Compare commits
1 Commits
bcf5cadaa0
...
docs/merge
| Author | SHA1 | Date | |
|---|---|---|---|
| 25404466bb |
@@ -13,7 +13,9 @@ None
|
||||
- ✅ **Phase 1: Foundation Setup** - Establish core NixOS configuration with flakes
|
||||
- ✅ **Phase 2: Docker Service Integration** - Integrate Docker Compose services
|
||||
- ✅ **Phase 3: AI Assistant Integration** - Enable AI-assisted infrastructure management
|
||||
- [ ] **Phase 4: Internet Access & MCP** - MCP server for web access
|
||||
- ✅ **Phase 4: Internet Access & MCP** - MCP server for web access
|
||||
- 🚨 **Security Hardening** - CRITICAL: Firewall, fail2ban, SSH hardening (PR #28)
|
||||
- [ ] **Phase 5: TAK Server** - Research, implementation, and validation
|
||||
|
||||
|
||||
## Phase Details
|
||||
@@ -133,8 +135,25 @@ Plans:
|
||||
|
||||
## Progress
|
||||
|
||||
**Merge Priority Order** (CRITICAL - merge in this order):
|
||||
|
||||
| Priority | PR | Description | Status | Notes |
|
||||
|----------|-----|-------------|--------|-------|
|
||||
| 🚨 1 | #28 | **Security hardening** (firewall, fail2ban, SSH) | Open | **MERGE FIRST** - protects all other services |
|
||||
| 2 | #22 | Matrix bridge dependency fix | Open | Blocks Hermes functionality |
|
||||
| 3 | #21 | Backup network creation fix | Open | Infrastructure fix |
|
||||
| 4 | #25 | Hermes voice GPU support | Open | Feature enhancement |
|
||||
| 5 | #24 | uConsole CM5 host | Open | New hardware support |
|
||||
| 6 | #23 | NixOS deployment infrastructure | Open | Deployment tooling |
|
||||
| 7 | #1 | AI worker restricted access | Open | Legacy PR (superseded by hardening) |
|
||||
|
||||
**Execution Order:**
|
||||
Phases execute in numeric order: 1 → 2 → 3 → 4 → 5 → 6 → 7
|
||||
Phases execute in numeric order: 1 → 2 → 3 → 4 → Security → 5 → 6 → 7
|
||||
|
||||
**Merge vs Phase Execution:**
|
||||
- PRs can merge independently (no strict phase ordering for merges)
|
||||
- **EXCEPTION:** Security hardening (#28) must merge before any new services are exposed
|
||||
- After security merge, deploy with: `nh os switch --flake .#lazyworkhorse`
|
||||
|
||||
| Phase | Milestone | Plans Complete | Status | Completed |
|
||||
|-------|-----------|----------------|--------|-----------|
|
||||
|
||||
@@ -14,25 +14,8 @@
|
||||
local base_model=$2
|
||||
if ! ${pkgs.docker}/bin/docker exec ollama ollama list | grep -q "$model_name"; then
|
||||
echo "$model_name not found, creating from $base_model..."
|
||||
|
||||
# We use a custom TEMPLATE block to strip the 'currentDate' function
|
||||
# which is unsupported in Ollama 0.5.7 but present in Devstral's default manifest.
|
||||
${pkgs.docker}/bin/docker exec ollama sh -c "cat <<EOF > /root/.ollama/$model_name.modelfile
|
||||
FROM $base_model
|
||||
TEMPLATE \"\"\"{{- if .System }}
|
||||
[SYSTEM_PROMPT]
|
||||
{{ .System }}
|
||||
[/SYSTEM_PROMPT]
|
||||
{{- end }}
|
||||
{{- range .Messages }}
|
||||
{{- if eq .Role \"user\" }}
|
||||
[INST]
|
||||
{{ .Content }}
|
||||
[/INST]
|
||||
{{- else if eq .Role \"assistant\" }}
|
||||
{{ .Content }}
|
||||
{{- end }}
|
||||
{{- end }}\"\"\"
|
||||
PARAMETER num_ctx 131072
|
||||
PARAMETER num_predict 4096
|
||||
PARAMETER num_keep 1024
|
||||
@@ -43,7 +26,6 @@ PARAMETER stop \"[/INST]\"
|
||||
PARAMETER stop \"</s>\"
|
||||
EOF"
|
||||
${pkgs.docker}/bin/docker exec ollama ollama create "$model_name" -f "/root/.ollama/$model_name.modelfile"
|
||||
${pkgs.docker}/bin/docker exec ollama rm "/root/.ollama/$model_name.modelfile"
|
||||
else
|
||||
echo "$model_name already exists, skipping."
|
||||
fi
|
||||
@@ -54,10 +36,6 @@ EOF"
|
||||
|
||||
# Create Devstral
|
||||
create_model_if_missing "devstral-small-2:24b-128k" "devstral-small-2:24b"
|
||||
|
||||
# create_model_if_missing "qwen2.5-coder:32b-128k" "qwen2.5-coder:32b"
|
||||
|
||||
# create_model_if_missing "mistral-large-planner:123b" "mistral-large:123b-instruct-v2407-q4_K_S"
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
||||
Reference in New Issue
Block a user