Add wireguard, ollama, openwebui

2025-10-06 17:11:31 +02:00
parent e9f5889194
commit 6a36122522
5 changed files with 76 additions and 18 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -23,11 +23,11 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1759412548,
+        "lastModified": 1759763099,
-        "narHash": "sha256-xiYMJkiKDjqva1V2yznKgdAPdL8FIvKiF2bHtgGPgLE=",
+        "narHash": "sha256-MTubHbAaH1hbhEsWH3DtxvcqHh9of1hxRp3WAtK4mcw=",
        "ref": "refs/heads/main",
-        "rev": "43fa5245e5a5dfb242aa4914060159aa21b85b25",
+        "rev": "b31ff44a10e77e0648a3978efc379e6cc77db7a3",
-        "revCount": 11,
+        "revCount": 14,
        "type": "git",
        "url": "file:///home/beastie/nixos/secrets"
      },
--- a/modules/optionnals/ai.nix
+++ b/modules/optionnals/ai.nix
@@ -1,9 +1,32 @@
-{ config, pkgs, ... }:
+{
-
+  ...
 }:
 {
  # Activer Ollama comme service
  services.ollama = {
    enable = true;
    acceleration = "cuda";
  };
  services.open-webui = {
    enable = true;
    port = 8080; # Port par défaut
    host = "127.0.0.1"; # Localhost uniquement
    openFirewall = true;
    # Pour accès réseau : host = "0.0.0.0";
    environment = {
      ANONYMIZED_TELEMETRY = "True";
      DO_NOT_TRACK = "True";
      SCARF_NO_ANALYTICS = "True";
      # URL d'Ollama (local)
      OLLAMA_BASE_URL = "http://127.0.0.1:11434";
      # Autres options optionnelles (https://docs.openwebui.com/getting-started/env-configuration/#web-search)
      WEBUI_AUTH = "False"; # Desactive l'authentification
      # ENABLE_WEB_SEARCH = "True";
      # ENABLE_SEARCH_QUERY_GENERATION = "True";
      # WEB_SEARCH_ENGINE = "duckduckgo";
      # WEB_LOADER_ENGINE = "safe_web";
    };
  };
 }
--- a/modules/optionnals/desktop/code.nix
+++ b/modules/optionnals/desktop/code.nix
@@ -90,5 +90,6 @@ in
    pkgs.nixd
    pkgs.nixfmt-rfc-style
    pkgs.ansible
    pkgs.python313
  ];
 }
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -1,5 +1,5 @@
 {
-  pkgs,
+  config,
  ...
 }:
 {
@@ -27,7 +27,15 @@
    ../desktop/nvidia.nix
  ];
-    networking = {
+  sops = {
    secrets = {
      "wireguard_home/publickey" = { };
      "wireguard_home/presharedkey" = { };
      "wireguard_home/privatekey" = { };
    };
  };
  networking = {
    interfaces.enp5s0 = {
      ipv4.addresses = [
        {
@@ -54,8 +62,30 @@
      #172.18.20.229  auth.grandbesancon.fr
      #172.18.20.181  traefikauth.grandbesancon.fr
    '';
    wireguard = {
      interfaces = {
        wg0 = {
          ips = [
            "fc00::2/56"
            "10.0.0.2/16"
          ];
          listenPort = 51820;
          privateKeyFile = config.sops.secrets."wireguard_home/privatekey".path;
          peers = [
            {
              publicKey = "X8D/RhwjpFYXm2DbtC0wY39TrFkdaw7RA7kHhbmOXnw=";
              presharedKeyFile = config.sops.secrets."wireguard_home/presharedkey".path;
              allowedIPs = [
                "fc00::0/56"
                "10.0.0.0/16"
                "10.1.0.0/16"
              ];
              endpoint = "[2001:41d0:303:20da::1]:51820";
              persistentKeepalive = 15;
            }
          ];
        };
      };
    };
  };
  environment.systemPackages = [
    pkgs.tor-browser
  ];
 }
--- a/modules/optionnals/packages.nix
+++ b/modules/optionnals/packages.nix
@@ -3,8 +3,12 @@
  ...
 }:
 {
-  environment.systemPackages = [
+  # Définition du bloc d'options pour l'environnement de système
-    pkgs.pwgen
+  environment = {
-    pkgs.ansible
+    # Liste des paquets à installer dans le système
-  ];
+    systemPackages = [
      pkgs.pwgen # Générateur de mots de passe
      pkgs.ansible # Infrastructure de gestion de configuration automatisée
    ];
  };
 }