diff --git a/hosts/sire/default.nix b/hosts/sire/default.nix index 51af57a..5cd4236 100644 --- a/hosts/sire/default.nix +++ b/hosts/sire/default.nix @@ -132,6 +132,7 @@ // mkMicrovm "immich" { enableStorageDataset = true; } + // mkMicrovm "ai" {} #// mkMicrovm "minecraft" #// mkMicrovm "firefly" #// mkMicrovm "fasten-health" diff --git a/hosts/sire/guests/ai.nix b/hosts/sire/guests/ai.nix new file mode 100644 index 0000000..bd71d1b --- /dev/null +++ b/hosts/sire/guests/ai.nix @@ -0,0 +1,18 @@ +{ + microvm.mem = 1024 * 16; + microvm.vcpu = 20; + + networking.firewall.allowedTCPPorts = [11434]; + + environment.persistence."/state".directories = [ + { + directory = "/var/lib/private/ollama"; + mode = "0700"; + } + ]; + + services.ollama = { + enable = true; + listenAddress = "0.0.0.0:11434"; + }; +} diff --git a/hosts/sire/secrets/ai/host.pub b/hosts/sire/secrets/ai/host.pub new file mode 100644 index 0000000..e4074cd --- /dev/null +++ b/hosts/sire/secrets/ai/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD35UWbMDS/Asz1xNAf23XUqbAYsCxJFMuujfcFSENA diff --git a/secrets/generated/sentinel/loki-basic-auth-hashes.age b/secrets/generated/sentinel/loki-basic-auth-hashes.age index d641be9..3846e0c 100644 Binary files a/secrets/generated/sentinel/loki-basic-auth-hashes.age and b/secrets/generated/sentinel/loki-basic-auth-hashes.age differ diff --git a/secrets/generated/sire-ai/promtail-loki-basic-auth-password.age b/secrets/generated/sire-ai/promtail-loki-basic-auth-password.age new file mode 100644 index 0000000..7e6476d Binary files /dev/null and b/secrets/generated/sire-ai/promtail-loki-basic-auth-password.age differ diff --git a/secrets/generated/sire-ai/telegraf-influxdb-token.age b/secrets/generated/sire-ai/telegraf-influxdb-token.age new file mode 100644 index 0000000..c309ced --- /dev/null +++ b/secrets/generated/sire-ai/telegraf-influxdb-token.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 e09chuumAr9YIQr2FfMksKQ6fuynCRG48q3MFUpZMy0 +tdk5i7W1B3jHBQtpu0GNKhbRSCwAGdANJ++XTvcJsUc +-> piv-p256 xqSe8Q AlCSRpF/mmCbRdgeJmgRfjYGv3UXsiDUXNd1ycXL/VYP +flgemElH9cDwS13GFK0yhXEFMtae7mu6cigrtdEqwD4 +-> $#F(3&-grease + +--- oiRai0AKyVi3x1Ca4kvxWTsB+9iNGc1ns/dwhWKQ5Bk +fNbl΢Mur7{de\Fx"6= GZw$ M|ȅ`f5~ a@k8amA$A=Y \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-ai.age b/secrets/wireguard/proxy-sentinel/keys/sire-ai.age new file mode 100644 index 0000000..6a9535a --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sire-ai.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 TH0kjq49QgHVMxiKN/A7GwtqwdQw9DAikE+5EjCvBh4 ++vYyoJa5I2PTH+v+kwj5NyFwY+ZM9taFsC7r9uVn6nU +-> piv-p256 xqSe8Q At6UZoFAzsYlT0QDcGGSWKxCsv4Iw/fOctV+d1EL3kMl +Nf0ueYrxTsPPO/TsEHaNSV5jHFZkbDi0vQBd0wNfduE +-> i-grease u.xSTA x'~zLGA_ e GE# +ST6gex/P7Tl+iuVMtoP892ZiSqxNBKPcPu8mZqFMnuWOmY1sgaGWqo8uANrENf4S +AWdV9+b9NrRHzwp+s5ZglVEZCj8uY/yNjr+5/sPqwyVGWqRh24kwWPg +--- ihZIFb7aU1VLXXfmQCMhpC0YwTMyCu7mV8wRBaSIaXo +3nk&H<=oeAd+)Y  \5P j!yE>E8ki \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sire-ai.pub b/secrets/wireguard/proxy-sentinel/keys/sire-ai.pub new file mode 100644 index 0000000..c3792bd --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sire-ai.pub @@ -0,0 +1 @@ +ygcBHVWOJfuMpLjaP8wmTlOxaKtLdfnOpkSnSI1yK0E= diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-ai.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-ai.age new file mode 100644 index 0000000..43ce934 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+sire-ai.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 T95WvKmKcGXdvR9je/tOyisM9IFKYMAY/3GuHZwD+zo +7kmXql4Ti7orkYWf3RGNW2fJ1GBL7X95TzPHzWmlTGc +-> piv-p256 xqSe8Q A+L9ytWGceDG0o8dto7/Q35AGAKc4geqNq0/U46xMvfU +RFiabxIUqn1eehP5Dy4aWQbTVqVFG1uXUkGmys5wuA4 +-> 9-grease B?'f1 +y9r8TgPo/KFoIkJ7svBEwQsRwSdENuvKbZUX +--- INSbhj2g2kORf8xCpIWnCdbCh/kHh1RoiDhMdPvDLuk +s_Y;߶Ts)-uM6*O}^b /]R nFo0~2)/ \ No newline at end of file