ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pin all leading edge apps to their own nixpkgs so they can update independently

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-10-07 19:22:43 -05:00
parent b89d0a67fa
commit 3a0b2e754d
8 changed files with 431 additions and 315 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/h001/mods/default.nix
View file

@ -3,6 +3,7 @@
}:
{
imports = [
./litellm.nix
./nixarr.nix
./monitoring.nix
./pinchflat.nix

169
hosts/h001/mods/litellm.nix Normal file
View file

@ -0,0 +1,169 @@
{
inputs,
...
}:
let
declaration = "services/misc/litellm.nix";
nixpkgs = inputs.open-webui-nixpkgs;
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
port = 8094;
in
{
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
options = { };
config = {
networking.firewall.enable = true;
# Expose litellm to my overlay network as well
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ port ];
services.litellm = {
enable = true;
inherit port;
host = "0.0.0.0";
openFirewall = false;
package = pkgs.litellm;
environment = {
SCARF_NO_ANALYTICS = "True";
DO_NOT_TRACK = "True";
ANONYMIZED_TELEMETRY = "False";
GITHUB_COPILOT_TOKEN_DIR = "/var/lib/litellm/github_copilot";
XDG_CONFIG_HOME = "/var/lib/litellm/.config";
};
settings = {
environment_variables = {
LITELLM_PROXY_API_KEY = "na";
};
litellm_settings = {
check_provider_endpoints = true;
};
model_list = [
# existing
{
model_name = "GPT-5";
litellm_params = {
model = "azure/gpt-5-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-mini";
litellm_params = {
model = "azure/gpt-5-mini-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-nano";
litellm_params = {
model = "azure/gpt-5-nano-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "GPT-5-codex";
# litellm_params = {
# model = "azure/gpt-5-codex-2025-09-15";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
{
model_name = "GPT-4.1";
litellm_params = {
model = "azure/gpt-4.1-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4.1-mini";
litellm_params = {
model = "azure/gpt-4.1-mini-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o-2024-05-13";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "dall-e-3-3.0";
# litellm_params = {
# model = "azure/dall-e-3-3.0";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
# Copilot
{
model_name = "copilot-claude-sonnet-4";
litellm_params = {
model = "github_copilot/claude-sonnet-4";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
{
model_name = "copilot-google-gemini-2.5-pro";
litellm_params = {
model = "github_copilot/gemini-2.5-pro";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
# {
# model_name = "copilot-google-gemini-2.0-flash";
# litellm_params = {
# model = "github_copilot/gemini-2.0-flash";
# extra_headers = {
# "editor-version" = "vscode/1.85.1";
# "Copilot-Integration-Id" = "vscode-chat";
# "user-agent" = "GithubCopilot/1.155.0";
# "editor-plugin-version" = "copilot/1.155.0";
# };
# };
# }
# 宙 Proxy
# {
# model_name = "litellm_proxy/*";
# litellm_params = {
# model = "litellm_proxy/*";
# api_base = "http://100.64.0.8:9010/air_key";
# api_key = "os.environ/LITELLM_PROXY_API_KEY";
# };
# }
];
};
};
};
}

84
hosts/h001/mods/oauth2-proxy.nix
View file

@ -1,40 +1,56 @@
{ upkgs, config, ... }:
{
services.oauth2-proxy = {
enable = true;
httpAddress = "http://127.0.0.1:4180";
package = upkgs.oauth2-proxy;
provider = "oidc";
reverseProxy = true;
redirectURL = "https://sso-proxy.joshuabell.xyz/oauth2/callback";
validateURL = "https://sso.joshuabell.xyz/oauth2/";
oidcIssuerUrl = "https://sso.joshuabell.xyz";
keyFile = config.age.secrets.oauth2_proxy_key_file.path;
nginx.domain = "sso-proxy.joshuabell.xyz";
email.domains = [ "*" ];
extraConfig = {
whitelist-domain = "*.joshuabell.xyz";
cookie-domain = ".joshuabell.xyz";
oidc-groups-claim = "flatRolesClaim";
# scope = "openid email profiles";
# pass-access-token = "true";
# set-authorization-header = "true";
# pass-user-headers = "true";
# show-debug-on-error = "true";
# errors-to-info-log = "true";
};
cookie.refresh = "30m";
# setXauthrequest = true;
inputs,
config,
...
}:
let
declaration = "services/security/oauth2-proxy.nix";
nixpkgs = inputs.open-webui-nixpkgs;
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in
{
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
config = {
services.oauth2-proxy = {
enable = true;
httpAddress = "http://127.0.0.1:4180";
package = pkgs.oauth2-proxy;
provider = "oidc";
reverseProxy = true;
redirectURL = "https://sso-proxy.joshuabell.xyz/oauth2/callback";
validateURL = "https://sso.joshuabell.xyz/oauth2/";
oidcIssuerUrl = "https://sso.joshuabell.xyz";
keyFile = config.age.secrets.oauth2_proxy_key_file.path;
nginx.domain = "sso-proxy.joshuabell.xyz";
email.domains = [ "*" ];
extraConfig = {
whitelist-domain = "*.joshuabell.xyz";
cookie-domain = ".joshuabell.xyz";
oidc-groups-claim = "flatRolesClaim";
# scope = "openid email profiles";
services.nginx.virtualHosts."sso-proxy.joshuabell.xyz" = {
locations = {
"/" = {
proxyWebsockets = true;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:4180";
# pass-access-token = "true";
# set-authorization-header = "true";
# pass-user-headers = "true";
# show-debug-on-error = "true";
# errors-to-info-log = "true";
};
cookie.refresh = "30m";
# setXauthrequest = true;
};
services.nginx.virtualHosts."sso-proxy.joshuabell.xyz" = {
locations = {
"/" = {
proxyWebsockets = true;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:4180";
};
};
};
};

152
hosts/h001/mods/openwebui.nix
View file

@ -1,20 +1,19 @@
{
upkgs,
inputs,
config,
...
}:
let
declaration = "services/misc/open-webui.nix";
nixpkgs = inputs.open-webui-nixpkgs;
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in
{
# Use unstable services
disabledModules = [
"services/misc/open-webui.nix"
"services/misc/litellm.nix"
];
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/open-webui.nix"
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/litellm.nix"
];
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
options = { };
config = {
services.nginx.virtualHosts."chat.joshuabell.xyz" = {
@ -35,7 +34,7 @@
port = 8084;
host = "127.0.0.1";
openFirewall = false;
package = upkgs.open-webui;
package = pkgs.open-webui;
environmentFile = config.age.secrets.openwebui_env.path;
environment = {
# Declarative config, we don't use admin panel for anything
@ -68,134 +67,5 @@
# OAUTH_UPDATE_PICTURE_ON_LOGIN = "True";
};
};
services.litellm = {
enable = true;
port = 8094;
openFirewall = false;
package = upkgs.litellm;
environment = {
SCARF_NO_ANALYTICS = "True";
DO_NOT_TRACK = "True";
ANONYMIZED_TELEMETRY = "False";
GITHUB_COPILOT_TOKEN_DIR = "/var/lib/litellm/github_copilot";
XDG_CONFIG_HOME = "/var/lib/litellm/.config";
};
settings = {
model_list = [
# existing
{
model_name = "GPT-5";
litellm_params = {
model = "azure/gpt-5-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-mini";
litellm_params = {
model = "azure/gpt-5-mini-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-5-nano";
litellm_params = {
model = "azure/gpt-5-nano-2025-08-07";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "GPT-5-codex";
# litellm_params = {
# model = "azure/gpt-5-codex-2025-09-15";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
{
model_name = "GPT-4.1";
litellm_params = {
model = "azure/gpt-4.1-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4.1-mini";
litellm_params = {
model = "azure/gpt-4.1-mini-2025-04-14";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o-2024-05-13";
api_base = "http://100.64.0.8:9010/azure";
api_version = "2025-04-01-preview";
api_key = "na";
};
}
# {
# model_name = "dall-e-3-3.0";
# litellm_params = {
# model = "azure/dall-e-3-3.0";
# api_base = "http://100.64.0.8:9010/azure";
# api_version = "2025-04-01-preview";
# api_key = "na";
# };
# }
# Copilot
{
model_name = "copilot-claude-sonnet-4";
litellm_params = {
model = "github_copilot/claude-sonnet-4";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
{
model_name = "copilot-google-gemini-2.5-pro";
litellm_params = {
model = "github_copilot/gemini-2.5-pro";
extra_headers = {
"editor-version" = "vscode/1.85.1";
"Copilot-Integration-Id" = "vscode-chat";
"user-agent" = "GithubCopilot/1.155.0";
"editor-plugin-version" = "copilot/1.155.0";
};
};
}
# {
# model_name = "copilot-google-gemini-2.0-flash";
# litellm_params = {
# model = "github_copilot/gemini-2.0-flash";
# extra_headers = {
# "editor-version" = "vscode/1.85.1";
# "Copilot-Integration-Id" = "vscode-chat";
# "user-agent" = "GithubCopilot/1.155.0";
# "editor-plugin-version" = "copilot/1.155.0";
# };
# };
# }
];
};
};
};
}

14
hosts/h001/mods/trilium.nix
View file

@ -1,12 +1,22 @@
{
upkgs,
inputs,
...
}:
let
declaration = "services/web-apps/trilium.nix";
nixpkgs = inputs.open-webui-nixpkgs;
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in
{
disabledModules = [ declaration ];
imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
config = {
services.trilium-server = {
enable = true;
package = upkgs.trilium-server;
package = pkgs.trilium-server;
port = 9111;
host = "127.0.0.1";
dataDir = "/var/lib/trilium";