-generator";
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@@ -43,12 +59,65 @@
lanzaboote,
nixos-hardware,
blog-generator,
niri,
noctalia,
nixvim,
...
}@inputs:
let
system = "x86_64-linux";
in
{
packages.${system} =
let
lib = nixpkgs.lib;
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"s2cpp"
"s2-model"
"vllm-omni"
"android-cli"
];
};
in
{
inherit (pkgs)
qwen-asr
llama-swap
z-image-models
whisper-models
s2cpp
s2-model
vllm-omni
llama-cpp-nightly
llama-cpp-nightly-vulkan
llama-cpp-nightly-sycl
android-cli
;
};
overlays.default = final: _prev: {
qwen-asr = final.callPackage ./packages/qwen-asr { };
llama-swap = final.callPackage ./packages/llama-swap { };
z-image-models = final.callPackage ./packages/z-image-models { };
whisper-models = final.callPackage ./packages/whisper-models { };
s2cpp = final.callPackage ./packages/s2cpp { };
s2-model = final.callPackage ./packages/s2-model { };
vllm-omni = final.python3Packages.callPackage ./packages/vllm-omni { };
llama-cpp-nightly = final.callPackage ./packages/llama-cpp-nightly { };
llama-cpp-nightly-vulkan = final.callPackage ./packages/llama-cpp-nightly { vulkanSupport = true; };
llama-cpp-nightly-sycl = final.callPackage ./packages/llama-cpp-nightly {
syclSupport = true;
mkl = final.mkl;
oneDNN = final.oneDNN;
};
android-cli = final.callPackage ./packages/android-cli { };
};
# legolas
nixosConfigurations.legolas = nixpkgs.lib.nixosSystem {
inherit system;
@@ -58,17 +127,21 @@
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
inputs.niri.homeModules.niri
inputs.noctalia.homeModules.default
inputs.nixvim.homeModules.nixvim
];
}
{ nixpkgs.overlays = [ niri.overlays.niri ]; }
./modules/unstable.nix
sops-nix.nixosModules.sops
@@ -92,14 +165,23 @@
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.gunalx = import ./home/gunalx.nix;
home-manager.backupFileExtension = "bac";
home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
inputs.niri.homeModules.niri
inputs.noctalia.homeModules.default
inputs.nixvim.homeModules.nixvim
];
}
{
nixpkgs.overlays = [
self.overlays.default
niri.overlays.niri
];
}
@@ -128,5 +210,17 @@
];
};
# elros
nixosConfigurations.elros = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs system; };
modules = [
./modules/unstable.nix
./hosts/elros/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
];
};
};
}

16
home/aider.nix
View File

@@ -7,12 +7,12 @@
}:
{
home.packages = with pkgs; [
aider-chat-full
#aider-chat-full
];
programs.aider-chat = {
enable = true;
package = aider-chat-full;
package = pkgs.unstable.aider-chat-with-playwright;
settings = {
architect = true;
auto-accept-architect = false;
@@ -24,12 +24,12 @@
show-model-warnings = false;
verify-ssl = false;
watch-files=true;
analytics-disable=true;
check-update=false;
multiline=true;
notifications=true;
show-diffs=true
watch-files = true;
analytics-disable = true;
check-update = false;
multiline = true;
notifications = true;
show-diffs = true;
};
};

3
home/bash.nix
View File

@@ -13,6 +13,7 @@
"ai/cerebras" = { };
"ai/groq" = { };
"ai/mistral" = { };
"ai/zai" = { };
};
programs.bash = {
enable = true;
@@ -48,6 +49,8 @@
export CEREBRAS_API_KEY="$(cat ${config.sops.secrets."ai/cerebras".path})"
export GROQ_API_KEY="$(cat ${config.sops.secrets."ai/groq".path})"
export MISTRAL_API_KEY="$(cat ${config.sops.secrets."ai/mistral".path})"
export ZAI_API_KEY="$(cat ${config.sops.secrets."ai/zai".path})"
export ZAI_API_BASE="https://api.z.ai/api/coding/paas/v4"
#PS1 section

1
home/fonts.nix
View File

@@ -25,6 +25,7 @@
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.fira-code
zpix-pixel-font
font-awesome_4

11
home/gunalx.nix
View File

@@ -6,11 +6,14 @@
}:
{
imports = [
./unstable.nix
./nixpkgs.nix
./sshconfig.nix
./atuin.nix
./git.nix
./bash.nix
./xdg.nix
#./xdg.nix
# theming
./colors.nix
@@ -24,18 +27,18 @@
./waybar.nix
./wlogout.nix
./niri.nix
./noctalia.nix
./wallpapers.nix
./swww.nix
./fonts.nix
#applications
./mako.nix
#./mako.nix # superseeded by noctalia
./foot.nix
./zed.nix
./aider.nix
./opencode.nix
./neovim.nix
./fcitx5.nix
./nixvim.nix
./python.nix

7
home/mako.nix
View File

@@ -46,5 +46,12 @@ in
border-color = "#${palette.base08}FF";
};
settings."mode=silent" = {
invisible = 1;
actions = false;
icons = false;
default-timeout = 0;
};
};
}

2
home/neovim.nix
View File

@@ -21,6 +21,8 @@
];
plugins = with pkgs.vimPlugins; [
vim-indent-guides
# --- UI / File Explorer (Replaces Chadtree) ---
nvim-tree-lua
nvim-web-devicons

1297
home/niri.nix
View File

File diff suppressed because it is too large Load Diff

17
home/nixpkgs.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
pkgs,
lib,
...
}:
{
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
};
};
}

263
home/nixvim.nix Normal file
View File

@@ -0,0 +1,263 @@
{ pkgs, ... }:
{
programs.nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
withPython3 = true;
extraPython3Packages = ps: [ ps.pylatexenc ];
extraPackages = with pkgs; [
wl-clipboard
xclip
ripgrep
tree-sitter
];
globals.mapleader = " ";
opts = {
number = true;
relativenumber = true;
tabstop = 4;
softtabstop = 0;
shiftwidth = 4;
expandtab = true;
smarttab = true;
autoindent = true;
backspace = [
"indent"
"eol"
"start"
];
mouse = "a";
clipboard = "unnamedplus";
};
userCommands = {
E = {
command = "require('oil').open()";
desc = "Open oil file explorer";
};
};
plugins = {
web-devicons.enable = true;
treesitter = {
enable = true;
settings = {
highlight.enable = true;
indent.enable = true;
ensure_installed = [
"markdown"
"markdown_inline"
"latex"
"yaml"
"bash"
"rust"
"nix"
"lua"
];
};
};
lsp = {
enable = true;
servers = {
rust_analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
nil_ls.enable = true;
lua_ls.enable = true;
yamlls.enable = true;
};
};
cmp-nvim-lsp.enable = true;
cmp-buffer.enable = true;
cmp-path.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
mapping = {
"<Tab>" = {
__raw = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif require('minuet.virtualtext').action.is_visible() then
require('minuet.virtualtext').action.accept()
else
fallback()
end
end, { 'i', 's' })
'';
};
"<S-Tab>" = {
__raw = ''
cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif require('minuet.virtualtext').action.is_visible() then
require('minuet.virtualtext').action.dismiss()
else
fallback()
end
end, { 'i', 's' })
'';
};
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.abort()";
};
sources = [
{ name = "nvim_lsp"; }
{ name = "minuet"; }
{ name = "path"; }
{ name = "buffer"; }
];
performance.fetching_timeout = 3000;
};
};
telescope = {
enable = true;
keymaps = {
"<leader>ff" = "find_files";
"<leader>fg" = "live_grep";
"<leader>fb" = "buffers";
};
};
oil = {
enable = true;
settings = {
default_file_explorer = true;
columns = [ "icon" ];
view_options.show_hidden = false;
preview_win = {
update_on_cursor_moved = true;
};
keymaps = {
"<C-p>" = "actions.preview";
"-" = "actions.parent";
};
};
};
render-markdown = {
enable = true;
settings = {
latex = {
enabled = true;
converter = "latex2text";
highlight = "RenderMarkdownMath";
top_pad = 0;
bottom_pad = 0;
};
};
};
markdown-preview.enable = true;
vimtex.enable = true;
typst-vim.enable = true;
typst-preview.enable = true;
lastplace.enable = true;
indent-blankline.enable = true;
nix.enable = true;
minuet = {
enable = true;
settings = {
provider = "openai_fim_compatible";
n_completions = 1;
context_window = 1024;
throttle = 1500;
debounce = 600;
virtualtext = {
auto_trigger_ft = [ "*" ];
show_on_completion_menu = false;
};
provider_options = {
openai_fim_compatible = {
name = "Galadriel";
end_point = "http://galadriel:11112/v1/completions";
model = "qwen3.5";
api_key = "supersecret";
stream = true;
optional = {
max_tokens = 32;
};
template = {
prompt = {
__raw = ''
function(context_before_cursor, context_after_cursor, _)
return '<|fim_prefix|>'
.. context_before_cursor
.. '<|fim_suffix|>'
.. context_after_cursor
.. '<|fim_middle|>'
end
'';
};
suffix = false;
};
};
};
};
};
};
keymaps = [
{
mode = "n";
key = "<leader>e";
action = "<cmd>Oil<CR>";
options.desc = "Open oil file explorer";
}
{
mode = "n";
key = "<leader>m";
action = "<cmd>MarkdownPreviewToggle<CR>";
options.desc = "Toggle markdown preview";
}
{
mode = "n";
key = "<leader>fm";
action = "<cmd>lua vim.lsp.buf.format()<CR>";
options.desc = "Format with LSP";
}
{
mode = "n";
key = "<leader>bn";
action = "<cmd>bnext<CR>";
options.desc = "Next buffer";
}
{
mode = "n";
key = "<leader>bp";
action = "<cmd>bprev<CR>";
options.desc = "Previous buffer";
}
{
mode = "n";
key = "<leader>bd";
action = "<cmd>bdelete<CR>";
options.desc = "Delete buffer";
}
{
mode = "n";
key = "<leader>bN";
action = "<cmd>enew<CR>";
options.desc = "New buffer";
}
];
};
}

224
home/noctalia.nix Normal file
View File

@@ -0,0 +1,224 @@
{
pkgs,
config,
lib,
...
}:
{
programs.noctalia-shell = {
enable = true;
settings = {
bar = {
position = "top";
density = "default";
floating = false;
exclusive = true;
widgets = {
left = [
{ id = "Launcher"; }
{
id = "CustomButton";
icon = "keyboard";
tooltip = "Open Keyboard";
leftClickExec = "pkill wvkbd-mobintl || wvkbd-mobintl";
}
{ id = "SystemMonitor"; }
{ id = "MediaMini"; }
{ id = "Workspace"; }
];
center = [
{ id = "ActiveWindow"; }
];
right = [
{ id = "Tray"; }
{ id = "Clock"; }
{ id = "NotificationHistory"; }
{ id = "Battery"; }
{ id = "Brightness"; }
{ id = "Volume"; }
{ id = "Bluetooth"; }
{ id = "Network"; }
{ id = "ControlCenter"; }
#{ id = "SessionMenu"; }
];
};
};
general = {
radiusRatio = 0.2;
#animationSpeed = 2;
animationDisabled = true; # annoying
};
colorSchemes = {
useWallpaperColors = false;
darkMode = true;
};
templates = {
activeTemplates = [ ];
enableUserTheming = false;
};
wallpaper = {
enabled = true;
directory = "~/Pictures/wallpapers";
automationEnabled = true;
wallpaperChangeMode = "random";
randomIntervalSec = 270000;
fillMode = "crop";
};
appLauncher = {
position = "center";
sortByMostUsed = true;
viewMode = "list";
showCategories = true;
enableClipboardHistory = false;
pinnedApps = [ ];
useApp2Unit = false;
terminalCommand = "footclient ";
customLaunchPrefixEnabled = false;
customLaunchPrefix = "";
iconMode = "tabler";
showIconBackground = false;
enableSettingsSearch = true;
ignoreMouseInput = false;
screenshotAnnotationTool = "";
};
notifications = {
enabled = true;
location = "top_right";
#backgroundOpacity = 0.8;
lowUrgencyDuration = 1;
normalUrgencyDuration = 2;
criticalUrgencyDuration = 3;
};
osd = {
enabled = true;
location = "top_right";
autoHideMs = 500;
overlayLayer = true;
backgroundOpacity = lib.mkForce 0.5;
};
location = {
name = "Trondheim";
showWeekNumberInCalendar = true;
firstDayOfWeek = -1;
};
};
plugins = {
sources = [
{
enabled = true;
name = "Official Noctalia Plugins";
url = "https://github.com/noctalia-dev/noctalia-plugins";
}
];
states = {
notes-scratchpad = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
#todo = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
assistant-panel = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
#pomodoro = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#tailscale = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#noctalia-supergfxctl = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
#weekly-calendar = {
# enabled = true;
# sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
#};
kaomoji-provider = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
rss-feed = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
keybind-cheatsheet = {
enabled = true;
sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins";
};
};
version = 1;
};
pluginSettings = {
notes-scratchpad = {
panelWidth = 1200;
panelHeigth = 1600;
fontSize = 16;
filePath = "${config.xdg.userDirs.documents}/notes-scratchpad.txt";
};
assistant-panel = {
ai = {
provider = "openai_compatible";
models = {
"openai_compatible" = "qwen3.5";
};
#apiKeys = {};
temperature = 0.6;
systemPrompt = "You are a helpful assistant answering short questions. Be brief, think critically and come with constructual critics where needed.";
openaiLocal = true;
openaiBaseUrl = "http://galadriel:11111/v1/chat/completions";
};
translator = {
backend = "google";
realTimeTranslation = true;
deeplApiKey = "";
};
maxHistoryLength = 10;
panelDetached = true;
panelPosition = "center";
panelHeightRatio = 0.70;
panelWidth = 640;
attachmentStyle = "connected";
scale = 1;
};
rss-feed = {
feeds = [
{
name = "Hacker News";
url = "https://news.ycombinator.com/rss";
}
];
updateInterval = 3600;
maxItemsPerFeed = 10;
showOnlyUnread = true;
markAsReadOnClick = true;
};
};
};
# Noctalia is started via a systemd user service, so it won't see variables
# set only in niri's `settings.environment`. Put theme-related env here.
systemd.user.services.noctalia-shell.Service.Environment = [
"QT_QPA_PLATFORM=wayland;xcb"
"QT_QPA_PLATFORMTHEME=qt6ct"
"QT_AUTO_SCREEN_SCALE_FACTOR=1"
# Ensures Quickshell resolves app icons from a known icon theme.
"QS_ICON_THEME=Papirus-Dark"
];
}

196
home/opencode.nix
View File

@@ -6,136 +6,140 @@
...
}:
{
home.packages = with pkgs; [
opencode
];
programs.opencode = {
package = pkgs.unstable.opencode;
enable = true;
enableMcpIntegration = true;
settings = {
model = "anthropic/claude-sonnet-4-20250514";
small_model = "anthropic/claude-haiku-4-5";
#model = "github-copilot/gpt-5.2";
model = "zai-coding-plan/glm-5.1";
small_model = "zai-coding-plan/glm-5-turbo";
autoshare = false;
autoupdate = false;
};
agents = {
code-reviewer = ''
# Code Reviewer Agent
You are a senior software engineer specializing in code reviews.
Focus on code quality, security, and maintainability.
## Guidelines
- Review for potential bugs and edge cases
- Check for security vulnerabilities
- Ensure code follows best practices
- Suggest improvements for readability and performance
'';
code-reviewer = ''
# Code Reviewer Agent
debugger = ''
# Debugger Agent
You are a software engineer specializing in debugging and troubleshooting.
Focus on identifying issues, providing insights into existing bugs, and suggesting improvements to the debugging process.
## Guidelines
- Look for unhandled exceptions, crashes, or error states.
- Identify and remove redundant or unnecessary debug/print statements.
- Check for proper logging practices: ensure log levels (info, debug, error) are used correctly.
- Examine error messages for clarity and contextensure they aid in troubleshooting.
- Look for missing or incorrect error handling and suggest improvements.
- Trace the flow of execution to catch logical or state-related bugs.
- Ensure relevant variable states are being monitored during runtime to spot anomalies.
- Suggest improvements to breakpoints, watchpoints, or other debugging tools for better visibility.
- Look for performance bottlenecks that could be causing issues and suggest optimizations.
- Check for edge cases and race conditions that might not be covered by current debugging.
- Ensure debugging steps or tools dont affect production environments (i.e., avoid verbose logging in production).
- Document findings and proposed fixes clearly for future reference.
'';
You are a senior software engineer specializing in code reviews.
Focus on code quality, security, and maintainability.
simplifier = ''
# Simplifier Agent
You are a software engineer specializing in simplifying and refactoring complex code.
Focus on making the code more readable, maintainable, and easier to understand without altering its functionality.
## Guidelines
- Break down long or complex functions into smaller, well-named helper functions or methods.
- Identify and remove any redundant or duplicate logic, consolidating wherever possible.
- Use more descriptive variable and function names to improve clarity.
- Simplify nested loops or conditionals (e.g., consider early returns to reduce indentation).
- Replace complex data structures or algorithms with simpler, more efficient alternatives if appropriate.
- Refactor complex conditional logic (e.g., using polymorphism, strategy pattern, or lookup tables where applicable).
- Replace hardcoded values with constants or configuration variables to improve flexibility.
- Group related logic together to improve cohesion within classes or functions.
- Ensure the code follows the DRY (Don't Repeat Yourself) principle and refactor to remove duplication.
- Simplify error handling by centralizing common error paths or using more consistent exception handling.
- Remove unnecessary comments or redundant code that doesnt add value to readability.
- Check for opportunities to use built-in language features or libraries to reduce custom code (e.g., use `map()` instead of for-loops in Python).
- Ensure code is modular and maintainable, facilitating easier testing and future updates.
- Use early exits or guard clauses to minimize nested logic and make the code more straightforward.
'';
## Guidelines
- Review for potential bugs and edge cases
- Check for security vulnerabilities
- Ensure code follows best practices
- Suggest improvements for readability and performance
'';
debugger = ''
# Debugger Agent
You are a software engineer specializing in debugging and troubleshooting.
Focus on identifying issues, providing insights into existing bugs, and suggesting improvements to the debugging process.
## Guidelines
- Look for unhandled exceptions, crashes, or error states.
- Identify and remove redundant or unnecessary debug/print statements.
- Check for proper logging practices: ensure log levels (info, debug, error) are used correctly.
- Examine error messages for clarity and contextensure they aid in troubleshooting.
- Look for missing or incorrect error handling and suggest improvements.
- Trace the flow of execution to catch logical or state-related bugs.
- Ensure relevant variable states are being monitored during runtime to spot anomalies.
- Suggest improvements to breakpoints, watchpoints, or other debugging tools for better visibility.
- Look for performance bottlenecks that could be causing issues and suggest optimizations.
- Check for edge cases and race conditions that might not be covered by current debugging.
- Ensure debugging steps or tools dont affect production environments (i.e., avoid verbose logging in production).
- Document findings and proposed fixes clearly for future reference.
'';
simplifier = ''
# Simplifier Agent
You are a software engineer specializing in simplifying and refactoring complex code.
Focus on making the code more readable, maintainable, and easier to understand without altering its functionality.
## Guidelines
- Break down long or complex functions into smaller, well-named helper functions or methods.
- Identify and remove any redundant or duplicate logic, consolidating wherever possible.
- Use more descriptive variable and function names to improve clarity.
- Simplify nested loops or conditionals (e.g., consider early returns to reduce indentation).
- Replace complex data structures or algorithms with simpler, more efficient alternatives if appropriate.
- Refactor complex conditional logic (e.g., using polymorphism, strategy pattern, or lookup tables where applicable).
- Replace hardcoded values with constants or configuration variables to improve flexibility.
- Group related logic together to improve cohesion within classes or functions.
- Ensure the code follows the DRY (Don't Repeat Yourself) principle and refactor to remove duplication.
- Simplify error handling by centralizing common error paths or using more consistent exception handling.
- Remove unnecessary comments or redundant code that doesnt add value to readability.
- Check for opportunities to use built-in language features or libraries to reduce custom code (e.g., use `map()` instead of for-loops in Python).
- Ensure code is modular and maintainable, facilitating easier testing and future updates.
- Use early exits or guard clauses to minimize nested logic and make the code more straightforward.
'';
};
commands = {
commit = ''
# Commit Command
commit = ''
# Commit Command
Create a git commit with proper message formatting following conventional commits.
Usage: /commit [message]
'';
Create a git commit with proper message formatting following conventional commits.
Keep it simple and only have one simple commit line. If you need to know what was changed, look at the staged files, and the diffs of the relevant ones.
Usage: /commit [message]
'';
};
rules = ''
### **General Project Guidelines**
#### **Separation of Concerns**
### **General Project Guidelines**
#### **Separation of Concerns**
* Keep your code **loosely coupled** components/modules should only know about what they need.
* Maintain clear **separation between domain logic and business logic** ensure your domain layer is independent of infrastructure or framework specific details.
* Ensure **separation of data concerns** never mix UI data, business data, and domain entities in a single layer.
* Keep your code **loosely coupled** components/modules should only know about what they need.
* Maintain clear **separation between domain logic and business logic** ensure your domain layer is independent of infrastructure or framework specific details.
* Ensure **separation of data concerns** never mix UI data, business data, and domain entities in a single layer.
#### **Typing and Type Safety**
#### **Typing and Type Safety**
* **Always define types** explicitly for variables, parameters, and return values.
* Avoid using `any` if you're unsure about a type, lean on **unknown** or **generics** until you can define it properly.
* **Interfaces and Types** should be descriptive and reusable prefer interfaces for object shapes, and types for unions/intersections or specific business rules.
* Avoid overcomplicating types focus on clarity and consistency.
* **Always define types** explicitly for variables, parameters, and return values.
* Avoid using `any` if you're unsure about a type, lean on **unknown** or **generics** until you can define it properly.
* **Interfaces and Types** should be descriptive and reusable prefer interfaces for object shapes, and types for unions/intersections or specific business rules.
* Avoid overcomplicating types focus on clarity and consistency.
#### **Code Simplicity**
#### **Code Simplicity**
* Write **simple, understandable code** don't over engineer solutions unless absolutely necessary.
* Keep methods and functions **small and focused** follow the Single Responsibility Principle.
* **Comment only when necessary** to explain complex or non obvious patterns **no comments for simple or self explanatory code**.
* Write **simple, understandable code** don't over engineer solutions unless absolutely necessary.
* Keep methods and functions **small and focused** follow the Single Responsibility Principle.
* **Comment only when necessary** to explain complex or non obvious patterns **no comments for simple or self explanatory code**.
#### **Production-Ready Code**
#### **Production-Ready Code**
* Always write **production-grade code** optimize for maintainability, readability, and scalability.
* Ensure **robust error handling** catch edge cases, validate inputs, and handle exceptions gracefully.
* Always write **production-grade code** optimize for maintainability, readability, and scalability.
* Ensure **robust error handling** catch edge cases, validate inputs, and handle exceptions gracefully.
#### **Framework and Library Usage**
#### **Framework and Library Usage**
* Use frameworks and libraries **where they make sense**, but avoid unnecessary dependencies, we usually want to keep dependencies down.
* Follow **framework best practices** for structure, state management, and lifecycle methods
* Keep **UI and business logic separate** don't directly tie your UI components to business logic; use hooks or services to handle interactions.
* Use frameworks and libraries **where they make sense**, but avoid unnecessary dependencies, we usually want to keep dependencies down.
* Follow **framework best practices** for structure, state management, and lifecycle methods
* Keep **UI and business logic separate** don't directly tie your UI components to business logic; use hooks or services to handle interactions.
#### **Documentation**
#### **Documentation**
* **Document key architecture decisions** especially if they are complex or non intuitive.
* Only document the **why** and **how** when it's not obvious avoid redundant or trivial comments.
* Keep your documentation to the developmentlog.md Make a new section, dont write to long, just briefely what needs to be documented.
* **Document key architecture decisions** especially if they are complex or non intuitive.
* Only document the **why** and **how** when it's not obvious avoid redundant or trivial comments.
* Keep your documentation to the developmentlog.md Make a new section, dont write to long, just briefely what needs to be documented.
#### **Performance Considerations**
#### **Performance Considerations**
* Optimize for **readability first**, then **performance** measure performance bottlenecks before optimizing.
* When optimizing, our first priority is finding arcitectural problems, then finding out ways to parralelize.
* Optimize for **readability first**, then **performance** measure performance bottlenecks before optimizing.
* When optimizing, our first priority is finding arcitectural problems, then finding out ways to parralelize.
# General Rules
Keep things understandable for a software engineer. You dont need to over explain, and rather keep things a bit simpler. and tify.
Dont overly format your text as well. When writing plain text, markdown or similat, keep the writing in a human style with minimal formating, and good but simple explanations.
Be brief, you dont need to overly explain concepts or content that dont really need more explanation.
Tell the user where it takes wrong if the user does. You are allowed to think critically, and find problems in existing solutions, but start by asking, to get more clarification.
Dont do all the work for the user, rather let the user know where some help from them are needed. Some things are better done manually, and should not be done by you the assistant.
'';
};
}

23
home/python.nix
View File

@@ -1,27 +1,8 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.python312.withPackages (ppkgs: [
ppkgs.uv
ppkgs.pip
ppkgs.numpy
ppkgs.sympy
ppkgs.scipy
ppkgs.matplotlib
ppkgs.requests
ppkgs.pandas
ppkgs.scikit-learn
ppkgs.nltk
ppkgs.huggingface-hub
ppkgs.flask
ppkgs.gunicorn
ppkgs.torch
ppkgs.opencv-python
ppkgs.pillow
ppkgs.keras
ppkgs.tqdm
ppkgs.ipykernel
]))
pkgs.poetry
(pkgs.python3.withPackages (import ../modules/python-packages.nix))
];
}

12
home/stylix.nix
View File

@@ -36,7 +36,7 @@
base0F = config.colorScheme.palette.base0F;
};
opacity = {
desktop = 0.5;
desktop = 0.7;
terminal = 0.7;
};
@@ -46,14 +46,8 @@
terminal = 24;
desktop = 12;
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = config.stylix.fonts.monospace;
sansSerif = config.stylix.fonts.monospace;
monospace = {
package = pkgs.notonoto-35;
#name = "NOTONOTO-35-Bold";

17
home/unstable.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
inputs,
...
}:
let
unstableOverlay = final: prev: {
unstable = import inputs.unstable {
inherit (final.stdenv.hostPlatform) system;
config = config.nixpkgs.config;
};
};
in
{
nixpkgs.overlays = [ unstableOverlay ];
}

45
home/xdg.nix
View File

@@ -4,22 +4,39 @@
config,
...
}:
{
home.packages = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal
#xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
kdePackages.xdg-desktop-portal-kde
xdg-launch
xdg-ninja
xdg-utils
];
{
# Enable XDG base directories
xdg.enable = true;
# home.sessionVariables = {
# };
# Install the necessary packages for XDG compliance and management
home.packages = with pkgs; [
xdg-utils
xdg-launch
xdg-ninja
];
# Define session variables for XDG directories
home.sessionVariables = {
# Set other tools' paths to XDG directories (they should be relative to XDG_DATA_HOME or XDG_STATE_HOME)
GOPATH = "$XDG_DATA_HOME/go";
CARGO_HOME = "$XDG_DATA_HOME/cargo";
RUSTUP_HOME = "$XDG_DATA_HOME/rustup";
DOTNET_CLI_HOME = "$XDG_DATA_HOME/dotnet";
GNUPGHOME = "$XDG_DATA_HOME/gnupg";
ZDOTDIR = "$XDG_CONFIG_HOME/zsh"; # Optional, for Zsh configuration
HISTFILE = "$XDG_STATE_HOME/bash/history"; # Optional, for Bash history file location
};
# Enable XDG user directories (like Documents, Downloads, etc.)
xdg.userDirs.enable = true;
xdg.userDirs.createDirectories = true;
# Enable autostart functionality with read-only mode (prevents arbitrary service additions)
xdg.autostart.enable = true;
xdg.autostart.readOnly = true;
# Handle XDG MIME type associations (useful for apps)
xdg.mime.enable = true;
xdg.mimeApps.enable = true;
}

15
home/zed.nix
View File

@@ -1,7 +1,6 @@
{
pkgs,
lib,
unstable,
config,
...
}:
@@ -16,6 +15,7 @@
programs.zed-editor = {
enable = true;
#package = pkgs.zed-editor-fhs;
package = pkgs.unstable.zed-editor-fhs;
extraPackages = with pkgs; [
nodejs
@@ -60,6 +60,19 @@
dark = "Tokyo Night";
light = "Tokyo Night Storm";
};
features = {
edit_prediction_provider = "copilot";
};
agent = {
default_profile = "write";
default_model = {
provider = "copilot_chat";
model = "claude-opus-4.5";
};
model_parameters = [ ];
};
hour_format = "hour24";
node = {
path = lib.getExe pkgs.nodejs;

9
hosts/aragon/configuration.nix
View File

@@ -19,6 +19,7 @@
../../modules/pam.nix
../../modules/polkit.nix
../../modules/zram.nix
../../modules/thermal.nix
# Networking and remote access
../../modules/openssh.nix
@@ -55,10 +56,18 @@
];
services.desktopManager.gnome.enable = true;
environment.systemPackages = [
pkgs.qwen-asr
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;

44
hosts/aragon/hardware-configuration.nix
View File

@@ -31,27 +31,46 @@
hardware.amdgpu.opencl.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.graphics = {
enable = true;
};
services.xserver.videoDrivers = [ "amdgpu" ];
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
nixpkgs.config.rocmSupport = true;
nixpkgs.config.rocmTargets = [ "gfx1030" ];
environment.variables = {
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
};
# Environment variables for ROCm
environment.sessionVariables = {
HSA_OVERRIDE_GFX_VERSION = "10.3.0";
ROCM_PATH = "${pkgs.rocmPackages.rocm-core}/opt/rocm";
HIP_PATH = "${pkgs.rocmPackages.rocm-core}/opt/rocm/hip";
};
#hardware.opengl.extraPackages32 = with pkgs; [
# driversi686Linux.amdvlk
#];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
rocmPackages.clr.icd
vulkan-loader
vulkan-tools
vulkan-headers
];
};
# You *can* still put utilities here
environment.systemPackages = with pkgs; [
vulkan-tools
clinfo
rocmPackages.clr
rocmPackages.rocminfo
rocmPackages.rocm-runtime
rocmPackages.rocm-core
rocmPackages.rocm-smi
rocmPackages.rocblas
rocmPackages.rccl
rocmPackages.hipcc
lact
rocmPackages.rocminfo
rocmPackages.rocm-smi
@@ -62,7 +81,9 @@
rocmPackages.rocgdb
rocmPackages.rocblas
rocmPackages.rccl
rocmPackages.hipcc
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = [ "multi-user.target" ];
@@ -88,14 +109,7 @@
{ device = "/dev/disk/by-uuid/c7cdfab4-2c92-42de-b951-ccc6fcd7b7d7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

62
hosts/elros/configuration.nix Normal file
View File

@@ -0,0 +1,62 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/boot.nix
../../modules/zram.nix
../../modules/nix.nix
../../modules/openssh.nix
../../modules/gunalx.nix
../../secrets/sops.nix
../../secrets/sopsconf.nix
../../modules/pam.nix
../../modules/tailscale.nix
../../modules/basePackages.nix
../../modules/acme.nix
../../modules/pangolin.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # support rpi building
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "elros";
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

55
hosts/elros/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/7fa4de3a-20bb-4d0f-b049-dd6a0a0aee6e";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E04D-431D";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];
services.qemuGuest.enable = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

88
hosts/elros/routes.nix Normal file
View File

@@ -0,0 +1,88 @@
{
config,
pkgs,
lib,
...
}:
{
services.caddy.virtualHosts = {
"managment.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.104.182.48
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"funn-nas.lauterer.it" = {
extraConfig = ''
reverse_proxy https://100.104.182.48:30044 {
transport http {
tls_insecure_skip_verify
}
}
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"film.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.104.182.48:8096
'';
};
"home.lauterer.it" = {
extraConfig = ''
reverse_proxy http://10.0.0.32:8123
'';
};
"jellyfin.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8096
'';
};
"podgrab.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:4242
basicauth {
import ${config.sops.secrets."nginx/defaultpass".path}
}
'';
};
"jupyter.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8771
'';
};
"rss.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8089
'';
};
"ai.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:11111
'';
};
"chat.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:11111
'';
};
"archive.lauterer.it" = {
extraConfig = ''
reverse_proxy http://100.84.215.84:8082
'';
};
};
}

18
hosts/galadriel/configuration.nix
View File

@@ -13,6 +13,7 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
#./nvidia.nix #we have intel gpu now
../../modules/boot.nix
../../modules/zram.nix
../../modules/zfs.nix
@@ -29,19 +30,24 @@
../../modules/develPackages.nix
../../modules/vaultvarden.nix
../../modules/immich.nix
../../modules/qbittorrent.nix
../../modules/jellyfin.nix
../../modules/jupyterhub.nix
../../modules/qbittorrent.nix # broken for now?: Yes, just need to add the zfs disc again, to enable the paths this depends on. Lets redo that maybe?
../../modules/mealie.nix
../../modules/miniflux.nix
../../modules/ollama.nix
../../modules/jupyterhub.nix
../../modules/openwebui.nix
../../modules/immich.nix
../../modules/llama-swap.nix
];
#Load zfs pool
boot.zfs.extraPools = [ "Main" ];
networking.hostId = "1ccccd3a";
## Load zfs pool
boot.zfs.extraPools = [
"lorien"
];
boot.zfs.requestEncryptionCredentials = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;

39
hosts/galadriel/hardware-configuration.nix
View File

@@ -22,9 +22,48 @@
"usbhid"
"sd_mod"
];
boot.kernelPackages = pkgs.linuxPackages_6_19; # migth need to bump down if zfs compat breaks.
boot.zfs.package = pkgs.zfs_2_4;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [
"xe.force_probe=e212"
"xe.vram_force_mmapable=1"
"transparent_hugepage=always"
];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/ccs0/job_timeout_ms}="100000"
ACTION=="add", SUBSYSTEM=="drm", KERNEL=="card*", ATTR{device/tile0/gt0/engines/rcs0/job_timeout_ms}="100000"
'';
hardware.enableRedistributableFirmware = true;
hardware.firmware = [ pkgs.linux-firmware ];
environment.systemPackages = with pkgs; [
mkl
];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vpl-gpu-rt
mkl
#hardware decode and opencl
intel-media-driver # LIBVA_DRIVER_NAME=iHD (for HD Graphics starting Broadwell (2014) and newer)
intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
intel-compute-runtime
intel-ocl
intel-graphics-compiler
level-zero
vulkan-loader
vulkan-validation-layers
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/7789ad41-d578-40bc-bf86-b761e0a4921e";

11
hosts/legolas/configuration.nix
View File

@@ -31,12 +31,13 @@
../../modules/powerprofiles.nix
../../modules/basePackages.nix
../../modules/develPackages.nix
../../modules/jupyterhub.nix
#../../modules/jupyterhub.nix
../../modules/blog.nix
../../modules/ollama.nix
../../modules/docling.nix # temp for dev
#../../modules/ollama.nix
#../../modules/docling.nix # temp for dev ... Waiting for non broken docling-serve
../../modules/kdeconnect.nix
../../modules/desktopApplications.nix
../../modules/fcitx5.nix
];
@@ -49,6 +50,7 @@
#testing terminal from printer cable.
services.printing.enable = true;
boot.kernelModules = [ "usblp" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Enable the X11 windowing system.
services.xserver.enable = true;
@@ -66,6 +68,9 @@
enableSSHSupport = true;
};
services.dbus.enable = true;
services.dbus.implementation = "broker";
services.desktopManager.gnome.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,

43
modules/acme.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."acme/certs" = { };
networking.enableIPv6 = false; # For some reason acme only works without ipv6, probably because of missing AAAA records.
networking.domain = "lauterer.it";
#acme and certs helpful blog https://carjorvaz.com/posts/
security.acme = {
acceptTerms = true;
defaults.email = "adrian+acme@lauterer.it";
certs."${config.networking.domain}" = {
domain = "${config.networking.domain}";
extraDomainNames = [
"*.${config.networking.domain}"
"lb0fj.eu"
"*.lb0fj.eu"
"256.no"
"*.256.no"
"*.addictedmaker.eu"
"addictedmaker.eu"
];
## for testing.
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
#enableDebugLogs = true;
#legos registrar specific stuff.
dnsResolver = "ns1.hyp.net:53";
dnsProvider = "domeneshop";
dnsPropagationCheck = true;
#need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
credentialsFile = config.sops.secrets."acme/certs".path;
};
};
#add proxyserver to acme group
#users.users.nginx.extraGroups = [ "acme" ];
users.users.root.extraGroups = [ "acme" ];
}

70
modules/authelia.nix Normal file
View File

@@ -0,0 +1,70 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."authelia/usersFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/jwtSecretFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/storageEncryptionKeyFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
sops.secrets."authelia/sessionSecretFile" = {
owner = "authelia-main";
group = "authelia-main";
mode = "0400";
};
services.authelia.instances.main = {
enable = true;
secrets.storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKeyFile".path;
secrets.jwtSecretFile = config.sops.secrets."authelia/jwtSecretFile".path;
secrets.sessionSecretFile = config.sops.secrets."authelia/sessionSecretFile".path;
settings = {
theme = "dark";
default_2fa_method = "totp";
log.level = "warn";
server.disable_healthcheck = false;
server.address = "tcp://0.0.0.0:9091/";
authentication_backend = {
file = {
path = lib.mkDefault config.sops.secrets."authelia/usersFile".path;
};
};
session = {
cookies = [
{
domain = "lauterer.it";
authelia_url = "https://authelia.lauterer.it";
}
];
};
access_control = {
default_policy = "one_factor";
};
storage = {
local = {
path = lib.mkDefault "/var/lib/authelia/main/db.sqlite3";
};
};
notifier = {
filesystem = {
filename = lib.mkDefault "/var/lib/authelia/main/notification.txt";
};
};
};
};
}

10
modules/basePackages.nix
View File

@@ -10,7 +10,9 @@
git
wget
htop
busybox
bottom
nvtopPackages.full
uutils-coreutils
nixfmt-rfc-style
nixfmt-tree
@@ -18,6 +20,12 @@
unzip
ripgrep
eza
fastfetch
rsync
screen
];
}

10
modules/desktopApplications.nix
View File

@@ -2,6 +2,7 @@
config,
pkgs,
lib,
inputs,
...
}:
@@ -33,7 +34,9 @@
prusa-slicer
freecad-wayland
openscad-unstable
#kicad-unstable
#kicad # somehow stalls building.
#easyeda2kicad # could not build
easyeffects
musescore
mpv
@@ -72,6 +75,11 @@
tealdeer
clipboard-jh
ffmpeg
wl-clipboard
ydotool
wl-mirror
noto-fonts-cjk-sans
];

25
modules/develPackages.nix
View File

@@ -13,7 +13,6 @@
curl
wget
openssl
gdb
libgcc
@@ -37,6 +36,10 @@
valgrind
fontconfig
imagemagickBig
plantuml
rustup
rustfmt
treefmt
@@ -45,23 +48,11 @@
nodejs-slim
node2nix
jupyter
python3
python3Packages.uv
python3Packages.ipykernel
uv
poetry
thonny
python3Packages.flask
python3Packages.flask-sqlalchemy
python3Packages.flask-socketio
python3Packages.werkzeug
python3Packages.pyyaml
python3Packages.authlib
python3Packages.litellm
python3Packages.requests
python3Packages.flake8
python3Packages.torch
python3Packages.litellm
python3Packages.pycryptodome
(python3.withPackages (import ./python-packages.nix))
github-copilot-cli

47
modules/displaymanager.nix
View File

@@ -7,39 +7,30 @@
{
environment.systemPackages = [
(pkgs.catppuccin-sddm.override {
flavor = "mocha";
accent = "teal";
fontSize = "24";
background = ../home/Wallpapers/1346679.jpg;
loginBackground = true;
})
];
services.displayManager = {
enable = true;
sessionPackages = with pkgs; [ niri ];
defaultSession = "niri";
lemurs.enable = true;
sddm = {
enable = true;
autoNumlock = true;
enableHidpi = true;
wayland.enable = true;
theme = "catppuccin-mocha-teal";
package = pkgs.kdePackages.sddm;
};
};
#environment.systemPackages = [
# (pkgs.catppuccin-sddm.override {
# flavor = "mocha";
# accent = "teal";
# fontSize = "24";
# background = ../home/Wallpapers/1346679.jpg;
# loginBackground = true;
# })
#];
#services.displayManager = {
# enable = true;
# sessionPackages = with pkgs; [ niri ];
# defaultSession = "niri";
# sddm = {
# enable = true;
# autoNumlock = true;
# enableHidpi = true;
# wayland.enable = true;
# theme = "catppuccin-mocha-teal";
# package = pkgs.kdePackages.sddm;
# };
#};
}

6
modules/docling.nix
View File

@@ -5,16 +5,12 @@
...
}:
{
nixpkgs.config.allowBroken = true;
services.docling-serve = {
enable = true;
package = pkgs.unstable.docling-serve;
port = 5001;
host = "127.0.0.1";
openFirewall = true;
#environment
#environmentFile
};
}

38
home/fcitx5.nix → modules/fcitx5.nix
View File

@@ -1,27 +1,28 @@
{ pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
# System-level fcitx5 configuration for Wayland
# This prevents GTK_IM_MODULE from being set, which is recommended for Wayland
i18n.inputMethod = {
enable = true;
type = "fcitx5";
fcitx5 = {
waylandFrontend = true;
addons = with pkgs; [
fcitx5-rime
fcitx5-mozc
fcitx5-gtk
qt6Packages.fcitx5-configtool
];
settings = {
# Correct hotkey section:
globalOptions.Hotkey = {
TriggerKey = "Control+space";
};
inputMethod = {
GroupOrder."0" = "Default";
"Groups/0" = {
Name = "Default";
"Default Layout" = "us";
"DefaultIM" = "keyboard-us";
DefaultIM = "mozc";
};
"Groups/0/Items/0" = {
Name = "keyboard-us";
@@ -35,12 +36,21 @@
Name = "keyboard-no";
Layout = "no";
};
"Groups" = {
GroupOrder = "Default";
};
};
};
addons = with pkgs; [
fcitx5-rime
fcitx5-mozc
fcitx5-gtk
qt6Packages.fcitx5-configtool
];
};
};
# Ensure fcitx5 starts with the session
services.xserver.desktopManager.runXdgAutostartIfNone = true;
# environment.sessionVariables = {
# GTK_IM_MODULE = lib.mkForce "";
# };
}

2
modules/immich.nix
View File

@@ -12,7 +12,7 @@
openFirewall = true;
mediaLocation = "/Main/Data/media/pictures";
mediaLocation = "/lorien/media/pictures";
accelerationDevices = null;
settings = {

71
modules/jupyterhub.nix
View File

@@ -5,50 +5,31 @@
...
}:
let
myPythonPackages = import ./python-packages.nix;
myPython = pkgs.python3;
myJupyterHubEnv = myPython.withPackages (
ps: with ps; [
ps:
with ps;
[
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]
++ myPythonPackages ps
);
myJupyterLabEnv = myPython.withPackages (
ps: with ps; [
ps:
with ps;
[
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]
++ myPythonPackages ps
);
in
{
environment.systemPackages = with pkgs; [
python3Packages.numpy
python3Packages.scipy
python3Packages.pandas
python3Packages.matplotlib
python3Packages.seaborn
python3Packages.scikit-learn
];
users.users.tdt4117 = {
isNormalUser = true;
home = "/home/tdt4117";
@@ -72,37 +53,7 @@ in
kernels = {
python3 =
let
env = (
pkgs.python3.withPackages (
pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
seaborn
huggingface-hub
datasets
matplotlib
tqdm
numpy
scipy
pip
torch
torchvision
lightning
numpy
scipy
matplotlib
scikit-image
jupyterlab
ipykernel
pillow
tqdm
pandas
]
)
);
env = pkgs.python3.withPackages myPythonPackages;
in
{
displayName = "Python 3 for machine learning";

1
modules/kdeconnect.nix
View File

@@ -9,6 +9,7 @@
kdePackages.xdg-desktop-portal-kde
kdePackages.kdeconnect-kde
gnomeExtensions.gsconnect
kdePackages.qttools
];
programs.kdeconnect = {
#package = pkgs.kdePackages.kdeconnect-kde;

70
modules/librechat.nix Normal file
View File

@@ -0,0 +1,70 @@
{ config, pkgs, ... }:
let
librechatPort = 3080;
mongoUri = "mongodb://127.0.0.1:27017/LibreChat";
in
{
sops.secrets."librechat/environmentFile" = { };
# Enable MongoDB
services.mongodb = {
enable = true;
package = pkgs.mongodb-ce;
# Optional: enableAuth = true;
# initialRootPasswordFile = "/path/to/mongo-root-password-file";
};
# LibreChat systemd service
systemd.services.librechat = {
# Make enable flagged when built
enable = true;
description = "LibreChat server";
# **Native systemd dependency declarations**
requires = [ "mongodb.service" ];
after = [
"network.target"
"mongodb.service"
];
serviceConfig = {
EnvironmentFile = config.sops.secrets."librechat/environmentFile".path;
Restart = "on-failure";
User = "librechat";
Group = "librechat";
# ExecStart binds to package binary
ExecStart = ''
${pkgs.librechat}/bin/librechat-server \
--host 0.0.0.0 \
--port ${toString librechatPort} \
--config /var/lib/librechat/config.yaml
'';
WorkingDirectory = "/var/lib/librechat";
};
wantedBy = [ "multi-user.target" ];
};
# Create user
users.users.librechat = {
isSystemUser = true;
description = "LibreChat service user";
home = "/var/lib/librechat";
createHome = true;
};
users.users.librechat.group = "librechat";
users.groups.librechat = { };
systemd.tmpfiles.rules = [
"d /var/lib/librechat 0755 librechat librechat -"
];
networking.firewall.allowedTCPPorts = [
librechatPort
27017
];
}

43
modules/llama-cpp.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
pkgs,
lib,
unstable,
inputs,
system,
...
}:
let
hostname = config.networking.hostName;
in
{
environment.systemPackages = [ pkgs.unstable.ollama ];
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
port = 11111;
package = inputs.self.packages.${system}.llama-cpp-nightly-vulkan;
openFirewall = true;
model = "/var/lib/llama/models/Qwen3.5-35B-A3B-UD-Q2_K_XL.gguf";
extraFlags = [
"-c"
"32000"
"-ngl"
"41" # techincally entire qwen3.5
"--image-min-tokens"
"1024"
"--image-max-tokens"
"2048"
#"--hf-repo" "unsloth/Qwen3.5-35B-A3B-GGUF:Q2_K_L"
"--mmproj"
"/var/lib/llama/models/mmproj-F16.gguf"
"-ctk"
"q4_0"
"-ctv"
"q4_0" # quantisize kv cache.
"--no-mmap"
];
};
}

253
modules/llama-swap.nix Normal file
View File

@@ -0,0 +1,253 @@
{
config,
pkgs,
lib,
inputs,
system,
...
}:
{
environment.systemPackages = [
inputs.self.packages.${system}.llama-cpp-nightly-vulkan
pkgs.unstable.stable-diffusion-cpp-vulkan
pkgs.unstable.whisper-cpp-vulkan
inputs.self.packages.${system}.z-image-models
inputs.self.packages.${system}.whisper-models
#inputs.self.packages.${system}.fish-speech-models
];
services.llama-swap = {
enable = true;
package = inputs.self.packages.${system}.llama-swap;
port = 11112;
openFirewall = true;
settings =
let
llama-server = lib.getExe' inputs.self.packages.${system}.llama-cpp-nightly-vulkan "llama-server";
sd-server = lib.getExe' pkgs.unstable.stable-diffusion-cpp-vulkan "sd-server";
whisper-server = lib.getExe' pkgs.unstable.whisper-cpp-vulkan "whisper-server";
podman = lib.getExe pkgs.podman;
z-image-models = inputs.self.packages.${system}.z-image-models;
whisper-models = inputs.self.packages.${system}.whisper-models;
in
{
healthCheckTimeout = 180;
startPort = 12000;
globalTTL = 600;
logLevel = "info";
macros = {
ctx = 32000;
ngl = 99;
kv_cache = "-ctk q4_0 -ctv q4_0 -fa 1";
batch = "-b 1024 -ub 1024"; # default 512 512
hf_repo = "";
image-tokens = "--image-min-tokens 256 --image-max-tokens 1536";
qwen35-thinking = "--chat-template-kwargs '{\"enable_thinking\":true}'";
qwen35-no-thinking = "--chat-template-kwargs '{\"enable_thinking\":false}'";
};
models = {
"qwen3.5-35b-a3b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} $\{kv_cache\} $\{batch\} --hf-repo $\{hf_repo\} $\{image-tokens\} $\{qwen35-no-thinking\} ";
aliases = [ "qwen3.5" ];
ttl = 1800;
macros = {
ctx = 49152;
hf_repo = "unsloth/Qwen3.5-35B-A3B-GGUF:UD-IQ3_XXS";
};
};
"qwen3.5-9b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} $\{batch\} $\{image-tokens\} $\{qwen35-thinking\} ";
ttl = 900;
macros = {
hf_repo = "unsloth/Qwen3.5-9B-GGUF:UD-Q4_K_XL";
ctx = 128000;
};
};
"qwen3.5-2b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} $\{batch\} $\{image-tokens\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} ";
ttl = 900;
macros = {
hf_repo = "unsloth/Qwen3.5-2B-GGUF:UD-Q8_K_XL";
ctx = 200000;
};
};
"glm4.7-flash" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -fa 0 -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
aliases = [ "coder" ];
macros = {
hf_repo = "unsloth/GLM-4.7-Flash-REAP-23B-A3B-GGUF"; # Reap should allow more context in gpu mem
ctx = 32000;
};
};
"gemma4" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -fa 0 -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
macros = {
hf_repo = "unsloth/gemma-4-26B-A4B-it-GGUF:UD-IQ3_XXS";
ctx = 36000;
};
};
"gemma4E4" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} $\{kv_cache\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
ttl = 900;
macros = {
hf_repo = "unsloth/gemma-4-E4B-it-GGUF";
ctx = 128000;
};
};
"ministal-3-8b-reasonning" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
aliases = [ "ministral3" ];
ttl = 900;
macros.hf_repo = "mistralai/Ministral-3-8B-Reasoning-2512-GGUF";
};
"ministal-3-3b" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\}";
aliases = [ "ministral3-mini" ];
ttl = 900;
macros.hf_repo = "mistralai/Ministral-3-3B-Instruct-2512-GGUF";
};
"minicpm-o-4_5" = {
cmd = "${llama-server} --port $\{PORT\} --host 0.0.0.0 --ctx-size $\{ctx\} -ngl $\{ngl\} --hf-repo $\{hf_repo\} --mmproj-url https://huggingface.co/openbmb/MiniCPM-o-4_5-gguf/resolve/main/vision/MiniCPM-o-4_5-vision-F16.gguf";
aliases = [
"openbmb/MiniCPM-o-4_5-gguf"
"minicpm"
];
ttl = 900;
macros.hf_repo = "openbmb/MiniCPM-o-4_5-gguf";
};
"z-image-turbo" = {
cmd = "${sd-server} --listen-port $\{PORT\} --diffusion-model $\{diffusion_model\} --vae $\{vae\} --llm $\{llm\} --offload-to-cpu --cfg-scale 1.0 --height 1024 --width 1024 --steps 4";
checkEndpoint = "/";
ttl = 300;
aliases = [
"gpt-image-1"
"dall-e-3"
];
macros = {
diffusion_model = "${z-image-models}/models/z-image-turbo-Q4_K.gguf";
vae = "${z-image-models}/models/ae.safetensors";
llm = "${z-image-models}/models/Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
};
};
"distil-whisper-v3.5" = {
cmd = "${whisper-server} --host 127.0.0.1 --port $\{PORT\} -m $\{model\} --request-path /v1/audio/transcriptions --inference-path \"\"";
checkEndpoint = "/v1/audio/transcriptions/";
ttl = 0;
aliases = [
"whisper"
"whisper-1"
];
macros.model = "${whisper-models}/models/distil-large-v3.5.bin";
};
"nb-whisper-small" = {
cmd = "${whisper-server} --host 127.0.0.1 --port $\{PORT\} -m $\{model\} --request-path /v1/audio/transcriptions --inference-path \"\" --language no";
checkEndpoint = "/v1/audio/transcriptions/";
ttl = 0;
aliases = [
"whisper-no"
"whisper-nb"
];
macros.model = "${whisper-models}/models/nb-whisper-small-q5_0.bin";
};
"omnivoice" = {
cmd = "${pkgs.bash}/bin/bash -c '${pkgs.systemd}/bin/systemctl start podman-omnivoice.service && exec sleep infinity'";
cmdStop = "${pkgs.systemd}/bin/systemctl stop podman-omnivoice.service";
checkEndpoint = "/v1/audio/voices";
proxy = "http://127.0.0.1:8091";
ttl = 900;
};
"kokoro" = {
cmd = "${podman} run --init --rm --name kokoro-tts -p $\{PORT\}:8880 ghcr.io/remsky/kokoro-fastapi-cpu:latest";
cmdStop = "${podman} stop kokoro-tts";
checkEndpoint = "/v1/audio/voices";
ttl = 900;
};
};
};
};
virtualisation.oci-containers.containers.omnivoice = {
image = "vllm/vllm-openai:nightly";
ports = [ "8091:8091" ];
environment = {
VLLM_DEVICE = "cpu";
};
cmd = [
"vllm"
"serve"
"k2-fsa/OmniVoice"
"--omni"
"--device"
"cpu"
"--port"
"8091"
"--trust-remote-code"
];
extraOptions = [ "--rm" ];
autoStart = false;
};
systemd.services.llama-swap = {
serviceConfig = {
StateDirectory = "llama-swap";
CacheDirectory = "llama-swap";
RuntimeDirectory = "llama-swap";
Environment = [
"HOME=/var/lib/llama-swap"
"XDG_CACHE_HOME=/var/cache/llama-swap"
"MESA_SHADER_CACHE_DIR=/var/cache/llama-swap/mesa"
];
DynamicUser = lib.mkForce false;
User = "root";
Group = "root";
PrivateDevices = lib.mkForce false;
PrivateTmp = lib.mkForce false;
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
ProtectClock = lib.mkForce false;
ProtectControlGroups = lib.mkForce false;
ProtectHome = lib.mkForce false;
ProtectKernelLogs = lib.mkForce false;
ProtectKernelModules = lib.mkForce false;
ProtectKernelTunables = lib.mkForce false;
ProtectSystem = lib.mkForce false;
ProtectHostname = lib.mkForce false;
ProtectProc = lib.mkForce "";
MemoryDenyWriteExecute = lib.mkForce false;
LockPersonality = lib.mkForce false;
NoNewPrivileges = lib.mkForce false;
RemoveIPC = lib.mkForce false;
RestrictNamespaces = lib.mkForce true;
RestrictRealtime = lib.mkForce false;
RestrictSUIDSGID = lib.mkForce false;
RestrictAddressFamilies = lib.mkForce [
"AF_INET"
"AF_INET6"
"AF_UNIX"
"AF_NETLINK"
];
CapabilityBoundingSet = lib.mkForce "";
SystemCallArchitectures = lib.mkForce "";
SystemCallFilter = lib.mkForce [ ];
SystemCallErrorNumber = lib.mkForce "";
ProcSubset = lib.mkForce "all";
};
};
}

16
modules/nix.nix
View File

@@ -6,14 +6,10 @@
}:
{
imports = [ ];
imports = [ ./nixpkgs.nix ]; # migrate this afterwards.
system.rebuild.enableNg = true;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
sops.secrets."github/api" = {
mode = "0444";
group = "root";
@@ -60,10 +56,13 @@
}
{
hostName = "aragon";
system = "x86_64-linux";
#system = "x86_64-linux";
# if the builder supports building for multiple architectures,
# replace the previous line by, e.g.,
# systems = ["x86_64-linux" "aarch64-linux"];
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 6;
speedFactor = 6001;
supportedFeatures = [ ];
@@ -74,7 +73,8 @@
system = "x86_64-linux";
maxJobs = 4;
speedFactor = 4001;
supportedFeatures = [ "cuda" ];
#supportedFeatures = [ "cuda" ];
supportedFeatures = [ ];
mandatoryFeatures = [ ];
}

19
modules/nixpkgs.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [ ];
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
# example "python3.11-youtube-dl-2021.12.17"
];
};
};
}

51
modules/nvidia.nix Normal file
View File

@@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
{
# Enable OpenGL
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
boot = {
blacklistedKernelModules = [ "nouveau" ];
extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
initrd.kernelModules = [ "nvidia" ];
};
hardware.nvidia = {
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
#powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use. Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the independent third-party "nouveau" open source driver).
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false; # need proprietary for cuda.
# Enable the Nvidia settings menu, accessible via `nvidia-settings`.
#nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# Enable the CUDA toolkit
#install packages
environment.systemPackages = with pkgs; [
cudaPackages.cudatoolkit
cudaPackages.cudnn
nvtopPackages.nvidia
cudaPackages.nccl
pkgs.cudaPackages.libcublas
];
}

18
modules/ollama.nix
View File

@@ -15,20 +15,28 @@ in
services.ollama = {
enable = true;
package = pkgs.unstable.ollama;
package = lib.mkDefault pkgs.unstable.ollama-vulkan;
acceleration = lib.mkDefault "vulkan";
host = "0.0.0.0";
openFirewall = true;
port = 11434;
home = "/var/lib/ollama";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "32000";
};
# Preloaded models
loadModels = [
"gemma3:1b"
"qwen3:latest"
"qwen3:4b"
"qwen3:0.6b"
"glm-4.7-flash:latest"
"rnj-1:latest"
"lfm2.5-thinking:latest"
"qwen3-vl:4b"
"qwen3-vl:2b-instruct-q8_0"
"qwen3-vl:latest"
"gemma3:4b"
"qwen2.5vl:3b"
"ministral-3:3b"
"ministral-3:latest"
"granite3.2-vision"
"granite4:tiny-h"
"gpt-oss:20b"

31
modules/pangolin.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
pkgs,
lib,
...
}:
{
sops.secrets."pangolin/environmentFile" = {
restartUnits = [ "pangolin.service" ];
owner = "pangolin";
mode = "0755";
};
users.users.pangolin.extraGroups = [ "acme" ];
services.pangolin = {
enable = true;
openFirewall = true;
package = pkgs.unstable.fosrl-pangolin;
baseDomain = "lauterer.it";
dashboardDomain = "auth.lauterer.it";
dnsProvider = "domeneshop";
#settings
environmentFile = config.sops.secrets."pangolin/environmentFile".path;
#dataDir
};
}

52
modules/python-packages.nix Normal file
View File

@@ -0,0 +1,52 @@
ps: with ps; [
ipykernel
jupyter
jupyterlab
notebook
numpy
scipy
pandas
polars
matplotlib
seaborn
scikit-learn
scikit-image
sympy
nltk
huggingface-hub
datasets
tokenizers
transformers
accelerate
peft
bitsandbytes
torch
torchvision
lightning
keras
opencv-python
pillow
pyvista
vispy
pygame
tqdm
flask
flask-sqlalchemy
flask-socketio
werkzeug
gunicorn
requests
pyyaml
authlib
litellm
openai
langchain
langchain-community
pydantic
pydantic-core
docling-core
pycryptodome
flake8
pip
tkinter
]

9
modules/qbittorrent.nix
View File

@@ -4,6 +4,9 @@
pkgs,
...
}:
let
dataLocation = "/lorien/media/";
in
{
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
@@ -45,9 +48,9 @@
AnonymousModeEnabled = false;
BTProtocol = "Both";
BandwidthSchedulerEnabled = false;
DefaultSavePath = "/Main/Data/media/Downloads";
DefaultSavePath = dataLocation + "Downloads";
Encryption = 1;
FinishedTorrentExportDirectory = "/Main/Data/media/Downloads/torrents-complete";
FinishedTorrentExportDirectory = dataLocation + "Downloads/torrents-complete";
GlobalDLSpeedLimit = 0;
GlobalMaxRatio = 1.5;
GlobalUPSpeedLimit = 0;
@@ -69,7 +72,7 @@
TempPath = "/Main/Data/media/Downloads/temp";
TempPathEnabled = true;
TorrentContentLayout = "Subfolder";
TorrentExportDirectory = "/Main/Data/media/Downloads/torrents";
TorrentExportDirectory = dataLocation + "Downloads/torrents";
UseAlternativeGlobalSpeedLimit = false;
};
};

38
modules/thermal.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
pkgs,
lib,
...
}:
{
services.thermald.enable = true;
environment.systemPackages = with pkgs; [
lm_sensors
];
systemd.services.thermal-log = {
description = "Periodic thermal logging to journal";
serviceConfig.Type = "oneshot";
path = with pkgs; [
lm_sensors
gnugrep
coreutils
util-linux
];
script = ''
TEMP=$(sensors 2>/dev/null | grep -i 'Tctl\|Tdie' | head -1 || echo "N/A")
logger -t thermal-log "CPU Temp: $TEMP"
'';
};
systemd.timers.thermal-log = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Persistent = true;
};
};
}

6
modules/unstable.nix
View File

@@ -1,16 +1,14 @@
{
config,
pkgs,
inputs,
system,
...
}:
let
unstableOverlay = final: prev: {
unstable = import inputs.unstable {
inherit system;
config = prev.config;
inherit (final.stdenv.hostPlatform) system;
inherit (config.nixpkgs) config;
};
};
in

70
modules/xdg.nix
View File

@@ -4,38 +4,78 @@
config,
...
}:
{
{
environment.systemPackages = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
pkgs.xdg-desktop-portal
];
# XDG related configurations
xdg = {
autostart.enable = true;
menus.enable = true;
icons.enable = true;
sounds.enable = true;
# Enable desktop portal integration
#portal = {
# enable = true; # Enable the portal system
# xdgOpenUsePortal = true; # Use portal for opening files and URLs
# # Additional portals for specific environments
# extraPortals = with pkgs; [
# xdg-desktop-portal-gtk
# xdg-desktop-portal
# xdg-desktop-portal-gnome
# kdePackages.xdg-desktop-portal-kde # For KDE environment
# ];
# # Configuration packages for portals (like GNOME session, Niri, etc.)
# configPackages = with pkgs; [
# gnome-session
# niri
# ];
#};
portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal
#xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
kdePackages.xdg-desktop-portal-kde
xdg-launch
xdg-ninja
xdg-utils
config.common.default = [ "gnome" ];
extraPortals = [
pkgs.xdg-desktop-portal
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
];
configPackages = with pkgs; [
gnome-session
niri
];
};
# Enable autostart functionality (launch apps on login)
autostart.enable = true;
# Enable menu support for applications
menus.enable = true;
# Enable icon theme support (icons for applications, etc.)
icons.enable = true;
# Enable sounds for system events (like notifications)
sounds.enable = true;
# Terminal execution for XDG spec
terminal-exec.enable = true;
};
# Enable MIME type handling for file associations
xdg.mime.enable = true;
# Enable additional configurations for portals
xdg.portal.wlr.enable = true; # Disable Wayland/Weston portal support (as you've commented out)
# Icons
xdg.icons.fallbackCursorThemes = [ "Adwaita" ]; # Set a default cursor theme (you can change this)
# Terminal execution configuration
xdg.terminal-exec.package = pkgs.foot; # Choose the terminal emulator (can be changed to your preference)
xdg.terminal-exec.settings = { }; # Terminal-specific settings (customizable)
}

7
modules/zfs.nix
View File

@@ -6,16 +6,15 @@
}:
{
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
networking.hostId = "1ccccd3a";
boot.zfs.forceImportRoot = lib.mkDefault false;
#boot.zfs.package = lib.mkDefault pkgs.zfs_unstable;
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoSnapshot.enable = true;
services.zfs.autoSnapshot.flags = "-k -p --utc";
services.zfs.autoSnapshot.flags = lib.mkDefault "-k -p --utc";
environment.systemPackages = with pkgs; [
zfs
zfsnap
zfstools
zfsbackup
lz4

51
packages/android-cli/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{
lib,
stdenv,
fetchurl,
autoPatchelfHook,
buildFHSEnv,
glibc,
}:
let
pname = "android-cli";
version = "latest";
bootstrap = stdenv.mkDerivation {
pname = "${pname}-bootstrap";
inherit version;
src = fetchurl {
url = "https://dl.google.com/android/cli/latest/linux_x86_64/android";
hash = "sha256-louoe5M/sj0OXsiMFqjv1PJcTyJ0xuRM9j2lOv3hZzA=";
};
nativeBuildInputs = [ autoPatchelfHook ];
dontUnpack = true;
installPhase = ''
runHook preInstall
mkdir -p $out/libexec
cp $src $out/libexec/android
chmod +x $out/libexec/android
runHook postInstall
'';
};
in
buildFHSEnv {
name = pname;
targetPkgs = pkgs: [ pkgs.glibc ];
runScript = "${bootstrap}/libexec/android";
meta = {
description = "Android CLI - lightweight programmatic interface for Android development";
homepage = "https://developer.android.com/tools/agents";
license = lib.licenses.unfree;
platforms = [ "x86_64-linux" ];
mainProgram = "android-cli";
};
}

19
packages/intel-sycl/bintools-unwrapped/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{
runCommand,
llvm,
lld,
}:
runCommand "intel-sycl-bintools-${llvm.version}" { preferLocalBuild = true; } ''
mkdir -p $out/bin
ln -s ${llvm}/bin/llvm-ar $out/bin/ar
ln -s ${llvm}/bin/llvm-objcopy $out/bin/objcopy
ln -s ${llvm}/bin/llvm-size $out/bin/size
ln -s ${lld}/bin/lld $out/bin/ld
ln -s ${llvm}/bin/llvm-cov $out/bin/cov
ln -s ${llvm}/bin/llvm-foreach $out/bin/foreach
ln -s ${llvm}/bin/llvm-link $out/bin/link
ln -s ${llvm}/bin/llvm-profdata $out/bin/profdata
ln -s ${llvm}/bin/llvm-spirv $out/bin/spirv
''

36
packages/intel-sycl/clang/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
wrapCCWith,
llvm,
bintools,
gcc,
stdenv,
}:
wrapCCWith {
inherit bintools;
cc = llvm;
extraBuildCommands = ''
echo "" > $out/nix-support/add-hardening.sh
'';
extraPackages = [
llvm.dev
llvm.lib
];
nixSupport = {
cc-cflags = [
"-isystem ${llvm.dev}/include"
"-isystem ${llvm.dev}/include/sycl"
"-resource-dir=${llvm.rsrc}"
"--gcc-toolchain=${gcc.cc}"
];
cc-ldflags = [
"-L${llvm.lib}/lib"
"-L${gcc.cc}/lib/gcc/${stdenv.targetPlatform.config}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
];
};
}

51
packages/intel-sycl/default.nix Normal file
View File

@@ -0,0 +1,51 @@
global: self:
let
inherit (global) callPackage;
pins = callPackage ./pins { };
version = "nightly-2026-01-01";
src = global.fetchFromGitHub {
owner = "intel";
repo = "llvm";
rev = version;
hash = "sha256-OkSyn2KdAzptgKpTAnw//+6x8fbk/5Rjh1/6soQAjWc=";
};
in
{
lld = callPackage ./lld {
inherit (self) llvm;
inherit src version;
};
llvm = callPackage ./llvm {
inherit src version pins;
};
bintools-unwrapped = callPackage ./bintools-unwrapped {
inherit (self) llvm lld;
};
bintools = global.wrapBintoolsWith {
bintools = self.bintools-unwrapped;
};
clang = callPackage ./clang {
inherit (self) bintools llvm;
};
stdenv = global.overrideCC global.stdenv self.clang;
openmp = callPackage ./openmp {
inherit (self) stdenv;
inherit src version;
};
xpti = callPackage ./xpti {
inherit (self) stdenv;
inherit src version;
};
xptifw = callPackage ./xptifw {
inherit (self) stdenv;
inherit src version pins;
};
}

33
packages/intel-sycl/lld/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
lib,
stdenv,
src,
version,
cmake,
llvm,
libz,
libxml2,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-lld";
sourceRoot = "${src.name}/lld";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
buildInputs = [
llvm
libz
libxml2
];
cmakeFlags = [
(lib.cmakeFeature "LLD_INSTALL_PACKAGE_DIR" "${placeholder "dev"}/lib/cmake/lld")
];
}

156
packages/intel-sycl/llvm/default.nix Normal file
View File

@@ -0,0 +1,156 @@
{
stdenv,
gcc,
writeShellApplication,
wrapCCWith,
src,
version,
cmake,
pkg-config,
python3,
perl,
libz,
libxml2,
ncurses,
hwloc,
level-zero,
unified-memory-framework,
emhash,
parallel-hashmap,
spirv-headers,
opencl-headers,
ocl-icd,
intel-compute-runtime,
pins,
}:
let
root = "/build/source";
cc = wrapCCWith {
cc = writeShellApplication {
name = "clang";
text = ''
exec ${root}/build/bin/clang-22 "$@"
'';
passthru.isClang = true;
};
extraBuildCommands = ''
echo "" > $out/nix-support/add-hardening.sh
'';
nixSupport = {
cc-cflags = [
"-isystem /build/source/build/include"
"-resource-dir=/build/source/build/lib/clang/22"
"--gcc-toolchain=${gcc.cc}"
];
cc-ldflags = [
"-L/build/source/build/lib"
"-L${gcc.cc}/lib/gcc/${stdenv.targetPlatform.config}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
];
};
};
in
stdenv.mkDerivation {
inherit src version;
pname = "intel-llvm";
NIX_CFLAGS_COMPILE = [ "-Wno-unused-command-line-argument" ];
patches = [ ./gnu-install-dirs.patch ];
outputs = [
"out"
"lib"
"dev"
"rsrc"
"python"
];
nativeBuildInputs = [
cmake
pkg-config
python3
perl
];
buildInputs = [
libz
libxml2
ncurses
hwloc
unified-memory-framework
emhash
parallel-hashmap
level-zero
opencl-headers
ocl-icd
];
cmakeBuildType = "Release";
cmakeDir = "../llvm";
cmakeFlags = [
"-DCMAKE_BUILD_TYPE=Release"
"-DLLVM_TARGETS_TO_BUILD=Native"
"-DLLVM_INSTALL_UTILS=ON"
"-DLLVM_ENABLE_ZSTD=ON"
"-DLLVM_USE_STATIC_ZSTD=ON"
"-DLLVM_INSTALL_PACKAGE_DIR=${placeholder "dev"}/lib/cmake/llvm"
"-DLLVM_INCLUDE_TESTS=OFF"
"-DLLVM_BUILD_TESTS=OFF"
"-DLLVM_ENABLE_ASSERTIONS=OFF"
"-DLLVM_ENABLE_DOXYGEN=OFF"
"-DLLVM_ENABLE_SPHINX=OFF"
"-DLLVM_EXTERNAL_PROJECTS=sycl;sycl-jit;llvm-spirv;opencl;xpti;xptifw;libdevice"
"-DLLVM_EXTERNAL_SYCL_SOURCE_DIR=/build/source/sycl"
"-DLLVM_EXTERNAL_SYCL_JIT_SOURCE_DIR=/build/source/sycl-jit"
"-DLLVM_EXTERNAL_LLVM_SPIRV_SOURCE_DIR=/build/source/llvm-spirv"
"-DLLVM_EXTERNAL_XPTI_SOURCE_DIR=/build/source/xpti"
"-DLLVM_EXTERNAL_XPTIFW_SOURCE_DIR=/build/source/xptifw"
"-DLLVM_EXTERNAL_LIBDEVICE_SOURCE_DIR=/build/source/libdevice"
"-DLLVM_ENABLE_PROJECTS=clang;clang-tools-extra;sycl;sycl-jit;llvm-spirv;opencl;xpti;xptifw;libdevice"
"-DSYCL_ENABLE_XPTI_TRACING=ON"
"-DSYCL_COMPILER_VERSION=20260101"
"-DCLANG_RESOURCE_DIR=../lib/clang/22"
"-DFETCHCONTENT_SOURCE_DIR_VC-INTRINSICS=${pins.vc-intrinsics}"
"-DLLVM_EXTERNAL_SPIRV_HEADERS_SOURCE_DIR=${spirv-headers}"
"-DUR_USE_EXTERNAL_UMF=ON"
"-DL0_COMPUTE_RUNTIME_HEADERS=${intel-compute-runtime.src}/level_zero/include"
];
postPatch = ''
substituteInPlace libdevice/cmake/modules/SYCLLibdevice.cmake \
--replace-fail "\''${clang_exe}" "${cc}/bin/clang"
substituteInPlace unified-runtime/cmake/FetchOpenCL.cmake \
--replace-fail "NO_CMAKE_PACKAGE_REGISTRY" ""
'';
postInstall = ''
mkdir -p $python/share
mv $out/share/opt-viewer $python/share/opt-viewer
moveToOutput "bin/llvm-config*" "$dev"
substituteInPlace "$dev/lib/cmake/llvm/LLVMExports-release.cmake" \
--replace-fail "$out/bin/llvm-config" "$dev/bin/llvm-config"
substituteInPlace "$dev/lib/cmake/llvm/LLVMExports.cmake" \
--replace-fail "\''${_IMPORT_PREFIX}/include" "$dev/include"
substituteInPlace "$dev/lib/cmake/llvm/LLVMConfig.cmake" \
--replace-fail 'set(LLVM_BINARY_DIR "''${LLVM_INSTALL_PREFIX}")' "set(LLVM_BINARY_DIR \"$lib\")"
'';
postFixup = ''
mkdir -p $rsrc
mv $out/lib/clang/22/include $rsrc/include
rm -rf $out/lib/clang
'';
passthru.isLLVM = true;
passthru.isClang = true;
}

23
packages/intel-sycl/openmp/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{
stdenv,
src,
version,
cmake,
python3,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-openmp";
sourceRoot = "${src.name}/openmp";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [
cmake
python3
];
}

9
packages/intel-sycl/pins/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ fetchFromGitHub }:
{
vc-intrinsics = fetchFromGitHub {
owner = "intel";
repo = "vc-intrinsics";
rev = "60cea7590bd022d95f5cf336ee765033bd114d69";
hash = "sha256-1K16UEa6DHoP2ukSx58OXJdtDWyUyHkq5Gd2DUj1644=";
};
}

19
packages/intel-sycl/xpti/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{
stdenv,
src,
version,
cmake,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-xpti";
sourceRoot = "${src.name}/xpti";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
}

26
packages/intel-sycl/xptifw/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{
stdenv,
src,
version,
cmake,
parallel-hashmap,
emhash,
}:
stdenv.mkDerivation {
inherit src version;
pname = "intel-xptifw";
sourceRoot = "${src.name}/xptifw";
outputs = [
"out"
"dev"
];
nativeBuildInputs = [ cmake ];
buildInputs = [
emhash
parallel-hashmap
];
}

178
packages/llama-cpp-nightly/default.nix Normal file
View File

@@ -0,0 +1,178 @@
{
lib,
autoAddDriverRunpath,
cmake,
fetchFromGitHub,
stdenv,
ninja,
pkg-config,
curl,
config,
cudaSupport ? config.cudaSupport,
cudaPackages ? { },
rocmSupport ? config.rocmSupport,
rocmPackages ? { },
rocmGpuTargets ? rocmPackages.clr.localGpuTargets or rocmPackages.clr.gpuTargets,
openclSupport ? false,
clblast,
blasSupport ? builtins.all (x: !x) [
cudaSupport
metalSupport
openclSupport
rocmSupport
syclSupport
vulkanSupport
],
blas,
metalSupport ? stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 && !openclSupport,
vulkanSupport ? false,
rpcSupport ? false,
shaderc,
vulkan-headers,
vulkan-loader,
syclSupport ? false,
mkl ? null,
oneDNN ? null,
syclStdenv ? null,
syclF16Support ? false,
syclDeviceArch ? "",
}:
let
effectiveStdenv =
if cudaSupport then
cudaPackages.backendStdenv
else if syclSupport && syclStdenv != null then
syclStdenv
else
stdenv;
inherit (lib)
cmakeBool
cmakeFeature
optionals
optionalString
;
cudaBuildInputs = with cudaPackages; [
cuda_cccl
cuda_cudart
libcublas
];
rocmBuildInputs = with rocmPackages; [
clr
hipblas
rocblas
];
vulkanBuildInputs = [
shaderc
vulkan-headers
vulkan-loader
];
in
effectiveStdenv.mkDerivation (finalAttrs: {
pname = "llama-cpp-nightly";
version = "8763";
src = fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
tag = "b${finalAttrs.version}";
hash = "sha256-bDI7a7OMCbuZyaJX4o22fmQIyrGdzYkoIeVvxBYlnRI=";
leaveDotGit = true;
postFetch = ''
git -C "$out" rev-parse --short HEAD > $out/COMMIT
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
nativeBuildInputs = [
cmake
ninja
pkg-config
]
++ optionals cudaSupport [
cudaPackages.cuda_nvcc
autoAddDriverRunpath
];
buildInputs =
optionals cudaSupport cudaBuildInputs
++ optionals openclSupport [ clblast ]
++ optionals rocmSupport rocmBuildInputs
++ optionals blasSupport [ blas ]
++ optionals vulkanSupport vulkanBuildInputs
++ optionals syclSupport ([ mkl ] ++ optionals (oneDNN != null) [ oneDNN ])
++ [ curl ];
preConfigure = ''
prependToVar cmakeFlags "-DLLAMA_BUILD_COMMIT:STRING=$(cat COMMIT)"
'';
cmakeFlags = [
(cmakeBool "GGML_NATIVE" false)
(cmakeBool "LLAMA_BUILD_EXAMPLES" false)
(cmakeBool "LLAMA_BUILD_SERVER" true)
(cmakeBool "LLAMA_BUILD_TESTS" false)
(cmakeBool "LLAMA_CURL" true)
(cmakeBool "BUILD_SHARED_LIBS" true)
(cmakeBool "GGML_BLAS" blasSupport)
(cmakeBool "GGML_CLBLAST" openclSupport)
(cmakeBool "GGML_CUDA" cudaSupport)
(cmakeBool "GGML_HIP" rocmSupport)
(cmakeBool "GGML_METAL" metalSupport)
(cmakeBool "GGML_RPC" rpcSupport)
(cmakeBool "GGML_VULKAN" vulkanSupport)
(cmakeBool "GGML_SYCL" syclSupport)
(cmakeFeature "LLAMA_BUILD_NUMBER" finalAttrs.version)
]
++ optionals cudaSupport [
(cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cudaPackages.flags.cmakeCudaArchitecturesString)
]
++ optionals rocmSupport [
(cmakeFeature "CMAKE_HIP_COMPILER" "${rocmPackages.clr.hipClangPath}/clang++")
(cmakeFeature "CMAKE_HIP_ARCHITECTURES" (builtins.concatStringsSep ";" rocmGpuTargets))
]
++ optionals metalSupport [
(cmakeFeature "CMAKE_C_FLAGS" "-D__ARM_FEATURE_DOTPROD=1")
(cmakeBool "LLAMA_METAL_EMBED_LIBRARY" true)
]
++ optionals rpcSupport [
(cmakeBool "CMAKE_SKIP_BUILD_RPATH" true)
]
++ optionals syclSupport [
(cmakeFeature "GGML_SYCL_TARGET" "INTEL")
(cmakeBool "GGML_SYCL_DNN" (oneDNN != null))
(cmakeBool "GGML_SYCL_F16" syclF16Support)
]
++ optionals (syclSupport && syclDeviceArch != "") [
(cmakeFeature "GGML_SYCL_DEVICE_ARCH" syclDeviceArch)
];
postInstall = ''
ln -sf $out/bin/llama-cli $out/bin/llama
mkdir -p $out/include
cp $src/include/llama.h $out/include/
''
+ optionalString rpcSupport "cp bin/rpc-server $out/bin/llama-rpc-server";
doCheck = false;
meta = {
description = "Inference of Meta's LLaMA model (and others) in pure C/C++)";
homepage = "https://github.com/ggml-org/llama.cpp";
license = lib.licenses.mit;
mainProgram = "llama";
platforms = if syclSupport then [ "x86_64-linux" ] else lib.platforms.unix;
badPlatforms = optionals (cudaSupport || openclSupport) lib.platforms.darwin;
broken =
(metalSupport && !effectiveStdenv.hostPlatform.isDarwin) || (syclSupport && syclStdenv == null);
};
})

1
packages/llama-swap/default.nix Normal file
View File

@@ -0,0 +1 @@
import ./package.nix

144
packages/llama-swap/package.nix Normal file
View File

@@ -0,0 +1,144 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
versionCheckHook,
callPackage,
nixosTests,
nix-update-script,
}:
let
canExecute = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
in
buildGoModule (finalAttrs: {
pname = "llama-swap";
version = "198";
outputs = [
"out"
"wol"
];
src = fetchFromGitHub {
owner = "mostlygeek";
repo = "llama-swap";
tag = "v${finalAttrs.version}";
hash = "sha256-7fZUKDCtj8RGca53CkLwVpvNWX6ryTbS02Uz/+uZpTs=";
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse HEAD > $out/COMMIT
date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
vendorHash = "sha256-XiDYlw/byu8CWvg4KSPC7m8PGCZXtp08Y1velx4BR8U=";
passthru.ui = callPackage ./ui.nix { llama-swap = finalAttrs.finalPackage; };
nativeBuildInputs = [
versionCheckHook
];
__darwinAllowLocalNetworking = true;
ldflags = [
"-s"
"-w"
"-X main.version=${finalAttrs.version}"
];
preBuild = ''
ldflags+=" -X main.commit=$(cat COMMIT)"
ldflags+=" -X main.date=$(cat SOURCE_DATE_EPOCH)"
cp -r ${finalAttrs.passthru.ui}/ui_dist proxy/
'';
excludedPackages = [
"misc/process-cmd-test"
"misc/benchmark-chatcompletion"
]
++ lib.optionals (!canExecute) [
"misc/simple-responder"
];
checkFlags =
let
skippedTests = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [
"TestProcess_AutomaticallyStartsUpstream"
"TestProcess_WaitOnMultipleStarts"
"TestProcess_BrokenModelConfig"
"TestProcess_UnloadAfterTTL"
"TestProcess_LowTTLValue"
"TestProcess_HTTPRequestsHaveTimeToFinish"
"TestProcess_SwapState"
"TestProcess_ShutdownInterruptsHealthCheck"
"TestProcess_ExitInterruptsHealthCheck"
"TestProcess_ConcurrencyLimit"
"TestProcess_StopImmediately"
"TestProcess_ForceStopWithKill"
"TestProcess_StopCmd"
"TestProcess_EnvironmentSetCorrectly"
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
doCheck = canExecute;
preCheck = ''
mkdir build
ln -s "$GOPATH/bin/simple-responder" "./build/simple-responder_''${GOOS}_''${GOARCH}"
'';
postCheck = ''
rm "$GOPATH/bin/simple-responder"
'';
postInstall = ''
install -Dm444 -t "$out/share/llama-swap" config.example.yaml
mkdir -p "$wol/bin"
mv "$out/bin/wol-proxy" "$wol/bin/"
'';
doInstallCheck = true;
versionCheckProgramArg = "-version";
passthru.tests.nixos = nixosTests.llama-swap;
passthru.updateScript = nix-update-script {
extraArgs = [
"--subpackage"
"ui"
];
};
meta = {
homepage = "https://github.com/mostlygeek/llama-swap";
changelog = "https://github.com/mostlygeek/llama-swap/releases/tag/${finalAttrs.src.tag}";
description = "Model swapping for llama.cpp (or any local OpenAPI compatible server)";
longDescription = ''
llama-swap is a light weight, transparent proxy server that provides
automatic model swapping to llama.cpp's server.
When a request is made to an OpenAI compatible endpoint, llama-swap will
extract the `model` value and load the appropriate server configuration to
serve it. If the wrong upstream server is running, it will be replaced
with the correct one. This is where the "swap" part comes in. The upstream
server is automatically swapped to the correct one to serve the request.
In the most basic configuration llama-swap handles one model at a time.
For more advanced use cases, the `groups` feature allows multiple models
to be loaded at the same time. You have complete control over how your
system resources are used.
'';
license = lib.licenses.mit;
mainProgram = "llama-swap";
maintainers = with lib.maintainers; [
jk
podium868909
];
};
})

35
packages/llama-swap/ui.nix Normal file
View File

@@ -0,0 +1,35 @@
{
llama-swap,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "${llama-swap.pname}-ui";
inherit (llama-swap) version;
src = fetchFromGitHub {
owner = "mostlygeek";
repo = "llama-swap";
tag = "v${finalAttrs.version}";
hash = "sha256-FGrRwWgXTpH4h0MYCdMDagUskUZA+/s/dOjjkAigPQw=";
};
npmDepsHash = "sha256-gTDsuWPLCWsPltioziygFmSQFdLqjkZpmmVWIWoZwoc=";
postPatch = ''
substituteInPlace vite.config.ts \
--replace-fail "../proxy/ui_dist" "${placeholder "out"}/ui_dist"
'';
sourceRoot = "source/ui-svelte";
postInstall = ''
rm -rf $out/lib
'';
meta = (removeAttrs llama-swap.meta [ "mainProgram" ]) // {
description = "${llama-swap.meta.description} - UI";
};
})

49
packages/qwen-asr/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
lib,
fetchFromGitHub,
rustPlatform,
openblas,
pkg-config,
alsa-lib,
}:
rustPlatform.buildRustPackage {
pname = "qwen-asr";
version = "1.0.3";
src = fetchFromGitHub {
owner = "adrlau";
repo = "QwenASR";
rev = "v1.0.3";
hash = "sha256-Ga52horbOHszNWTA3FWYQk0Awjx6QNJFQ97DD5os0fI=";
};
cargoHash = "sha256-eEr/QnbACtfUExqA4fYpTN2WVeWmKmSa0GwacAXzLIE=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openblas
alsa-lib
];
cargoBuildFlags = [
"--package"
"qwen-asr-cli"
];
doCheck = false;
env = {
RUSTFLAGS = "-C target-cpu=native";
OPENBLAS_DIR = openblas;
};
meta = {
description = "Pure Rust CPU-only inference engine for Qwen3-ASR speech-to-text models";
homepage = "https://github.com/adrlau/QwenASR";
license = lib.licenses.mit;
mainProgram = "qwen-asr";
platforms = lib.platforms.linux;
};
}

32
packages/s2-model/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
fetchurl,
runCommand,
}:
let
s2ProQ6 = fetchurl {
url = "https://huggingface.co/rodrigomt/s2-pro-gguf/resolve/main/s2-pro-q6_k.gguf";
hash = "sha256-hKyQQXKiytuE6PfxTqPxrO8FhJh2Nehfcgf9JU6vojU=";
name = "s2-pro-q6_k.gguf";
};
in
runCommand "s2-model"
{
version = "1.0.0";
meta = {
description = "S2 Pro GGUF model files for s2.cpp";
homepage = "https://huggingface.co/rodrigomt/s2-pro-gguf";
license = {
shortName = "fish-audio-research";
fullName = "Fish Audio Research License";
url = "https://github.com/rodrigomatta/s2.cpp/blob/main/LICENSE.md";
free = false;
};
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${s2ProQ6} $out/models/s2-pro-q6_k.gguf
''

95
packages/s2cpp/default.nix Normal file
View File

@@ -0,0 +1,95 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
pkg-config,
autoPatchelfHook,
makeWrapper,
vulkan-loader,
vulkan-headers,
glslang,
shaderc,
cudaPackages ? { },
enableVulkan ? false,
enableCuda ? false,
}:
let
cudaCapabilities = [
"8.6"
"8.9"
"9.0"
];
in
stdenv.mkDerivation (finalAttrs: {
pname = "s2cpp";
version = "0-unstable-2025-04-05";
src = fetchFromGitHub {
owner = "rodrigomatta";
repo = "s2.cpp";
rev = "36a5fb058b740d8826f67d027bf46b3273fe4e3d";
hash = "sha256-C8BSUWNRrZKdaKHniAbeObq9fChvFQZ5HXcvSzgNsIw=";
fetchSubmodules = true;
};
nativeBuildInputs = [
cmake
autoPatchelfHook
makeWrapper
]
++ lib.optionals enableVulkan [ pkg-config ]
++ lib.optionals enableCuda [
cudaPackages.cuda_nvcc
];
buildInputs =
[ ]
++ lib.optionals enableVulkan [
vulkan-loader
vulkan-headers
glslang
shaderc
]
++ lib.optionals enableCuda [
cudaPackages.cuda_cudart
cudaPackages.cuda_cccl
];
cmakeFlags = [
"-DCMAKE_SKIP_BUILD_RPATH=ON"
"-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON"
"-DCMAKE_INSTALL_RPATH=${placeholder "out"}/lib"
]
++ lib.optionals enableVulkan [ "-DS2_VULKAN=ON" ]
++ lib.optionals enableCuda [
"-DS2_CUDA=ON"
"-DCMAKE_CUDA_ARCHITECTURES=${lib.concatStringsSep ";" cudaCapabilities}"
];
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib $out/share
find . -name 's2' -type f -executable -exec install -Dm755 {} $out/bin/.s2-wrapped \;
find . -name '*.so*' -exec install -Dm755 {} -t $out/lib/ \;
install -Dm644 ${finalAttrs.src}/tokenizer.json $out/share/tokenizer.json
makeWrapper $out/bin/.s2-wrapped $out/bin/s2 \
--add-flags "-t $out/share/tokenizer.json"
runHook postInstall
'';
meta = {
description = "Fish Audio S2 Pro text-to-speech inference engine in native C++/GGML";
homepage = "https://github.com/rodrigomatta/s2.cpp";
license = {
shortName = "fish-audio-research";
fullName = "Fish Audio Research License";
url = "https://github.com/rodrigomatta/s2.cpp/blob/main/LICENSE.md";
free = false;
};
mainProgram = "s2";
platforms = lib.platforms.linux;
};
})

34
packages/whisper-models/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
lib,
fetchurl,
runCommand,
}:
let
distilLargeV35 = fetchurl {
url = "https://huggingface.co/distil-whisper/distil-large-v3.5-ggml/resolve/main/ggml-model.bin";
hash = "sha256-7CSYkZtJjF9rAAQa20VlASSzzZ8m9UX/+o9dEcKNzyY=";
name = "distil-large-v3.5.bin";
};
nbWhisperSmallQ5 = fetchurl {
url = "https://huggingface.co/NbAiLab/nb-whisper-small/resolve/main/ggml-model-q5_0.bin";
hash = "sha256-KpAlr7boJfxK5qRmceDLL0PmLx3shycN7qb+YbUoWiA=";
name = "nb-whisper-small-q5_0.bin";
};
in
runCommand "whisper-models"
{
version = "1.0.0";
meta = {
description = "Whisper GGML models for whisper.cpp";
homepage = "https://huggingface.co/distil-whisper/distil-large-v3.5-ggml";
license = lib.licenses.mit;
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${distilLargeV35} $out/models/distil-large-v3.5.bin
ln -s ${nbWhisperSmallQ5} $out/models/nb-whisper-small-q5_0.bin
''

41
packages/z-image-models/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
lib,
fetchurl,
runCommand,
}:
let
zImageTurbo = fetchurl {
url = "https://huggingface.co/leejet/Z-Image-Turbo-GGUF/resolve/main/z_image_turbo-Q4_K.gguf";
hash = "sha256-FLN1q08ia8U3j2jzfome88IkK4VB5h4rwa/0CXYIb70=";
name = "z-image-turbo-Q4_K.gguf";
};
vae = fetchurl {
url = "https://huggingface.co/Comfy-Org/z_image_turbo/resolve/main/split_files/vae/ae.safetensors";
hash = "sha256-r8jignLNFds5GbrNtpGM6cHtIulssSxNXtD7qCNSnjg=";
name = "ae.safetensors";
};
qwen3TextEncoder = fetchurl {
url = "https://huggingface.co/unsloth/Qwen3-4B-Instruct-2507-GGUF/resolve/main/Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
hash = "sha256-NgWAO5gstkrq1E9sGyrjbjrNtB2ORsipTGUzvExn5Zc=";
name = "Qwen3-4B-Instruct-2507-Q4_K_M.gguf";
};
in
runCommand "z-image-models"
{
version = "1.0.0";
meta = {
description = "Z-Image-Turbo models for stable-diffusion.cpp";
homepage = "https://github.com/leejet/stable-diffusion.cpp/blob/master/docs/z_image.md";
license = lib.licenses.asl20;
platforms = lib.platforms.all;
};
}
''
mkdir -p $out/models
ln -s ${zImageTurbo} $out/models/z-image-turbo-Q4_K.gguf
ln -s ${vae} $out/models/ae.safetensors
ln -s ${qwen3TextEncoder} $out/models/Qwen3-4B-Instruct-2507-Q4_K_M.gguf
''

22
secrets/secrets.yaml
View File

@@ -1,9 +1,11 @@
#ENC[AES256_GCM,data:iFOJJlRLRz2m7NyHzPhgUg==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:ITcKcojB8Cpk5cICcxV/Hw==,type:comment]
/open# run to encrypt: null
#ENC[AES256_GCM,data:kvu25CX2iZURTBGQXYZTkwT00EqhPNF/ORglzJCsDRthR9hwLomlCzsdDCCwBmbEYbUSnyup0/yt6kj5gUA1iTpoGLVJK1EMoAUm7H7Vl4V0XheizUyTUJdfQUzQQXONzB2kTlE2DHuIWKN5Bz8+LKqoDrI=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:yY+w4rJvDHLo93HgkcKahw==,type:comment]
acme:
certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
github:
api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str]
acme:
certs: ENC[AES256_GCM,data:v3eIoxXPCGU3nnj9LbpC6q9TIbmw0pwlBCjyfsmMxAMgp5oZttHUimXU3jmrFSDNLMXKyKp5ibBpL+pJDl+HGXbZ2ERWUfV0xqI+vUWetnO8tN4VrW0NZNs/TxdwdTVEA/st8zYON+Qnxrd0xUYAz2TzM9T4cEaRCpTKdIg=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:eFmep+I41nVf51/i3v/53Q==,type:str]
pangolin:
environmentFile: ENC[AES256_GCM,data:vip6lNBhaH0891+RTphTwerEf7sw6smUVbWIP9KdgbrjRkIAbt/XbLk=,iv:1771tPsQQcjSIoSQxER1Yqi2vZPwg6gbj0VXvDHr7kk=,tag:Bd286kNRYgTXC+jtpVLYpA==,type:str]
nginx:
defaultpass: ENC[AES256_GCM,data:dJn/Q0jV83PgfFH2ODJO/nXGqew2TZG3ItudJZQ/eCo7Ek2IPlHHQq52bzaVYPqhxUsvXpLV9FgR3FQVOHyiUK3MBsLDNvCTzpnALSflnpj0nKqrXWg3YgEKfi+FdHQ1s0SFQqBOsEw+Xt6eWkNykrl9Jgq5UF7Bp4iC4jmDwQeAFIWaIsWK0117X4seBRQc5rxz1XYNsTaVTzp102I1QmrWLRHGjuvpT5jLVvNEoaU/imT+beAmQAnq5pFOMiEwd4q5FFUdy8XHi7CcT4fql92m2I61pgQbjnHwGklLZvRYO5gIKLwj7u19x8lnFBefDoAshuZOch8397T+vjTxVe0fsuZeLAtLXdPKwoF3L0jp4ffNmPq8H3BTnFwJ2NZo,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:Gt4yl0zK7vF3Is/g8cow0g==,type:str]
qbittorrent:
@@ -17,6 +19,14 @@ ai:
cerebras: ENC[AES256_GCM,data:ZGXy4FWauVb6cqFIDNCjYZhA3fb7t8s9wHEQvV5UQS0LwOM1F6+prid5entFiU/zJhxUDA==,iv:1tZU5nfWCur/Uk54RccS7ldv+94D3CKPgAeK30PB8j4=,tag:y9ZDVTTOExTY6nLRbIxoLg==,type:str]
groq: ENC[AES256_GCM,data:63HBVYQEXCqG/xN7zluZl3yledOlqxou09Lvgh585LnZAvIFUN+eSDn44mT5mgpqMsRL8Wbqjq8=,iv:taiWwphOVhbLuO5ygf5iDIvhEoAxncTEQ8CFNKOObP4=,tag:1j7wCg9tFuP36mBr5yN0dA==,type:str]
mistral: ENC[AES256_GCM,data:z7qUyaJBaLF+fe3DFMRjkUEXiXGZwtFeC189fuEGjEo=,iv:r9QSqstFiR9QrLehHrQu09iaF0PYroz/p1ENChch/I0=,tag:XN7jcXv6TftbXaFBsZYVmw==,type:str]
zai: ENC[AES256_GCM,data:rVzqXuEFvdAR+GgETgRFvbDzVjvQ3hVD0s8jDxMCjZ2ri+Tob8Fsp55qA4ZKe85Uhw==,iv:YpaTe+3ZGONoAHCkQCVcvassQqr2ReSyBgiEcwxJOlA=,tag:HFE4af3gVrp6FJnBiwGClg==,type:str]
librechat:
environmentFile: ENC[AES256_GCM,data:oAEWPYxLdphwMvmRWpEgJnumpYxrlCbb2FQ2ugbVKqoA2TP3srof0eTwAFO/6jl7vzgfsP956BZ7lm6kwg4spEQ6EgfXWc7oa/zQrJKDofUpPLwyxLJhzyfDM3NbDcVKAQS7HdMinG3A5lSkVVHCfIuoaqml1W9DIExzjj+3cNKee8SfgQSpy3TOs2ngxkAVfycViw2cQv3MYeQ6CoaR4BQgraenm/sU9Vzjh+KWYdhD91Qx8UQRWKjhiZAQ+aspofTmFoUfct4Ds/Q+Z3KwWicSCZyvjm5GkP9oEmiK6ODEj2gLw/1bV/Pv/qH9D0ApN2m+mVMB3W7bnAE+4rb8oMb5SW6tgs2ttbefKE3jYl0jqNbu17xALBX3lqYEr9kAO4uF2+96uO0YFAAGgaWjAzhzgkCm/Gl2KML2OYX4uG/ynN5m8YkFB8qkfXg0Dv0IrvzbiE/YYRBmHzrlu5rD2SVTdc83GkePAn/ZMpB5HU6z6cSkjOn2RyixDTROIZeOMICdMYU/1dBvgUGZgLWD,iv:15NFJizf02389RnIFeezzFL2X9oz/CpmG/vmgDp1h2g=,tag:X+SBK584hJD/v+LeDSJd6A==,type:str]
authelia:
storageEncryptionKeyFile: ENC[AES256_GCM,data:zP2i8Ni6MqHpAJeVdcxr6V0eCXobcgbTyu6cDxsi4x4eG2HIFv7waxsCsa+erQgOf5g8+T5c7kIOa99Z5+Zq3kLAhGrIMqtZxn44oemw5Wl2U4ION2yZTdo/C8otpZMqu9rC9l+k4K3XiKN1Aqhyglx9TXNG6FgS8ygx5aBIBwUM,iv:spQdJ3otiZynCleiCG+u3mk/K3axKrfNtSOCzCGnnWQ=,tag:bMbjwOMCxi/+t+x0Xy0jnQ==,type:str]
jwtSecretFile: ENC[AES256_GCM,data:gVRyazB5RZ0fVrZ5/8eUuvJjdPBxjQg0vOrhXvgnv07sawti5Wj350UPBlBKthlvya8V6gZdBSl+Aj1nllP1Fl1tC8hDYb93ZmJdHo6CTicsu9lkMvWWfLe112Dhuptbg5AQAlWLu5TpjSGMT4UfXpLlKYdrzaDnIcWBAVn8k9lN,iv:hcHrAK/squwRyXQCx8pJXxVpq+KtcRwCqJ1NQpHpnL0=,tag:eQdM0gzYNw3/TfDBJYrkdg==,type:str]
sessionSecretFile: ENC[AES256_GCM,data:3Cd1DHLrqG1ljMcD10o9nqrkc5aCRrJ6hhvdmN5fIU5xeLN9veTYS6q1qOiIRXIuMoP52OgaEv1J+khVf/fodfk=,iv:14WZD7+S07LTZhMgHG8mjvE/8wdeWNyG+s5n8ZPfo/k=,tag:wFDW9wthWJvgzEg8a1qASg==,type:str]
usersFile: ENC[AES256_GCM,data:uJ03GLDPWWCeTV/FQNdkLfpQiG4FeoP5LnfuW8isHDT2dYhTnDZ7bTb3kTH0lps+79mUF5puaX3XrUO0J1cUV3EjkJkgH/FMnQ7D2mA2jJBCjmvnVerwRDtNJXiwtoM7a5N6RQl9stwDCZE7ODGs9YIqg//HQME73K+l4Hp/thA08GKG/ionT+f7ljlM+yL++guNtp/l5dPZS8/OXfTMBL9jtLlG7AmXbE9hoWcdqGK3OLxGWGdzrxkdQByvDrIxYu9i77o+NMRx0JU1LN8UpMQAYVqmBnbln/zNj5m5iuoa5cwpTKvG5rI=,iv:Iwz5tiUZ8Hr4ywjdkEXvA5cl5TZeyz24BVzMmm8q1vg=,tag:PdXguz6B7cpvUjzzMRlsTA==,type:str]
vaultwarden:
environmentFile: ENC[AES256_GCM,data:HUFCO4di1hSEMitCSGy5wiDNPZ858NIlW/BnaxrFkE4Tws9RwvmhJ+l89/w7A0VGHAp3yNC+t1GUHgNadA15/Ymr7qL8Zby6o69CqZ3tFnMFmBJ9BL3ni0v1E/4iN5YFInMpmM+c8FjlGfTU2nRRu0WUOGR+5s7C8YSGILrDR+jr98YOKuTfiEKqvsGg8o0dc95CjhEtejeaVGimt9f+bWA54BPGkCT1HzD5boAoTwVbD4sxKDP5l5SnBC+mpzX3sECFkoE5E7SnQQEhKtrL+IffnMrcA3nG6AAyAGODuYZ7VNYQ3zNWBhR2nP0ospDelxaTu9aH6IMgMn4h4Y9LU+nCSHkJGykxGt4W6S8DnHxiaqJCpYwAeOaWFlItlsqlMSjYR2nB7OgUHIv5HLaC1Heyn9azZc/HQyHEjsDa0EsHX8HnmJ6kr2PkAXno+zCBZHnZvxKDWPfV9QqUPakZX9VwPg724zFFe+4OsFBzRiJLePA3hXdmnKJFJUr8cFj0QC/JXlkG3FbfogrnBE2BV6YH8PBmjLuZCII0St1LwB77YPcZDbNLnXUbbiM5/F+fGy04qg3/97sE7Sk/ZXh/Yv+SyvrqrizhXcnOlaciC0zY6DGirHzPuPAYraCkIpPmvTV+MGOICOg77sLSronoN7QohCw6SEZdPD9wSDpRMcbIs5PjfqlVu0rziyl8D1cbT6pmktrGcPKnzKeCpBJNgKE+EwwnB7Zymfj3xRxLZSl/x/1GPFuFtvDvwcWWBIU3IDEtI1zaH0PXbErtuvrttIYWx0+Il9VbxLpxjYl2NxEwfwdUmhU+O2Xw18h8leyu4hfX6a2BvLzLR7cLmSJdIeWiW7rU+qy+H9AMZ5TIZNgepXcN9TmVfTmoEm3HCzG+WJD66iMkdspkggpOxxyIMXia3ws80Eht+m0lrSM2eU6NFfVXxixEylQsxZJuiTqof7mQ71OlGlwWYyY11w2QZNeWmmZIOWwrH2L4u7Npj0qUxurafWOFr/022Y70BxpYO+CKysYppSjTKhiPLS5/8d0u4R3a30gnf/JigXisE06DiLYV6LYRxd003Q41A9UOUoZ7j+A115GUqwAuyD9mEHsH9e2zb3bF+a4QCQ2EaVTaWLHWN/pKnDTY4tSUnpr2HiBcF/dRYh9hMZ3S9khiG+7mj/8Wj1eHMB0dEkUMlU5HE/3Qgoga0oKmATekv6gFyRJ5FQxNNJH9RMN4h6ej6BxDbs5g2bdNScs3qPahpefJA/ITipe1y3qrsfHP4dgqGEn8oaiQxDnNvf5TwbHoX+kS5rlLi4x42cS9v8Ov9oZV92O3c+EuXwDVKW8FAoJh1wMNkJhHjjSCVmQWG1UQngkl3HPDjuPadhec0dWCxQh7/TIaS2JJXeHrURYSLmUV9RlzhGYJqmCZbw7oLU//EukfD9vjm591gX7U3rhu1aQNioZWdFtoGj88BJdHtSa2pxhJnwhruDrwpLOV7xXEK8FsV0SOXWP+MNAgCCWxL2KoLBqDvbr21x6rXS4a6M0+iYxIEIZRsODwTKW7hf+g7mLdKLTIv8ptJVX+zhCaFOR0JMAm/P+L48FPH9ccEUoNCwlSnl02wC9oxB+bTvIDnE7OB705ezwSi8Okh8V1fiQopRIKSutXVhMN7J+wda3Y39UzdEiVr/Qzf+pVkOY2RBp4pNQ2G4Umb31qbtamxOf5JoPqmXQhFopdFttC+iHNa0b13aj4kQITUX/lo7gzssSHyTABpkD5mBaA4HRGkVDTo2bAwsVttVH399NYXmSoGU8XKoLbtJ3caa38KrxN8czTl+oDMurds2xrWHIG+fU4nHIeRW3HxuTz+1zwuYoZD2L+813VEZ3+fcnH1AjdoZ21Ioi1P496s4v4huLC/NMq6A==,iv:n41XecN53vEw2xzCO+gS46TwH7Qy08Hra2NFJNHTEHg=,tag:4ypcVk6TvJbDoG11A5miCw==,type:str]
openvpn:
@@ -46,7 +56,7 @@ sops:
TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-01T15:16:22Z"
mac: ENC[AES256_GCM,data:e+nLoUc3ybRoznmQqUdEF01dOIPleG7Hxv9U05f2y68eLo+QzP8/dznIhdc8DC4dAB7IkS4qXGiCyyWfzhVTPy8Aor4pAO0wwHR3cylKswetX0RVJErRO2r6mDMz6bjOseo1WZ6Jq6EOo2Z0SZli+lnLrxTpnoVDlOL6XO6TP2A=,iv:57LHCw0SY5cG2woS5op378RhhgqJGSRhA8oO+76/maM=,tag:aYs9KnXSQyRyawRcc+MITw==,type:str]
lastmodified: "2026-04-01T15:23:17Z"
mac: ENC[AES256_GCM,data:O9BC/cFOPWAKeb2k583dwrdciLkM5AUlKvBtUkbvB/wsd/sayal/59yGcZ8HwCwFLJ50iiv6GvPPFmHVkgMiXwKE/KqCQ0WGjibuBAD7nqOUMzqnsx4edVTVRluIcaSfUlmiwutSvAKDqQdun9Alg6iQDRFBZBOiX+EHiUp7UPk=,iv:iRThX2//KbKrNnbk0ONeP8964lNQvCUAtRx7E8R6rVA=,tag:9lm1ma29aprV0I8rm6hY7A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1