{ config, pkgs, baseVars, ... }: { environment.systemPackages = with pkgs; [ k3s ollama-rocm rocmPackages.rocm-smi btop ]; users.users.${baseVars.username} = { extraGroups = [ "video" "render" ]; }; environment.sessionVariables = { KUBECONFIG = "$HOME/.kube/config"; }; services.k3s = { enable = true; role = "server"; }; services.openssh = { enable = true; settings = { PasswordAuthentication = true; PermitRootLogin = "yes"; }; }; systemd.services.cloudflared-connector = { description = "Cloudflare Tunnel Connector"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token"; Restart = "always"; User = "cloudflared"; Group = "cloudflared"; }; }; users.users.cloudflared = { group = "cloudflared"; isSystemUser = true; }; users.groups.cloudflared = { }; networking = { useDHCP = false; dhcpcd.enable = false; defaultGateway = "192.168.1.254"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; firewall = { enable = false; allowedTCPPorts = [ 6443 10250 22 11434 ]; allowedUDPPorts = [ 8472 ]; }; interfaces.enp0s25.ipv4.addresses = [ { address = "192.168.1.89"; prefixLength = 24; } ]; }; services.ollama = { enable = true; openFirewall = true; package = pkgs.ollama-rocm; host = "0.0.0.0"; port = 11434; environmentVariables = { OLLAMA_ORIGINS = "https://ollama.illegalesachen.download"; }; }; services.open-webui = { enable = true; host = "127.0.0.1"; port = 11435; environment = { WEBUI_URL = "https://web-ui.illegalesachen.download"; OLLAMA_BASE_URL = "http://127.0.0.1:11434"; ENABLE_OAUTH_SIGNUP = "true"; DEFAULT_USER_ROLE = "user"; OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "true"; OAUTH_CLIENT_ID = "open-webui"; OAUTH_CLIENT_SECRET = "..."; OPENID_PROVIDER_URL = "..."; OPENID_REDIRECT_URI= "http://web-ui.illegalesachen.download/oauth/oidc/callback"; }; }; hardware.graphics.enable = true; hardware.enableRedistributableFirmware = true; }