diff --git a/hosts/nixos/home/cursor.nix b/hosts/nixos/home/cursor.nix new file mode 100644 index 0000000..01d6996 --- /dev/null +++ b/hosts/nixos/home/cursor.nix @@ -0,0 +1,127 @@ +{ + config, + pkgs, + inputs, + ... +}: + +let + # Use the FHS variant for better extension compatibility + cursorPkg = pkgs.code-cursor-fhs; + + # Helper to adapt VS Code extensions for Cursor + # Cursor expects extensions in share/cursor/extensions + adaptToCursor = + ext: + pkgs.symlinkJoin { + name = "${ext.name}-cursor"; + paths = [ ext ]; + inherit (ext) meta; + postBuild = '' + mkdir -p $out/share/cursor + ln -sf ${ext}/share/vscode/extensions $out/share/cursor/extensions + ''; + }; +in +{ + home.packages = [ cursorPkg ]; + + programs.vscode = { + enable = true; + package = cursorPkg; + + # Allow mutable extensions dir so Cursor can create extensions.json + mutableExtensionsDir = true; + + profiles.default = { + # Disable update checks (not applicable for Nix-managed packages) + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + # Extensions from nixpkgs (same as vscode.nix) + extensions = map adaptToCursor ( + with pkgs.vscode-extensions; + [ + # Theme & Icons + catppuccin.catppuccin-vsc + catppuccin.catppuccin-vsc-icons + + # Git + eamodio.gitlens + + # C/C++ + llvm-vs-code-extensions.vscode-clangd + + # Nix + jnoortheen.nix-ide + + # Python + ms-python.python + ms-python.debugpy + + # Go + golang.go + + # Java (RedHat + vscjava) + redhat.java + vscjava.vscode-java-debug + vscjava.vscode-java-dependency + vscjava.vscode-java-pack + vscjava.vscode-java-test + vscjava.vscode-gradle + vscjava.vscode-maven + + # PHP + bmewburn.vscode-intelephense-client + xdebug.php-debug + + # Ruby + shopify.ruby-lsp + + # Docker & Containers + ms-azuretools.vscode-docker + + # Formatters + esbenp.prettier-vscode + ] + ); + + # User settings (settings.json equivalent) + userSettings = { + # Existing settings from your current settings.json + "workbench.colorTheme" = "Catppuccin Mocha"; + "workbench.iconTheme" = "catppuccin-mocha"; + "terminal.integrated.shellIntegration.enabled" = false; + "python.languageServer" = "Default"; + "json.schemaDownload.enable" = true; + "git.autofetch" = true; + "git.confirmSync" = false; + "explorer.confirmDelete" = false; + "redhat.telemetry.enabled" = false; + + # MCP Server configuration + "mcp.servers" = { + "unified-router-sqlite" = { + command = "mcp-sqlite-inspector"; + env = { + DEFAULT_DB_PATH = "/home/ashie/nixos/unified-router/data/database.db"; + }; + }; + "unified-router-logs" = { + command = "mcp-pino-parser"; + env = { + DEFAULT_LOG_PATH = "/home/ashie/nixos/unified-router/server.log"; + }; + }; + "unified-router-api" = { + command = "mcp-api-tester"; + env = { + ALLOWED_HOSTS = "localhost,127.0.0.1"; + DEFAULT_PORT = "9090"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/nixos/system/networking.nix b/hosts/nixos/system/networking.nix index 7535a54..93243ad 100644 --- a/hosts/nixos/system/networking.nix +++ b/hosts/nixos/system/networking.nix @@ -95,7 +95,6 @@ "jellyfin.ashisgreat.xyz" "jellyseer.ashisgreat.xyz" "jellyseerr.ashisgreat.xyz" - "search.ashisgreat.xyz" "openclaw.ashisgreat.xyz" ]; interval = "10min"; @@ -138,7 +137,6 @@ "127.0.0.1" = [ "ashisgreat.xyz" "api.ashisgreat.xyz" - "search.ashisgreat.xyz" "chat.ashisgreat.xyz" "auth.ashisgreat.xyz" "stream.ashisgreat.xyz" @@ -153,4 +151,19 @@ "openclaw.ashisgreat.xyz" ]; }; + + # Netdata - Container on Tailscale IP (100.64.0.3) + networking.extraHosts = '' + 100.64.0.3 netdata.ashisgreat.xyz + ''; + + # Tailscale + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets.tailscale_authkey.path; + extraUpFlags = [ "--login-server=https://vpn.ashisgreat.xyz" ]; + }; + + # Allow Tailscale network to access local AI services + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 11434 18789 ]; } diff --git a/modules/nixos/lmstudio-sandboxed.nix b/modules/nixos/lmstudio-sandboxed.nix new file mode 100644 index 0000000..b9b0b89 --- /dev/null +++ b/modules/nixos/lmstudio-sandboxed.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: + +let + sandboxUtils = import ./sandbox-utils.nix { inherit pkgs lib; }; + sandboxModule = sandboxUtils.mkSandboxedApp { + inherit + config + lib + pkgs + inputs + ; + optionName = "lmstudioSandboxed"; + packageName = "lmstudio-sandboxed"; + description = "Sandboxed LM Studio with ROCm support"; + package = pkgs.lmstudio; + appId = "lm-studio"; + + env = { + # Force Wayland for Electron + NIXOS_OZONE_WL = "1"; + # ROCm compatibility override + HSA_OVERRIDE_GFX_VERSION = config.myModules.lmstudioSandboxed.hsaGfxVersion; + }; + + additionalArgs = sandboxUtils.mkGamingBindArgs { }; + + mounts = { + readWrite = [ + "$HOME/.cache/lm-studio" + "$HOME/.local/share/lm-studio" + "$HOME/.config/lm-studio" + "$HOME/.lmstudio" # Common models directory + ]; + }; + + fhsenvOpts = { + unshareUser = true; + unshareUts = false; + unshareCgroup = false; + unsharePid = true; + unshareNet = false; + unshareIpc = true; + }; + }; +in +{ + options.myModules.lmstudioSandboxed = sandboxModule.options.myModules.lmstudioSandboxed // { + hsaGfxVersion = lib.mkOption { + type = lib.types.str; + default = "12.0.1"; + description = "HSA_OVERRIDE_GFX_VERSION for AMD GPU compatibility"; + }; + }; + + config = sandboxModule.config; +}