feat(elcafe): add new server configuration

fix: change invalid types.string to types.str
feat: more AI-related tools
2025-11-02 02:47:28 +01:00 · 2025-11-02 02:47:28 +01:00 · 2025-11-02 02:47:28 +01:00
19 changed files with 510 additions and 47 deletions
--- a/#flake.nix#
+++ b/#flake.nix#
@@ -0,0 +1,169 @@
+{
+  description = "Home Manager configuration of phundrak";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+
+    devenv = {
+      url = "github:cachix/devenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    nix-index-database = {
+      url = "github:nix-community/nix-index-database";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    pumo-system-info = {
+      url = "git+https://labs.phundrak.com/phundrak/pumo-system-info";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    quickshell = {
+      url = "git+https://git.outfoxxed.me/quickshell/quickshell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    claude-desktop = {
+      url = "github:k3d3/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    zen-browser = {
+      url = "github:youwen5/zen-browser-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  nixConfig = {
+    extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=";
+    extra-substituters = "https://devenv.cachix.org";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    home-manager,
+    devenv,
+    ...
+  } @ inputs: let
+    inherit (self) outputs;
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    formatter.${system} = pkgs.alejandra;
+
+    packages.${system} = {
+      devenv-up = self.devShells.${system}.default.config.procfileScript;
+      devenv-test = self.devShells.${system}.default.config.test;
+    };
+
+    devShells.${system}.default = devenv.lib.mkShell {
+      inherit inputs pkgs;
+      modules = [
+        (
+          {pkgs, ...}: {
+            packages = [pkgs.nh];
+            git-hooks.hooks = {
+              alejandra.enable = true;
+              commitizen.enable = true;
+              detect-private-keys.enable = true;
+              end-of-file-fixer.enable = true;
+              deadnix.enable = true;
+              ripsecrets.enable = true;
+              statix.enable = true;
+            };
+          }
+        )
+      ];
+    };
+
+    homeConfigurations = let
+      extraSpecialArgs = {inherit inputs outputs system;};
+    in {
+      "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+        modules = [
+          ./users/phundrak/host/alys.nix
+          inputs.sops-nix.homeManagerModules.sops
+        ];
+      };
+      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        # extraSpecialArgs = {
+        #   inherit inputs outputs;
+        # };
+        inherit extraSpecialArgs;
+        modules = [
+          ./users/phundrak/host/marpa.nix
+          inputs.sops-nix.homeManagerModules.sops
+        ];
+      };
+      "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+        modules = [
+          ./users/phundrak/host/gampo.nix
+          inputs.sops-nix.homeManagerModules.sops
+        ];
+      };
+      "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        extraSpecialArgs = {
+          inherit inputs outputs;
+        };
+        modules = [
+          ./users/phundrak/host/tilo.nix
+          inputs.sops-nix.homeManagerModules.sops
+        ];
+      };
+    };
+
+    nixosConfigurations = let
+      specialArgs = {inherit inputs outputs;};
+    in {
+      alys = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs outputs;};
+        modules = [
+          ./hosts/alys/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
+      gampo = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs outputs;};
+        modules = [
+          ./hosts/gampo/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
+      marpa = nixpkgs.lib.nixosSystem {
+        inherit specialArgs; modules = [
+          ./hosts/marpa/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
+      tilo = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs outputs;};
+        modules = [
+          ./hosts/tilo/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@@ -33,6 +33,27 @@
        "type": "github"
      }
    },
+    "claude-desktop": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1761825061,
+        "narHash": "sha256-AeRQZKr8+1XQer+WmbwtQaQBy05UDgeNNE7YZjNLuS0=",
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "rev": "791cd93cfe216ad06ab740f0fdc142119b1d6ec2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "k3d3",
+        "repo": "claude-desktop-linux-flake",
+        "type": "github"
+      }
+    },
    "devenv": {
      "inputs": {
        "cachix": "cachix",
@@ -113,6 +134,24 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
@@ -259,7 +298,7 @@
    },
    "pumo-system-info": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
@@ -301,6 +340,7 @@
    },
    "root": {
      "inputs": {
+        "claude-desktop": "claude-desktop",
        "devenv": "devenv",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
@@ -367,6 +407,21 @@
        "type": "github"
      }
    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "zen-browser": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    claude-desktop = {
+      url = "github:k3d3/claude-desktop-linux-flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    zen-browser = {
      url = "github:youwen5/zen-browser-flake";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -83,42 +88,33 @@
      ];
    };

-    homeConfigurations = {
+    homeConfigurations = let
+      extraSpecialArgs = {inherit inputs outputs system;};
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
+    in {
      "phundrak@alys" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/alys.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@marpa" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/marpa.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@gampo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/gampo.nix
          inputs.sops-nix.homeManagerModules.sops
        ];
      };
      "phundrak@tilo" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
-        extraSpecialArgs = {
-          inherit inputs outputs;
-        };
+        inherit extraSpecialArgs pkgs;
        modules = [
          ./users/phundrak/host/tilo.nix
          inputs.sops-nix.homeManagerModules.sops
@@ -126,30 +122,39 @@
      };
    };

-    nixosConfigurations = {
+    nixosConfigurations = let
+      specialArgs = {inherit inputs outputs;};
+    in {
      alys = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/alys/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
+      elcafe = nixpkgs.lib.nixosSystem {
+        inherit specialArgs;
+        modules = [
+          ./hosts/elcafe/configuration.nix
+          inputs.sops-nix.nixosModules.sops
+        ];
+      };
      gampo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/gampo/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      marpa = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/marpa/configuration.nix
          inputs.sops-nix.nixosModules.sops
        ];
      };
      tilo = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+        inherit specialArgs;
        modules = [
          ./hosts/tilo/configuration.nix
          inputs.sops-nix.nixosModules.sops
--- a/hosts/elcafe/configuration.nix
+++ b/hosts/elcafe/configuration.nix
@@ -0,0 +1,74 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+    ../../system
+  ];
+
+  sops.secrets = {
+    "elcafe/traefik/env".restartUnits = ["traefik.service"];
+    "elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
+  };
+
+  mySystem = {
+    boot = {
+      kernel = {
+        hardened = true;
+        cpuVendor = "intel";
+      };
+      zfs = {
+        enable = true;
+        pools = ["tank"];
+      };
+    };
+    dev.docker = {
+      enable = true;
+      extraDaemonSettings.data-root = "/tank/docker/";
+    };
+    misc.keymap = "fr";
+    networking = {
+      hostname = "elcafe";
+      id = "501c7fb9";
+    };
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = [
+        "root"
+        "phundrak"
+      ];
+    };
+    services = {
+      endlessh.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/plex-config";
+      };
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+      traefik = {
+        enable = true;
+        envFiles = [config.sops.secrets."elcafe/traefik/env".path];
+        dynConf = config.sops.secrets."elcafe/traefik/dynamic".path;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/hosts/elcafe/hardware-configuration.nix
+++ b/hosts/elcafe/hardware-configuration.nix
@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,3 +1,7 @@
+elcafe:
+    traefik:
+        env: ENC[AES256_GCM,data:Mfm4Wt/7UWrpWGGa/rmC1wY6QtI2G/a6cbZiNjZz1gOTrREehFBZxH5JJ9ZgsxCMSuh/XCQa/75cPg==,iv:nrtTmtdFfTrCYzxFHDVMuaDdoa8SDi+pn4kghP4r9xE=,tag:gjlv8ohv1aDx2PB1rwx6fQ==,type:str]
+        dynamic: ENC[AES256_GCM,data:AYUojopOSi2kZ4ORxs4KrWHgqXZTMVtShb7T2iQ4JDyrlrIWCTpynt8/El9uoDaSryTgqxM8z3g4DIe5nrovh7pcFGVm/QYXfsfAx4kIm//7CwL9UISiyERirJo053Ilut0/lAdw3rlqa9aBYC2fS6AlrHN1ZFzqBttTeyykvZe0qmiW4hPNZ3axXW66juXwe9cxm24bE9bJZuuV9RYbafQ2Om76p/92E42hu6twWaUz/n6QgwaE2ymCekroKaq8+Umohj1XL6UdEEcLSnmc1qRblshhhSssNEtzbKERujt2SH/ppf/LLoohp8v4VbSpVOkx+6fqvyKWvbi2RU3C7eusee+gnBe2mGxGj34Q35iU4RM6dEwwmvzfmCAYy+27SlNVffI8yo8JXACp1aLxqBxLDDU7LokoSUb62/w/mX3NlzYf5a6NeIrHzoh+qHmEXUq63+gsNJaiJPp6DxtAKByg23t1LxSpFhxW7LaYIjh+KjaYZgNYTFR1BerqDu2pyzIrzZQTdtCveX3eiEZ3p9SJxfiuBVKlfQ2FpvJ9JPl9ACTFK6AI4s61ZgiNEeXzqQwo9zt8QrruiixdxPaclOfrBrFxq1mWGBGGXaAryiuZjo4G0KlNVvg/s5YiecYi8prQxXVozti7YI0sGJdGVjDiHwXfnUn+eQD2YBrOH9FlRwO3Vd/yd+42Xf06Hv7IbbYMogcu5y9ZbiXWesVd/TgB+Hu2oWkWxBU3sn6i3rMiZ0z+V/74xCwmfElugGCQ97ga6tQ92UbSBbteoiXpZiH7Z7Wja39rWKPyypH1h71Sccy1rSWrcEVHLC9swtLcB4dzt2JvVdXQ37pmEElfusY0yEb/y0W20vxNArDy035gCXdhUyP65NfrlhcAXoiKQaayL3NO81vBLP+X9+zgKsAV/eINPzM3gsF12QJaaQSL6CIlIF7qdwX8GZwoIg60rE2ogR0XxLcN9CGdMMuILpB9UsSOoPNwgMZd3KIwEB2LJabLKtUwuyKuA0iF6ZwHSghpnkxAIkIGFsbIxslvgCLkVihoSR97lhFpOJbC6n8u408wLD6qxoS6IRAXbIbErkyNyrt9PvbwSiHyWRjF8APCZD2WuQ22GmfBK0t6lM2hF8q7vRKN+SFOvLpql6NFT4n8/Odfr7i+4JqJahRH33RnDqYtRiqgqSSZtq3DOn1aYCivfEMKZrVxP+c6COqpPELDpjBfGWjLhqE/rV48N9x7UZNQKflBlMtaGnB1uEcVuMuZfTRFYQLqYs2p8f5vVXXWF7vSP9mBSHB3oz0seEfLd65y2hppF3J/8F/+QlAyGDrAZFhCYYMRE4eY2dy2cxLNP2M9tGVZMXQSNfys5cDnkYZzvofK7b2scgC9HcCUmBKv8ZxoSa4qyIOzH9XJupY4rlemlJbJQ9paXgAiiTdvLPcncVVnlCPRbEngCDKvoplVnzH9Hd6mIgRCZLyyIeAR8FwikGuZEuQETWanbe4S60KdMpofGM/ysz6eD67q9iVKL1zHCDtpzYQAhKurFUfgcxNOXnWYi8MWdRY9CAvIUJgRgg+IHOV76Nl8ljV6wpgn0qFR0IoQPblI3W8zJ4UASSgvUkf0meR9KLN3pA1D/AnYxi+Zblcz6SuXqBBARkXfW84iJOVanbNxyZpJDEnio6cJmNXX8VJxP0zqlA80FpcMNAvNOYsKx5yEwx3MEAlP7lLU35xgMx/BOgErf9f8XfbxINXPH0an+xQqAm99gbaKamflNQqpXXV+1ViWVWlx7xwqSUq0qy7A2sjs6prZRTR1sTt4i7MONEaRN65zgaPtL8zbO3BCbUecUdzCTmBy/XVnfa2krF8dN4LjBs6/ZswW/KYqc8TU6udiCb6Y1H9kXKsg3l9/5+ftcFB/YC6LzS9ynpOYhw12BJtjEuIuwiKa5J/UTp3IULQDZ2rCKBL09GT1/DGwB5AU8Dc9E9X2OOvWowme/eyYiiX9q+B9yLMYxP6rTsq7vJ8cjwnNRCz8UJbVzTlM9MwntUnyqv1L8E8xD438m0P+soqOc99NwXsuM/aJ6ndctfFNwHYfuau7BJrMRPfjc65yMiayfCxUJmnAsp309ODNS9D6VZkf/l5cBzbd+9xsnK/WA8I7f9bTZgi2/HSNOdEAlwBfRZXrLQAbeixG4qNmRqtOjILYkSkb13Ug/Yx+IFlMIgTxiZzXMduxbloNQU4VqEVY6Qrogu4qlaCWsqICX0SabXFZXUFUHgwswkNqV0G8977QSFTyYkMNr7FZTuFegYjzZZHaOtCJ/2FAJFX/e76rWcoz8GK7lsEqvQnCrqDfGtaSDF0LcJojKXEFg2E6rwENuMumdDJzkHj5dFzGdsf2ogeHqB2+sKpaHAgVjWzfk8CevSKnPDR/6UMhNoi2luW+xbV/DmDLJ5GzO6uGdcSmaQsFcNuFsuQZkC/q3zTf/TqbfH/V/eXR6YS0Etn73/xwVh9b59KazNb7JJ+rXahVHP3aUWocpu7/92Qwh/Odf3qGBJ/KT4a2VWYfBXLq6N0H8g1SI/aRJIAe3JCq2j+ln1PRegcqmwFqJpwp3TebdJEroCZU63Cl6vXm0XHm75MVXz7kYXBnOWeYv63oVyCvRc/yoOTBsCYPiyRxaoLXHUI2e0zCrbSAmAmb5WOUqxq4dJKGZXYYzHlR+aAjBbqmLFyCm92DW0sWlXPBhEeXysOK6IP8NEHatdyCnkpiHsQZyuBITw==,iv:Ooq6tK6nMGuRFJ1ElGCJhOMQVyMNtGBSguQVFSm71fA=,tag:iJviKci+i3tif+sH8UxRZg==,type:str]
 extraHosts: ENC[AES256_GCM,data:YRHvHINgAQv4z+8awMzHY1uZS/K9qSaFsk8G5J2zF5P5YOt4x62eefXgmhWeKZzJI5AIi0312iMQl5qGv+lAkP+VC7j/h1rh7peBDEBU6LvcMgFU2XqxidM/CoKfMkJF8+/4bb+3r1LC/rEeXITTUQsOmoacdyCeKe5yxLaHyic/FaZIJq13wCg/QQSLfenc2Db0Pbxv5/cbRILhKT+ssElVipA40aZpgL7QmD542vObSEa6K4fZd0rawF/nOyibfpPN7Ak8DrYvfygNMw/QAGKY2XosxC86tjxhrIBHRakqmWpV+smoUO6XBFjU2sbwalafYVFdrvYL9BVAPtMZ25Sc5QMm87RCHqzqYdQHKs8C3JpVBHWnyL+0e5DNQrFrml0/FD5nFYsT6zDKVb/rN3YmxvTvKl7FpPKpv3Kke9WG+HnPs90hPy8Jpmg52vLMhaybx6dpJxzcF+ctBSI3J78hfweOCGvNGshCKpME1dujMPctH/kfYcm2j/ixKLjl0ZSbYeI9+l9oURBDwKzmKjAqhwnjuo3sL++ZsRU5Ue1zz9gsxS40R9eYevbq7JiQPX331pY2du1SRoKOxvPpXsDqe+CY5pW2RgPszjEIuDxyoveZolXg/zjlk0Ic/cOxrbflp7bTfQCQqEC7YJ5tRmtctk2lRGQkOFIg9Tn8ReifFxfhDrPFzc8X5vZgH73aqZSd/OkVybI3vEILV5uas0fPL7AHAKnBmeDV3mBNvF8aoZhD5CG8iRd1otta/3AQ660QV8IDoauq8fySC8Kee5B3kG75sqHvwF4Gu6CpSChXkjpiIqVmW0PntJueVHifuGJYkvhkX/CTHK7xm1HhtANnGrk6cr2APjWk1vpOaCmjFNqKTOV9d1HjaNWYTz4AZ+Uq2Za3UzN3oZCtZb96,iv:Z64+4oR/AfSgA7oZ/NPDLOtcmcXO5B4OQIGjOEK1Pf4=,tag:0I/1gXnBH7u6HTbQUz5Fpw==,type:str]
 mopidy:
    spotify: ENC[AES256_GCM,data:SaDT0iSWhsgVOi1s+Nzbr0Mur3t2Zd9z/KIUshGWtbPfkXXIoiJeJFtoZIz5NL/t5FooYsNfU1mGYgDeVYSD4BPibW8hiCYrX6L6OX+Q6ZEWXXx/1eBEs2/q0BrWGvy7frcurq/Px4R3ax0dXJe/YKbpAtU7+bQl,iv:F2zT+uMVBMnSEZqgcRmV8/fc3G/g2fKDuHuBzkyBRN0=,tag:CD8fuOQfe6QCrj4BUh0/xw==,type:str]
@@ -61,7 +65,7 @@ sops:
            QmJKNDJUY0RSakhwNWlkOVpib0trc1kK0tQxD9I82pjfs54eruu+IjzVUmcVBCPw
            9mp1xKiYRRMXt3YQn6MPiyuuX3l3UB5MH0RJMNtRq0D961rs+iiS5A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-07T09:16:46Z"
-    mac: ENC[AES256_GCM,data:3PIJps2hoavPJ6ig+943FE73lBhCfxv8vuzmgTtooH386V12/PQN+Opt/ZoIbXU9w21XelZ/C5xPr8rcuw5ADx9K/KjdMm8jyLCO6/+iBf6SjnbC3E0DyiDit50UtWxKc32ryiJ8m5hYfX6O2H8WIGFa+6wp5KISV9pkc09CNZA=,iv:xzwEhhBJQOlde8Ib+tZpv+2CHfR83dFevdwERkYTsTE=,tag:SzdcZH19kSTnNs16754IMw==,type:str]
+    lastmodified: "2025-11-02T00:42:02Z"
+    mac: ENC[AES256_GCM,data:0rYURFETR06JRNY/vE89jEI+dovFNxsjSOalf1Id3H+yzl4UYdsHN1T3mD1EfssFwCloBxOo+188RkUe7JlNV7hC+tvO3nBrDNuqjzFBQu/IHEz+nTI3mwB7ZsywubvFMG65dohM8H9hB2bUXSSqtEUpFEiz7Ugn2BfGyex4BbI=,iv:vFJk6mz60d6CzSetd+bNvxTEWfGBPaBS4sYj/AiYbq4=,tag:2nHBGQ5P3mxLyzllvstBqg==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.11.0
--- a/system/dev/docker.nix
+++ b/system/dev/docker.nix
@@ -9,6 +9,13 @@ with lib; let
 in {
  options.mySystem.dev.docker = {
    enable = mkEnableOption "Enable Docker";
+    extraDaemonSettings = mkOption {
+      type = types.nullOr (types.attrsOf types.str);
+      default = {};
+      example = {
+        data-root = "/custom/path";
+      };
+    };
    podman.enable = mkEnableOption "Enable Podman rather than Docker";
    nvidia.enable = mkEnableOption "Activate Nvidia support";
    autoprune.enable = mkEnableOption "Enable autoprune";
--- a/system/hardware/default.nix
+++ b/system/hardware/default.nix
@@ -1,3 +1,4 @@
+{lib, ...}:
 {
  imports = [
    ./amdgpu.nix
@@ -7,4 +8,5 @@
    ./opentablet.nix
    ./sound.nix
  ];
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
 }
--- a/system/services/calibre.nix
+++ b/system/services/calibre.nix
@@ -9,26 +9,26 @@ in {
  options.mySystem.services.calibre = {
    enable = mkEnableOption "Enable Calibre Web";
    user = mkOption {
-      type = types.string;
+      type = types.str;
      default = "phundrak";
    };
    group = mkOption {
-      type = types.string;
+      type = types.str;
      default = "users";
    };
    dataDir = mkOption {
-      type = types.string;
+      type = types.str;
      example = "/tank/calibre/conf";
      default = "/tank/calibre/conf";
    };
    library = mkOption {
-      type = types.string;
+      type = types.str;
      example = "/tank/calibre/library";
      default = "/tank/calibre/library";
    };
  };
  config.services.calibre-web = mkIf cfg.enable {
-    inherit (cfg) enable user group dataDir;
+    inherit (cfg) enable user dataDir group;
    options = {
      calibreLibrary = cfg.library;
      enableBookConversion = true;
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -9,5 +9,6 @@
    ./printing.nix
    ./ssh.nix
    ./sunshine.nix
+    ./traefik.nix
  ];
 }
--- a/system/services/jellyfin.nix
+++ b/system/services/jellyfin.nix
@@ -9,16 +9,16 @@ in {
  options.mySystem.services.jellyfin = {
    enable = mkEnableOption "Enable Jellyfin";
    dataDir = mkOption {
-      type = types.string;
+      type = types.str;
      default = "/tank/jellyfin/data";
      example = "/tank/jellyfin/data";
    };
    user = mkOption {
-      type = types.string;
+      type = types.str;
      default = "phundrak";
    };
    group = mkOption {
-      type = types.string;
+      type = types.str;
      default = "users";
    };
  };
--- a/system/services/plex.nix
+++ b/system/services/plex.nix
@@ -9,17 +9,17 @@ in {
  options.mySystem.services.plex = {
    enable = mkEnableOption "Enable Plex";
    group = mkOption {
-      type = types.string;
+      type = types.str;
      default = "users";
      example = "users";
      description = "Group under which Plex runs";
    };
    dataDir = mkOption {
-      type = types.string;
+      type = types.str;
      example = "/tank/plex-config";
    };
    user = mkOption {
-      type = types.string;
+      type = types.str;
      default = "phundrak";
    };
  };
--- a/system/services/traefik.nix
+++ b/system/services/traefik.nix
@@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.mySystem.services.traefik;
+in {
+  options.mySystem.services.traefik = {
+    enable = mkEnableOption "Enable Traefikse";
+    email = mkOption {
+      type = types.str;
+      default = "lucien@phundrak.com";
+      example = "admin@example.com";
+    };
+    envFiles = mkOption {
+      type = types.listOf types.path;
+      example = ["/run/secrets/traefik.env"];
+      default = [];
+    };
+    dynConf = mkOption {
+      type = types.path;
+      example = "/var/traefik/dynamic.yaml";
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [80 443];
+    services.traefik = {
+      inherit (cfg) enable;
+      environmentFiles = cfg.envFiles;
+      dynamicConfigFile = cfg.dynConf;
+      staticConfigOptions = {
+        log = {
+          level = "WARN";
+          filePath = "/var/log/traefik/traefik.log";
+        };
+        accessLog.filePath = "/var/log/traefik/access.log";
+        api.dashboard = true;
+        entryPoints = {
+          web = {
+            address = ":80";
+            http.redirections.entryPoint = {
+              to = "websecure";
+              scheme = "https";
+            };
+          };
+          websecure.address = ":443";
+        };
+        certificatesResolvers.cloudflare.acme = {
+          inherit (cfg) email;
+          storage = "/var/lib/traefik/acme.json";
+          dnsChallenge = {
+            provider = "cloudflare";
+            resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
+            propagation.delayBeforeChecks = 60;
+          };
+        };
+        providers.docker = {
+          endpoint = "unix:///var/run/docker.sock";
+          exposedByDefault = false;
+        };
+      };
+    };
+  };
+}
--- a/users/modules/dev/ai/claude.nix
+++ b/users/modules/dev/ai/claude.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  inputs,
+  system,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai.claude;
+in {
+  options.home.dev.ai.claude.enable = mkEnableOption "Enables Claude-related packages";
+  config = mkIf cfg.enable {
+    home.packages = [inputs.claude-desktop.packages.${system}.claude-desktop-with-fhs];
+    programs.claude-code = {
+      inherit (cfg) enable;
+    };
+  };
+}
--- a/users/modules/dev/ai/default.nix
+++ b/users/modules/dev/ai/default.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.dev.ai;
+in {
+  imports = [
+    ./ollama.nix
+    ./claude.nix
+  ];
+
+  options.home.dev.ai.enable = mkEnableOption "Enables AI features";
+  config.home.dev.ai = mkIf cfg.enable {
+    ollama.enable = mkDefault cfg.enable;
+    claude.enable = mkDefault cfg.enable;
+  };
+}
--- a/users/modules/dev/ai/ollama.nix
+++ b/users/modules/dev/ai/ollama.nix
@@ -4,20 +4,21 @@
  ...
 }:
 with lib; let
-  cfg = config.home.dev.ollama;
+  cfg = config.home.dev.ai.ollama;
 in {
-  options.home.dev.ollama = {
+  options.home.dev.ai.ollama = {
    enable = mkEnableOption "Enables Ollama";
    gpu = mkOption {
-      type = types.nullOr types.enum ["none" "amd" "nvidia"];
-      example = "amd";
-      default = "none";
+      type = types.nullOr (types.enum [false "rocm" "cuda"]);
+      example = "rocm";
+      default = null;
      description = "Which type of GPU should be used for hardware acceleration";
    };
  };

  config.services.ollama = mkIf cfg.enable {
    inherit (cfg) enable;
+    acceleration = cfg.gpu;
    environmentVariables = {
      OLLAMA_CONTEXT_LENGTH = "8192";
    };
--- a/users/modules/dev/default.nix
+++ b/users/modules/dev/default.nix
@@ -7,8 +7,8 @@ with lib; let
  cfg = config.home.dev;
 in {
  imports = [
+    ./ai
    ./editors
-    ./ollama.nix
    ./vcs
  ];

--- a/users/phundrak/home.nix
+++ b/users/phundrak/home.nix
@@ -37,10 +37,7 @@
      };

      desktop.waybar.style = ./config/waybar/style.css;
-      dev.ollama = {
-        enable = true;
-        gpu = "amd";
-      };
+      dev.ai.claude.enable = true;
      fullDesktop = true;
      shell.fish.enable = true;
    };
--- a/users/phundrak/host/marpa.nix
+++ b/users/phundrak/host/marpa.nix
@@ -2,6 +2,10 @@
  imports = [../home.nix];
  home = {
    cli.nh.flake = "${config.home.homeDirectory}/.dotfiles";
+    dev.ai.ollama = {
+      enable = true;
+      gpu = "rocm";
+    };
    desktop.hyprland.host = "marpa";
    phundrak.sshKey = {
      content = builtins.readFile ../../../keys/id_marpa.pub;
Author	SHA1	Message	Date
Lucien Cartier-Tilet	ef8d666b26	feat(elcafe): add new server configuration	2025-11-02 02:47:28 +01:00
Lucien Cartier-Tilet	2958cc4c7a	fix: change invalid types.string to types.str	2025-11-02 02:47:28 +01:00
Lucien Cartier-Tilet	d48193d65c	feat: more AI-related tools	2025-11-02 02:47:28 +01:00