The initial version of `rocmOverrideGfx` incorrectly used `lib.mkIf`
in an attempt to prevent interference with previous uses of
`environmentVariables.HSA_OVERRIDE_GFX_VERSION`.
However, the effect was actually to simply erase existing definitions of
`HSA_OVERRIDE_GFX_VERSION` until `rocmOverrideGfx` was set,
which was the situation I was trying to avoid in the first place.
This fixes the bug by switching from `lib.mkIf` to `lib.optionalAttrs`.
The ollama module in its default configuration relies on systemd's
`DynamicUser=` feature for user allocation. In #305076 that allocation
was made conditional and tied to the `sandboxing` option, that was
intended to fix access to model directories outside the allocated state
directory.
However, by disabling sandboxing ollama would inadvertently run as root,
given that `User=` and `Group=` are not required to be set.
The correct way to grant access to other paths is to allocate static
user and group, and grant permissions to the destination path to that
allocation.
We therefore replace the sandboxing option user and group options, that
default to `null`, which means they default to `DynamicUser=`, but can
be replaced with a statically allocated user/group, and thereby a stable
uid/gid.
Fixes: 552eb759 ("nixos/ollama: add options to bypass sandboxing")
There are several GPUs that ROCm doesn't officially support but
will work correctly if ROCm is directed to treat the GPU as a different
one that is supported and has a similar architecture.
This can be done by setting `HSA_OVERRIDE_GFX_VERSION`.
Ollama has documentation on this topic: https://github.com/ollama/ollama/blob/main/docs/gpu.md#amd-radeon
Instead of setting linuxPackages to a singleton set with nvidia_x11,
override the system's kernelPackages with the nvidia driver.
This is more semantically correct, though doesn't change any behavior.
