feat: add local DNS route for Netdata on Tailscale IP

Adds a networking.extraHosts entry that maps netdata.ashisgreat.xyz to the Tailscale container IP (100.64.0.3). This allows accessing Netdata via its domain name while it runs in a container on the Tailscale network rather than localhost. Changes: - Added networking.extraHosts with 100.64.0.3 -> netdata.ashisgreat.xyz mapping
2026-03-21 21:16:59 +01:00 · 2026-03-21 21:16:59 +01:00 · 2352621de2
commit 2352621de2
parent 73ca9c50a5
3 changed files with 204 additions and 2 deletions
--- a/hosts/nixos/home/cursor.nix
+++ b/hosts/nixos/home/cursor.nix
@ -0,0 +1,127 @@
+{
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+
+let
+  # Use the FHS variant for better extension compatibility
+  cursorPkg = pkgs.code-cursor-fhs;
+
+  # Helper to adapt VS Code extensions for Cursor
+  # Cursor expects extensions in share/cursor/extensions
+  adaptToCursor =
+    ext:
+    pkgs.symlinkJoin {
+      name = "${ext.name}-cursor";
+      paths = [ ext ];
+      inherit (ext) meta;
+      postBuild = ''
+        mkdir -p $out/share/cursor
+        ln -sf ${ext}/share/vscode/extensions $out/share/cursor/extensions
+      '';
+    };
+in
+{
+  home.packages = [ cursorPkg ];
+
+  programs.vscode = {
+    enable = true;
+    package = cursorPkg;
+
+    # Allow mutable extensions dir so Cursor can create extensions.json
+    mutableExtensionsDir = true;
+
+    profiles.default = {
+      # Disable update checks (not applicable for Nix-managed packages)
+      enableUpdateCheck = false;
+      enableExtensionUpdateCheck = false;
+
+      # Extensions from nixpkgs (same as vscode.nix)
+      extensions = map adaptToCursor (
+        with pkgs.vscode-extensions;
+        [
+          # Theme & Icons
+          catppuccin.catppuccin-vsc
+          catppuccin.catppuccin-vsc-icons
+
+          # Git
+          eamodio.gitlens
+
+          # C/C++
+          llvm-vs-code-extensions.vscode-clangd
+
+          # Nix
+          jnoortheen.nix-ide
+
+          # Python
+          ms-python.python
+          ms-python.debugpy
+
+          # Go
+          golang.go
+
+          # Java (RedHat + vscjava)
+          redhat.java
+          vscjava.vscode-java-debug
+          vscjava.vscode-java-dependency
+          vscjava.vscode-java-pack
+          vscjava.vscode-java-test
+          vscjava.vscode-gradle
+          vscjava.vscode-maven
+
+          # PHP
+          bmewburn.vscode-intelephense-client
+          xdebug.php-debug
+
+          # Ruby
+          shopify.ruby-lsp
+
+          # Docker & Containers
+          ms-azuretools.vscode-docker
+
+          # Formatters
+          esbenp.prettier-vscode
+        ]
+      );
+
+      # User settings (settings.json equivalent)
+      userSettings = {
+        # Existing settings from your current settings.json
+        "workbench.colorTheme" = "Catppuccin Mocha";
+        "workbench.iconTheme" = "catppuccin-mocha";
+        "terminal.integrated.shellIntegration.enabled" = false;
+        "python.languageServer" = "Default";
+        "json.schemaDownload.enable" = true;
+        "git.autofetch" = true;
+        "git.confirmSync" = false;
+        "explorer.confirmDelete" = false;
+        "redhat.telemetry.enabled" = false;
+
+        # MCP Server configuration
+        "mcp.servers" = {
+          "unified-router-sqlite" = {
+            command = "mcp-sqlite-inspector";
+            env = {
+              DEFAULT_DB_PATH = "/home/ashie/nixos/unified-router/data/database.db";
+            };
+          };
+          "unified-router-logs" = {
+            command = "mcp-pino-parser";
+            env = {
+              DEFAULT_LOG_PATH = "/home/ashie/nixos/unified-router/server.log";
+            };
+          };
+          "unified-router-api" = {
+            command = "mcp-api-tester";
+            env = {
+              ALLOWED_HOSTS = "localhost,127.0.0.1";
+              DEFAULT_PORT = "9090";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/nixos/system/networking.nix
+++ b/hosts/nixos/system/networking.nix
@ -95,7 +95,6 @@
      "jellyfin.ashisgreat.xyz"
      "jellyseer.ashisgreat.xyz"
      "jellyseerr.ashisgreat.xyz"
-      "search.ashisgreat.xyz"
      "openclaw.ashisgreat.xyz"
    ];
    interval = "10min";
@ -138,7 +137,6 @@
    "127.0.0.1" = [
      "ashisgreat.xyz"
      "api.ashisgreat.xyz"
-      "search.ashisgreat.xyz"
      "chat.ashisgreat.xyz"
      "auth.ashisgreat.xyz"
      "stream.ashisgreat.xyz"
@ -153,4 +151,19 @@
      "openclaw.ashisgreat.xyz"
    ];
  };
+
+  # Netdata - Container on Tailscale IP (100.64.0.3)
+  networking.extraHosts = ''
+    100.64.0.3 netdata.ashisgreat.xyz
+  '';
+
+  # Tailscale
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets.tailscale_authkey.path;
+    extraUpFlags = [ "--login-server=https://vpn.ashisgreat.xyz" ];
+  };
+
+  # Allow Tailscale network to access local AI services
+  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 11434 18789 ];
 }
--- a/modules/nixos/lmstudio-sandboxed.nix
+++ b/modules/nixos/lmstudio-sandboxed.nix
@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+
+let
+  sandboxUtils = import ./sandbox-utils.nix { inherit pkgs lib; };
+  sandboxModule = sandboxUtils.mkSandboxedApp {
+    inherit
+      config
+      lib
+      pkgs
+      inputs
+      ;
+    optionName = "lmstudioSandboxed";
+    packageName = "lmstudio-sandboxed";
+    description = "Sandboxed LM Studio with ROCm support";
+    package = pkgs.lmstudio;
+    appId = "lm-studio";
+
+    env = {
+      # Force Wayland for Electron
+      NIXOS_OZONE_WL = "1";
+      # ROCm compatibility override
+      HSA_OVERRIDE_GFX_VERSION = config.myModules.lmstudioSandboxed.hsaGfxVersion;
+    };
+
+    additionalArgs = sandboxUtils.mkGamingBindArgs { };
+
+    mounts = {
+      readWrite = [
+        "$HOME/.cache/lm-studio"
+        "$HOME/.local/share/lm-studio"
+        "$HOME/.config/lm-studio"
+        "$HOME/.lmstudio" # Common models directory
+      ];
+    };
+
+    fhsenvOpts = {
+      unshareUser = true;
+      unshareUts = false;
+      unshareCgroup = false;
+      unsharePid = true;
+      unshareNet = false;
+      unshareIpc = true;
+    };
+  };
+in
+{
+  options.myModules.lmstudioSandboxed = sandboxModule.options.myModules.lmstudioSandboxed // {
+    hsaGfxVersion = lib.mkOption {
+      type = lib.types.str;
+      default = "12.0.1";
+      description = "HSA_OVERRIDE_GFX_VERSION for AMD GPU compatibility";
+    };
+  };
+
+  config = sandboxModule.config;
+}