flake.lock

@@ -329,13 +329,13 @@
         "type": "github"
       }
     },
-    "nixos-master": {
+    "nixos-unstable": {
       "locked": {
-        "lastModified": 1733828764,
-        "narHash": "sha256-M7UXv4hvFHzWv1N4MUaI4I87twq82khE9APjOj/RwAk=",
+        "lastModified": 1733656628,
+        "narHash": "sha256-dLQKmK5Sn3sWOKSg8EnDGdUUnv5M26YM1D8OIQuEvSo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0693a1e00163dc2ffeb28d7ba3054caa09df8d4c",
+        "rev": "e6eb5fff7256ffc39233dd5ffe2fea16d4e0b81f",
         "type": "github"
       },
       "original": {
@@ -345,22 +345,6 @@
         "type": "github"
       }
     },
-    "nixos-unstable": {
-      "locked": {
-        "lastModified": 1733686850,
-        "narHash": "sha256-NQEO/nZWWGTGlkBWtCs/1iF1yl2lmQ1oY/8YZrumn3I=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "dd51f52372a20a93c219e8216fe528a648ffcbf4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1703013332,
@@ -379,11 +363,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1733826616,
-        "narHash": "sha256-SZgf5RGx8VirkCQI0EPPIfFGPzXk9KdxB7xXSycWsYQ=",
+        "lastModified": 1733654877,
+        "narHash": "sha256-CNZ8bOvXSR/v5Q83sv3IO+ZcKZpDZuOnPJz64QDNtIM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e6aebefe680345c6bab3cf37d1aeca0c1a8320f7",
+        "rev": "1b6d067c32f00c0c4ee5083a3137e9feff7009ef",
         "type": "github"
       },
       "original": {
@@ -465,11 +449,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1733768882,
-        "narHash": "sha256-9xp5ZH6+CGC3ZyxnbWTRbDVWWZtnGZT85RJRtyI6XfU=",
+        "lastModified": 1730379167,
+        "narHash": "sha256-Nn6SuIg/cM0lh44wtK33jMDuHlR8P3sqyYesFi4mZ/k=",
         "owner": "icewind1991",
         "repo": "nvidia-patch-nixos",
-        "rev": "d8ae03727117a15eca58ec21628dda8db3811163",
+        "rev": "f9a0039c9974b09673f98f16fc2da31d3d1ff384",
         "type": "github"
       },
       "original": {
@@ -483,7 +467,6 @@
         "agenix-flake": "agenix-flake",
         "home-manager": "home-manager_2",
         "local-unstable": "local-unstable",
-        "nixos-master": "nixos-master",
         "nixos-unstable": "nixos-unstable",
         "nixpkgs": "nixpkgs_2",
         "nvidia-patch": "nvidia-patch",

flake.nix

@@ -1,8 +1,7 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/release-24.11";
-    nixos-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-    nixos-master.url = "github:NixOS/nixpkgs/master";
+    nixos-unstable.url = "github:NixOS/nixpkgs/master";
     local-unstable.url = "path:///home/giulio/dev/nixpkgs";
     teslamate-flake.url = "github:teslamate-org/teslamate/v1.32.0";
     agenix-flake.url = "github:ryantm/agenix";
@@ -16,17 +15,7 @@
     };
   };
 
-  outputs =
-    { self
-    , nixpkgs
-    , nixos-unstable
-    , nixos-master
-    , local-unstable
-    , home-manager
-    , teslamate-flake
-    , nvidia-patch
-    , agenix-flake
-    }:
+  outputs = { self, nixpkgs, nixos-unstable, local-unstable, home-manager, teslamate-flake, nvidia-patch, agenix-flake }:
     let
       sysLinuxX64 = "x86_64-linux";
       sysDarwin = "aarch64-darwin";
@@ -36,38 +25,43 @@
         let
           config = {
             inherit cudaSupport;
-
             allowUnfree = true;
           };
 
           extOverlays = [
             (nvidia-patch.overlays.default)
           ];
+        in
+        import nixpkgs rec {
+          inherit system config;
 
-          importNixpkgs = { flake }:
-            import flake {
-              inherit system config;
+          unstablePkgs = import nixos-unstable {
+            inherit system config;
 
-              overlays = extOverlays;
-            };
+            overlays = extOverlays;
+          };
 
-          unstablePkgs = importNixpkgs { flake = nixos-unstable; };
-          masterPkgs = importNixpkgs { flake = nixos-master; };
-          localPkgs = importNixpkgs { flake = local-unstable; };
-          teslamatePkgs = importNixpkgs { flake = teslamate-flake; };
-          agenixPkgs = importNixpkgs { flake = agenix-flake; };
+          localPkgs = import local-unstable {
+            inherit system config;
+            overlays = extOverlays;
+          };
 
-          additionalOverlays = [
+          teslamatePkgs = import teslamate-flake {
+            inherit system config;
+            overlays = extOverlays;
+          };
+
+          agenixPkgs = import agenix-flake {
+            inherit system config;
+            overlays = extOverlays;
+          };
+
+          overlays = [
             (final: prev: { inherit unstablePkgs; })
             (final: prev: { inherit localPkgs; })
             (final: prev: { inherit teslamatePkgs; })
             (final: prev: { inherit agenixPkgs; })
-            (final: prev: { inherit masterPkgs; })
-          ];
-        in
-        import nixpkgs {
-          inherit system config;
-          overlays = additionalOverlays ++ extOverlays;
+          ] ++ extOverlays;
         };
 
       wrapUtils = { pkgs }:

hosts/architect/default.nix

@@ -30,7 +30,7 @@ in
     ./redlib.nix
     # ./invidious.nix
     ./jellyfin.nix
-    # ./docker.nix
+    ./docker.nix
     ./tailscale.nix
     ./headscale.nix
     ./llm.nix

hosts/architect/firewall.nix

@@ -54,6 +54,7 @@ in
 
           chain POSTROUTING {
             type nat hook postrouting priority srcnat; policy accept;
+            oifname ${lan.interface} ip saddr ${docker.net} masquerade
             oifname ${lan.interface} ip saddr ${tailscale.net} masquerade
           }
         }
@@ -66,6 +67,7 @@ in
             ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
             iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}"
             iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}"
+            iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}"
             iifname ${tailscale.interface} ip saddr ${tailscale.net} accept
             iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept
             iifname "lo" accept comment "bind any ip to intf lo"
@@ -121,6 +123,7 @@ in
             ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
             ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
             ip saddr ${lan.net} accept comment "lan > local"
+            iifname ${docker.interface} accept
             ip saddr ${tailscale.net} accept comment "tailscale > local"
             ip saddr {${lib.concatStringsSep "," gdevices}} accept comment "vpn > local"
 
@@ -133,6 +136,7 @@ in
             type filter hook forward priority filter; policy drop;
             ct state established,related accept
 
+            oifname ${lan.interface} ip saddr ${docker.net} accept
             oifname ${lan.interface} ip saddr ${tailscale.net} accept
                     
             jump filter_drop

hosts/architect/teslamate.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 let
   domain = "tesla.giugl.io";
@@ -51,14 +51,6 @@ in
     secretsFile = config.age.secrets.teslamate.path;
     virtualHost = domain;
     postgres.enable_server = true;
-    grafana = {
-      enable = true;
-      port = grafanaPort;
-      listenAddress = "127.0.0.1";
-      urlPath = "/grafana";
-    };
-    mqtt = {
-      enable = true;
-    };
+    grafana = { enable = true; port = grafanaPort; listenAddress = "127.0.0.1"; urlPath = "/grafana"; };
   };
 }

roles/home/aichat/config.yaml

@@ -8,5 +8,5 @@ clients:
         max_output_tokens: 16000
 
       - name: pino-coder          
-        max_input_tokens: 16000
+        max_input_tokens: 8192
         max_output_tokens: 16000