From 6a361225220d20e196170a88a868e8802e4f5265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20SALVI?= Date: Mon, 6 Oct 2025 17:11:31 +0200 Subject: [PATCH] Add wireguard, ollama, openwebui --- flake.lock | 8 ++--- modules/optionnals/ai.nix | 29 ++++++++++++++++-- modules/optionnals/desktop/code.nix | 1 + modules/optionnals/hosts/home-nix.nix | 42 +++++++++++++++++++++++---- modules/optionnals/packages.nix | 14 +++++---- 5 files changed, 76 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index c245b13..b2f9cec 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "mysecrets": { "flake": false, "locked": { - "lastModified": 1759412548, - "narHash": "sha256-xiYMJkiKDjqva1V2yznKgdAPdL8FIvKiF2bHtgGPgLE=", + "lastModified": 1759763099, + "narHash": "sha256-MTubHbAaH1hbhEsWH3DtxvcqHh9of1hxRp3WAtK4mcw=", "ref": "refs/heads/main", - "rev": "43fa5245e5a5dfb242aa4914060159aa21b85b25", - "revCount": 11, + "rev": "b31ff44a10e77e0648a3978efc379e6cc77db7a3", + "revCount": 14, "type": "git", "url": "file:///home/beastie/nixos/secrets" }, diff --git a/modules/optionnals/ai.nix b/modules/optionnals/ai.nix index 0ca9545..b35ab6d 100644 --- a/modules/optionnals/ai.nix +++ b/modules/optionnals/ai.nix @@ -1,9 +1,32 @@ -{ config, pkgs, ... }: - +{ + ... +}: { # Activer Ollama comme service services.ollama = { enable = true; acceleration = "cuda"; }; -} \ No newline at end of file + + services.open-webui = { + enable = true; + port = 8080; # Port par défaut + host = "127.0.0.1"; # Localhost uniquement + openFirewall = true; + # Pour accès réseau : host = "0.0.0.0"; + + environment = { + ANONYMIZED_TELEMETRY = "True"; + DO_NOT_TRACK = "True"; + SCARF_NO_ANALYTICS = "True"; + # URL d'Ollama (local) + OLLAMA_BASE_URL = "http://127.0.0.1:11434"; + # Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search) + WEBUI_AUTH = "False"; # Desactive l'authentification + # ENABLE_WEB_SEARCH = "True"; + # ENABLE_SEARCH_QUERY_GENERATION = "True"; + # WEB_SEARCH_ENGINE = "duckduckgo"; + # WEB_LOADER_ENGINE = "safe_web"; + }; + }; +} diff --git a/modules/optionnals/desktop/code.nix b/modules/optionnals/desktop/code.nix index 69c60d2..6ade23f 100644 --- a/modules/optionnals/desktop/code.nix +++ b/modules/optionnals/desktop/code.nix @@ -90,5 +90,6 @@ in pkgs.nixd pkgs.nixfmt-rfc-style pkgs.ansible + pkgs.python313 ]; } diff --git a/modules/optionnals/hosts/home-nix.nix b/modules/optionnals/hosts/home-nix.nix index 419804a..6480025 100644 --- a/modules/optionnals/hosts/home-nix.nix +++ b/modules/optionnals/hosts/home-nix.nix @@ -1,5 +1,5 @@ { - pkgs, + config, ... }: { @@ -11,7 +11,7 @@ ../sops-desktop.nix ../ssh.nix ../sudo-nopasswd.nix - + ### Import GUI modules ../desktop/code.nix ../desktop/dunst.nix @@ -27,7 +27,15 @@ ../desktop/nvidia.nix ]; - networking = { + sops = { + secrets = { + "wireguard_home/publickey" = { }; + "wireguard_home/presharedkey" = { }; + "wireguard_home/privatekey" = { }; + }; + }; + + networking = { interfaces.enp5s0 = { ipv4.addresses = [ { @@ -54,8 +62,30 @@ #172.18.20.229 auth.grandbesancon.fr #172.18.20.181 traefikauth.grandbesancon.fr ''; + wireguard = { + interfaces = { + wg0 = { + ips = [ + "fc00::2/56" + "10.0.0.2/16" + ]; + listenPort = 51820; + privateKeyFile = config.sops.secrets."wireguard_home/privatekey".path; + peers = [ + { + publicKey = "X8D/RhwjpFYXm2DbtC0wY39TrFkdaw7RA7kHhbmOXnw="; + presharedKeyFile = config.sops.secrets."wireguard_home/presharedkey".path; + allowedIPs = [ + "fc00::0/56" + "10.0.0.0/16" + "10.1.0.0/16" + ]; + endpoint = "[2001:41d0:303:20da::1]:51820"; + persistentKeepalive = 15; + } + ]; + }; + }; + }; }; - environment.systemPackages = [ - pkgs.tor-browser - ]; } diff --git a/modules/optionnals/packages.nix b/modules/optionnals/packages.nix index 50b9a70..c516026 100644 --- a/modules/optionnals/packages.nix +++ b/modules/optionnals/packages.nix @@ -3,8 +3,12 @@ ... }: { - environment.systemPackages = [ - pkgs.pwgen - pkgs.ansible - ]; -} \ No newline at end of file + # Définition du bloc d'options pour l'environnement de système + environment = { + # Liste des paquets à installer dans le système + systemPackages = [ + pkgs.pwgen # Générateur de mots de passe + pkgs.ansible # Infrastructure de gestion de configuration automatisée + ]; + }; +}