penal-colony/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add local DNS route for Netdata on Tailscale IP

Browse source 
Adds a networking.extraHosts entry that maps netdata.ashisgreat.xyz
to the Tailscale container IP (100.64.0.3). This allows accessing
Netdata via its domain name while it runs in a container on the
Tailscale network rather than localhost.

Changes:
- Added networking.extraHosts with 100.64.0.3 -> netdata.ashisgreat.xyz mapping
This commit is contained in:
ashisgreat22 2026-03-21 21:16:59 +01:00
parent 73ca9c50a5
commit 2352621de2
3 changed files with 204 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

127
hosts/nixos/home/cursor.nix Normal file
View file

@ -0,0 +1,127 @@
{
config,
pkgs,
inputs,
...
}:
let
# Use the FHS variant for better extension compatibility
cursorPkg = pkgs.code-cursor-fhs;
# Helper to adapt VS Code extensions for Cursor
# Cursor expects extensions in share/cursor/extensions
adaptToCursor =
ext:
pkgs.symlinkJoin {
name = "${ext.name}-cursor";
paths = [ ext ];
inherit (ext) meta;
postBuild = ''
mkdir -p $out/share/cursor
ln -sf ${ext}/share/vscode/extensions $out/share/cursor/extensions
'';
};
in
{
home.packages = [ cursorPkg ];
programs.vscode = {
enable = true;
package = cursorPkg;
# Allow mutable extensions dir so Cursor can create extensions.json
mutableExtensionsDir = true;
profiles.default = {
# Disable update checks (not applicable for Nix-managed packages)
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
# Extensions from nixpkgs (same as vscode.nix)
extensions = map adaptToCursor (
with pkgs.vscode-extensions;
[
# Theme & Icons
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
# Git
eamodio.gitlens
# C/C++
llvm-vs-code-extensions.vscode-clangd
# Nix
jnoortheen.nix-ide
# Python
ms-python.python
ms-python.debugpy
# Go
golang.go
# Java (RedHat + vscjava)
redhat.java
vscjava.vscode-java-debug
vscjava.vscode-java-dependency
vscjava.vscode-java-pack
vscjava.vscode-java-test
vscjava.vscode-gradle
vscjava.vscode-maven
# PHP
bmewburn.vscode-intelephense-client
xdebug.php-debug
# Ruby
shopify.ruby-lsp
# Docker & Containers
ms-azuretools.vscode-docker
# Formatters
esbenp.prettier-vscode
]
);
# User settings (settings.json equivalent)
userSettings = {
# Existing settings from your current settings.json
"workbench.colorTheme" = "Catppuccin Mocha";
"workbench.iconTheme" = "catppuccin-mocha";
"terminal.integrated.shellIntegration.enabled" = false;
"python.languageServer" = "Default";
"json.schemaDownload.enable" = true;
"git.autofetch" = true;
"git.confirmSync" = false;
"explorer.confirmDelete" = false;
"redhat.telemetry.enabled" = false;
# MCP Server configuration
"mcp.servers" = {
"unified-router-sqlite" = {
command = "mcp-sqlite-inspector";
env = {
DEFAULT_DB_PATH = "/home/ashie/nixos/unified-router/data/database.db";
};
};
"unified-router-logs" = {
command = "mcp-pino-parser";
env = {
DEFAULT_LOG_PATH = "/home/ashie/nixos/unified-router/server.log";
};
};
"unified-router-api" = {
command = "mcp-api-tester";
env = {
ALLOWED_HOSTS = "localhost,127.0.0.1";
DEFAULT_PORT = "9090";
};
};
};
};
};
};
}

17
hosts/nixos/system/networking.nix
View file

@ -95,7 +95,6 @@
"jellyfin.ashisgreat.xyz" "jellyfin.ashisgreat.xyz"
"jellyseer.ashisgreat.xyz" "jellyseer.ashisgreat.xyz"
"jellyseerr.ashisgreat.xyz" "jellyseerr.ashisgreat.xyz"
"search.ashisgreat.xyz"
"openclaw.ashisgreat.xyz" "openclaw.ashisgreat.xyz"
]; ];
interval = "10min"; interval = "10min";
@ -138,7 +137,6 @@
"127.0.0.1" = [ "127.0.0.1" = [
"ashisgreat.xyz" "ashisgreat.xyz"
"api.ashisgreat.xyz" "api.ashisgreat.xyz"
"search.ashisgreat.xyz"
"chat.ashisgreat.xyz" "chat.ashisgreat.xyz"
"auth.ashisgreat.xyz" "auth.ashisgreat.xyz"
"stream.ashisgreat.xyz" "stream.ashisgreat.xyz"
@ -153,4 +151,19 @@
"openclaw.ashisgreat.xyz" "openclaw.ashisgreat.xyz"
]; ];
}; };
# Netdata - Container on Tailscale IP (100.64.0.3)
networking.extraHosts = ''
100.64.0.3 netdata.ashisgreat.xyz
'';
# Tailscale
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets.tailscale_authkey.path;
extraUpFlags = [ "--login-server=https://vpn.ashisgreat.xyz" ];
};
# Allow Tailscale network to access local AI services
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 11434 18789 ];
} }

62
modules/nixos/lmstudio-sandboxed.nix Normal file
View file

@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
sandboxUtils = import ./sandbox-utils.nix { inherit pkgs lib; };
sandboxModule = sandboxUtils.mkSandboxedApp {
inherit
config
lib
pkgs
inputs
;
optionName = "lmstudioSandboxed";
packageName = "lmstudio-sandboxed";
description = "Sandboxed LM Studio with ROCm support";
package = pkgs.lmstudio;
appId = "lm-studio";
env = {
# Force Wayland for Electron
NIXOS_OZONE_WL = "1";
# ROCm compatibility override
HSA_OVERRIDE_GFX_VERSION = config.myModules.lmstudioSandboxed.hsaGfxVersion;
};
additionalArgs = sandboxUtils.mkGamingBindArgs { };
mounts = {
readWrite = [
"$HOME/.cache/lm-studio"
"$HOME/.local/share/lm-studio"
"$HOME/.config/lm-studio"
"$HOME/.lmstudio" # Common models directory
];
};
fhsenvOpts = {
unshareUser = true;
unshareUts = false;
unshareCgroup = false;
unsharePid = true;
unshareNet = false;
unshareIpc = true;
};
};
in
{
options.myModules.lmstudioSandboxed = sandboxModule.options.myModules.lmstudioSandboxed // {
hsaGfxVersion = lib.mkOption {
type = lib.types.str;
default = "12.0.1";
description = "HSA_OVERRIDE_GFX_VERSION for AMD GPU compatibility";
};
};
config = sandboxModule.config;
}