From 04c6cd8cd90b52fec9002fb8f7635e2c45846b16 Mon Sep 17 00:00:00 2001
From: Lilith <liv@benstem.de>
Date: Mon, 14 Apr 2025 23:46:25 +0200
Subject: [PATCH] ollama

---
 .sops.yaml                  |  2 +-
 flake.lock                  | 17 +++++++++++++++++
 flake.nix                   |  2 ++
 home/lilith/git.nix         |  7 +++++--
 home/lilith/packages.nix    |  2 ++
 home/lilith/sops.nix        |  8 +++++---
 home/lilith/thunderbird.nix | 23 ++++++++++++++++++++---
 hosts/lilith-pc/default.nix |  8 +++++++-
 secrets/default.yaml        | 19 ++++++++++++-------
 system/optional/default.nix |  4 +++-
 system/optional/ollama.nix  |  6 ++++++
 unfree.nix                  |  2 +-
 12 files changed, 81 insertions(+), 19 deletions(-)
 create mode 100644 system/optional/ollama.nix

diff --git a/.sops.yaml b/.sops.yaml
index 4abd30dd..41c909ae 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,5 +1,5 @@
 keys:
-  - &lilith 3586D8D6689B9C9ECD598C588712A0F317C37175
+  - &lilith 35FA53C3B39A778CBD0F0ADD0A0316EDDEDCA368
   - &lilith-pad age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz
   - &lilith-pc age1pyav93usza3s363g56687yxh9jmp364w32gs77le7t0cgg7jveyq4zcl6v
 creation_rules:
diff --git a/flake.lock b/flake.lock
index f13ad9eb..8e6e86e9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -234,6 +234,22 @@
         "type": "github"
       }
     },
+    "flake-private": {
+      "locked": {
+        "lastModified": 1744570005,
+        "narHash": "sha256-SnV4raQWMiysxsZBOq4wrR9kWxF8Fk/Arn9bERr1XOg=",
+        "ref": "main",
+        "rev": "ce669973291ca0e09677fb2491922ea15562e9ef",
+        "revCount": 2,
+        "type": "git",
+        "url": "ssh://git@git.firelilith.org/lilith/flake-private.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "ssh://git@git.firelilith.org/lilith/flake-private.git"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -799,6 +815,7 @@
     },
     "root": {
       "inputs": {
+        "flake-private": "flake-private",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "hyprgrass": "hyprgrass",
diff --git a/flake.nix b/flake.nix
index 06b0d79d..b8d8ae4b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,6 +5,8 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
 
+    flake-private.url = "git+ssh://git@git.firelilith.org/lilith/flake-private.git?ref=main";
+
     flake-utils.url = "github:numtide/flake-utils";
 
     home-manager = {
diff --git a/home/lilith/git.nix b/home/lilith/git.nix
index 9e8fbdc5..4946e8cd 100644
--- a/home/lilith/git.nix
+++ b/home/lilith/git.nix
@@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
   programs.git = {
     enable = true;
     lfs.enable = true;
@@ -6,7 +7,7 @@
     userEmail = "liv@benstem.de";
     difftastic.enable = true;
     signing = {
-      key = "3586D8D6689B9C9ECD598C588712A0F317C37175";
+      key = "B96CE30E7F0B4319DE0025B4272C807BD91F8446";
       signByDefault = true;
     };
     extraConfig = {
@@ -27,6 +28,8 @@
         pruneTags = true;
         all = true;
       };
+
+      init.defaultBranch = "main";
     };
   };
 }
diff --git a/home/lilith/packages.nix b/home/lilith/packages.nix
index f53a246c..0e36e1dd 100644
--- a/home/lilith/packages.nix
+++ b/home/lilith/packages.nix
@@ -5,6 +5,8 @@
     gnumake
     git
 
+    libsecret
+
     pulsemixer
     pavucontrol
     playerctl
diff --git a/home/lilith/sops.nix b/home/lilith/sops.nix
index 6aef2b08..b0099500 100644
--- a/home/lilith/sops.nix
+++ b/home/lilith/sops.nix
@@ -1,9 +1,11 @@
-{ ... }: {
+{ ... }:
+{
   # imports = [
   #   sops-nix.homeManagerModules.default
   # ];
-  
+
   sops = {
-    age.keyFile = /persist/data/home/lilith/.config/sops/age/keys.txt;
+    age.keyFile = "/persist/data/home/lilith/.config/sops/age/keys.txt";
+    defaultSopsFile = ../../secrets/default.yaml;
   };
 }
diff --git a/home/lilith/thunderbird.nix b/home/lilith/thunderbird.nix
index 86a185d0..f3360d11 100644
--- a/home/lilith/thunderbird.nix
+++ b/home/lilith/thunderbird.nix
@@ -1,11 +1,28 @@
-{...}:{
-  programs.thunderbird = {  
+{
+  flake-private,
+  config,
+  sops,
+  ...
+}:
+{
+  programs.thunderbird = {
     enable = true;
     settings = {
-      
+
     };
     profiles."lilith" = {
       isDefault = true;
     };
   };
+
+  sops.secrets = {
+    "email/personal/password" = { };
+    "email/uni/password" = { };
+    "email/work/password" = { };
+    "email/fau/password" = { };
+  };
+
+  # As this contains personal information, this part of the config has been
+  # put in a separate, private repository. Do _not_ use this for actual secrets!
+  accounts.email.accounts = flake-private.home.accounts.email.accounts { inherit config; };
 }
diff --git a/hosts/lilith-pc/default.nix b/hosts/lilith-pc/default.nix
index 8270a80f..c40b3a68 100644
--- a/hosts/lilith-pc/default.nix
+++ b/hosts/lilith-pc/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 let
   mkHostOverride = lib.mkOverride 75;
 in
@@ -9,6 +9,12 @@ in
   gaming.enable = true;
   nfs.client.enable = true;
   auto_styling.enable = true;
+  ollama.enable = true;
+
+  hardware.opengl.extraPackages = with pkgs; [
+    rocm-opencl-icd
+    rocm-runtime-ext
+  ];
 
   home-manager.users."lilith".wayland.windowManager.hyprland.settings = {
     input.kb_layout = mkHostOverride "us";
diff --git a/secrets/default.yaml b/secrets/default.yaml
index 8f067073..c9a6a469 100644
--- a/secrets/default.yaml
+++ b/secrets/default.yaml
@@ -2,11 +2,16 @@ ssh:
     nixremote:
         public: ENC[AES256_GCM,data:cpgaIleEj+S0AdPnZQ0HeOS44SZNRljSCzi2uzMfA/vb4rmXWPqE+Yh0yG+UD0UThEYmVkZnvK5JNps2lTvp3Dqo92rYLQrn14vFP8yCQMU=,iv:9R5n3yE5yx0JLESRqax2ZWuYFR2XT1Xd882BU/SnAdQ=,tag:IIykViHleEO2lgu1Tjz5pw==,type:str]
         private: ENC[AES256_GCM,data:7nT/pKf9rfUDQrRgXH/trJ7jv7C+1L71ZiAWK8uKbfYyonHzq3EJZ5hjSiP+9NFa1qoisL3JH/cv5kuDR8FZFLVTv0+oLW55YPD7SOAzVAeL45cnHzgaVvz7CCikve3ZtGHKurqyUcN7MXKDOqwnuQ1tcvzhAmfDBWwbnheUylmokBq20+eivjQ7AGt1lc0e0J2tpEZDdlUOrVFQd0QdoGBGOnadh/yA6fARfZb9oOYryooV1cGhlzoJNQ9/jXEasIDN+GDaNRpvXK5bvWKBNVmNF4QLnt9wJjIVfnpG6IrJJ2yduecgwAFnKj5Gn7NAkJ9RJzE0ysHLWYnIZWm8TGaBaphQLsmd6VJ/47nAiwfAGVoaCWI45lAFwEu9eEdbZn9joQvBFGsE6TEBbjb/JDWSzHFFwFDHNsApIs0w1FN6qEea2BoI6VINgwgzzcyV7XJNPqHd9KFQSSe7eqKAl6OiCGRxrF2pLzTohX/NCDkorkfdDLJ/DlEe+8B+Qe+IGDNtnbzLGDftI+GWYsSyjrUwGXcTSq1meIBB,iv:UBQb9m85xeYioV7VDi5tr7T75MTG9yddBMXASRwvq3A=,tag:1fkwUF1ZuvxNU6ntoXGk0w==,type:str]
+email:
+    personal:
+        password: ENC[AES256_GCM,data:cEyBJzbA+nkHhg==,iv:xMXg4kTPcTwMHL3hJYf4Vd8ZxBVuAOdImrIJRfnlaXE=,tag:Q4E9iSkt7q3giNQ9+UdSRg==,type:str]
+    uni:
+        password: ENC[AES256_GCM,data:HQRcmOs+FE34xKxH+C5OOXWsrl4=,iv:CmMvihFvd5PHHcQi7DXpILx0RnVaS1vwULn15yVCgJc=,tag:I92pnp8TSlat1//D8sBU5Q==,type:str]
+    work:
+        password: ENC[AES256_GCM,data:QKR3SDIxzroB,iv:HCVsaBbPcd91fjoZC/V3p//43h1u8XFpiUf4hdO/0Og=,tag:KlCGA0XSQfT1Ox3JWmvbGw==,type:str]
+    fau:
+        password: ENC[AES256_GCM,data:livftrSQbA4vmFL9B0y1DyZmxTpWpwIULvKSlQysr6M=,iv:8kXbkg7N7U6px2Clrpw35Ee/yBCf/d9qFG4Sz5yZxUA=,tag:USaDOJEW2fIaIBNpGoCiTA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz
           enc: |
@@ -26,8 +31,8 @@ sops:
             endmMkVMRjgvb05ycS9SamFOUk54QVUKB7eaUO/4Ttxjtt3/ZoryQiHeodnTcqHy
             7Z4xQ21bWqDK3Bw/IaYsMEu1GJ5ZR7KcNENnuoU8wza3ymLv60Xzgw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-17T17:44:37Z"
-    mac: ENC[AES256_GCM,data:ws3pqokNCWVxXgXOFI8mDZQ9XTY1G8WZEEVzk3mD/+ERynLoD4xcPHL5tu3EisPBNIe90olnQy7/FwN8ZOkUl7UWjTPfCOPBqpY8P253YHz5mSdBp3U+9x16nbQHXH2InTzQQwbj7Z2Uz6kzz7Tk8tg8x+zli8lqWwFdpqv7p2k=,iv:Eqw4Q4Yy8/Yq8avXJ3na3lnu275YLvnacjluB++ta54=,tag:FcJDDJtPLm4pCG7ZKWCK0Q==,type:str]
+    lastmodified: "2025-04-09T22:14:24Z"
+    mac: ENC[AES256_GCM,data:Qkkazrqr8m89dCex194TLeiCn9S1/j24WFa2gu05AOhZ2Oev7z9LXZh8aH4dmKGdc3S1AsVojdD9zKpVdicVSKjCS372J9NCxtABP/JZQGI1YNz/QnH/CDXQxoEtqv27nMSDcv2E0S1aI4r2wa3JR8x6f7h2CuFzHz/C0zp0z3M=,iv:h1gOc4o9pNYnJIp8oniklLvm7V1OftqGwd8rdSSwRyg=,tag:ojeIa0/uxvAy0HH+Mlxcog==,type:str]
     pgp:
         - created_at: "2025-03-17T17:42:02Z"
           enc: |-
@@ -41,4 +46,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 3586D8D6689B9C9ECD598C588712A0F317C37175
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.1
diff --git a/system/optional/default.nix b/system/optional/default.nix
index 123f026d..f18973e4 100644
--- a/system/optional/default.nix
+++ b/system/optional/default.nix
@@ -1,8 +1,10 @@
-{...}: {
+{ ... }:
+{
   imports = [
     ./nfs.nix
     ./desktop.nix
     ./gaming.nix
     ./stylix.nix
+    ./ollama.nix
   ];
 }
diff --git a/system/optional/ollama.nix b/system/optional/ollama.nix
new file mode 100644
index 00000000..fda319ea
--- /dev/null
+++ b/system/optional/ollama.nix
@@ -0,0 +1,6 @@
+{ config, lib, ... }:
+{
+  options.ollama.enable = lib.mkEnableOption "Enable Ollama server /w GPU acceleration";
+
+  config.services.ollama = lib.mkIf config.ollama.enable { enable = true; };
+}
diff --git a/unfree.nix b/unfree.nix
index 371fd3da..3826fa29 100644
--- a/unfree.nix
+++ b/unfree.nix
@@ -3,6 +3,6 @@
     "steam"
     "steam-unwrapped"
 
-    "android-studio-stable"
+    "rocm-runtime-ext"
   ];
 }