Add framework desktop LLM instructions

active/device_framework_desktop/framework_desktop.md

@@ -0,0 +1,103 @@
+# Framework Desktop
+
+## BIOS
+
+<https://knowledgebase.frame.work/en_us/changing-memory-allocation-amd-ryzen-ai-max-300-series-By1LG5Yrll>
+
+1. Set GPU memory to 96GB
+2. Add the following kernel args to /etc/default/grub (set allocatable VRAM to
+   112GB): `ttm.pages_limit=28027343750 ttm.page_pool_size=28027343750`
+3. Update grub `grub2-mkconfig -o /boot/grub2/grub.cfg`
+4. Reboot
+
+## Docker
+
+```bash
+dnf config-manager addrepo \
+--from-repofile https://download.docker.com/linux/fedora/docker-ce.repo
+
+dnf install \
+docker-ce \
+docker-ce-cli \
+containerd.io \
+docker-buildx-plugin \
+docker-compose-plugin
+```
+
+## Llama.cpp
+
+```bash
+# Build the llama.cpp docker image
+git clone https://github.com/ggml-org/llama.cpp.git
+export BUILD_TAG=$(date +"%Y-%m-%d-%H-%M-%S")
+docker build -t llama-cpp-vulkan:${BUILD_TAG} -f .devops/vulkan.Dockerfile .
+
+# Run llama server
+docker run \
+-d \
+--restart always \
+--name=llama-server \
+--network=host \
+--device=/dev/kfd \
+--device=/dev/dri \
+-v llama-server-cache:/root/.cache \
+llama-cpp-vulkan:${BUILD_TAG} \
+-hf ggml-org/gpt-oss-120b-GGUF  --ctx-size 0 --jinja -ub 2048 -b 2048 \
+--port 8000 --host 0.0.0.0 -n -1 --n-gpu-layers 999
+
+# Firewall
+firewall-cmd --add-port=8000/tcp --permanent
+firewall-cmd --reload
+```
+
+## Ollama
+
+```bash
+# Run ollama
+# Will be available on port 11434
+docker run \
+-d \
+--restart always \
+--device /dev/kfd \
+--device /dev/dri \
+-v ollama:/root/.ollama \
+-e OLLAMA_VULKAN=1 \
+--name ollama \
+--network host \
+docker.io/ollama/ollama:0.13.5
+
+# Run an image
+docker exec -it ollama ollama run gpt-oss:20b
+
+# Firewall
+firewall-cmd --add-port=11434/tcp --permanent
+firewall-cmd --reload
+```
+
+## Anything LLM
+
+Per [the docs](https://docs.anythingllm.com/installation-docker/cloud-docker):
+
+> Note --cap-add SYS_ADMIN is a required command if you want to scrape webpages.
+> We use PuppeeteerJS to scrape websites links and --cap-add SYS_ADMIN lets us
+> use sandboxed Chromium across all runtimes for best security practices
+
+```bash
+# Server will be accessible on port 3001
+# Connect llama.cpp as a generic OpenAI LLM provider and use host
+# http://172.17.0.1:8000/v1
+# Chat model name doesn't matter.
+docker run \
+-d \
+--restart always \
+--network host \
+--name anythingllm \
+--cap-add SYS_ADMIN \
+-v anythingllm:/app/server/storage \
+-e STORAGE_DIR="/app/server/storage" \
+docker.io/mintplexlabs/anythingllm
+
+# Firewall
+firewall-cmd --add-port=3001/tcp --permanent
+firewall-cmd --reload
+```

active/software_osbuild/fedora43-base.toml

@@ -9,16 +9,11 @@ groups = []
 hostname = "f43-base"
 
 [[customizations.disk.partitions]]
-type = "btrfs"
+type = "plain"
-minsize = "32 GiB"
+label = "root"
-
-[[customizations.disk.partitions.subvolumes]]
-name = "root"
 mountpoint = "/"
-
+fs_type = "ext4"
-[[customizations.disk.partitions.subvolumes]]
+minsize = "128 GiB"
-name = "home"
-mountpoint = "/home"
 
 [customizations.timezone]
 timezone = "America/New_York"
@@ -70,8 +65,8 @@ data = """
 [[customizations.files]]
 path = "/home/ducoterra/.inputrc"
 mode = "0644"
-user = "root"
+user = "ducoterra"
-group = "root"
+group = "ducoterra"
 data = """
 "\\C-h": backward-kill-word
 """

active/software_osbuild/image_builder.md

@@ -33,18 +33,21 @@ sudo usermod -aG weldr $USER
 
 # Optional: cockpit dependency
 dnf install -y cockpit-composer
+
+# Optional: allow security profiles
+dnf install openscap-scanner scap-security-guide
 ```
 
 ## Building Images
 
 1. Create a toml file describing your image
 
-    See `fedora-42-base.toml` for an example.
+    See `fedora42-base.toml` for an example.
 
 2. Push the toml to composer
 
     ```bash
-    composer-cli blueprints push active/software_osbuild/fedora-42-base.toml
+    composer-cli blueprints push active/software_osbuild/fedora42-base.toml
     
     # List blueprints
     composer-cli blueprints list
@@ -57,13 +60,13 @@ dnf install -y cockpit-composer
     composer-cli compose types
 
     # Build the image
-    composer-cli compose start fedora-42-base qcow2
+    composer-cli compose start fedora42-base qcow2
 
     # Check status
     watch composer-cli compose status
 
     # Download logs if error
-    cd /tmp && composer-cli compose logs f91a12b6-01fd-4f94-91cc-9d5fb68b8129
+    cd /tmp && composer-cli compose logs 52963ac9-b680-4def-baaf-252845f0e3fe
 
     # Delete failed images
     composer-cli compose list failed -j | jq '.[].body.failed.[]?.id' | xargs -I '%' composer-cli compose delete '%'
@@ -79,16 +82,25 @@ dnf install -y cockpit-composer
     composer-cli compose list finished
 
     # Download the image
-    composer-cli compose image --filename /var/lib/libvirt/images/fedora-42-base.qcow2 image-uuid
+    composer-cli compose image --filename active/software_osbuild/secrets/fedora43-base.qcow2 image-uuid
 
     # Test with qemu
-    qemu-kvm --name test-fedora-42-base -m 4096 -hda ~/Downloads/fedora-42-base.qcow2
+    virt-install \
+    --name "fedora43-base" \
+    --boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
+    --cpu host-passthrough --vcpus sockets=1,cores=8,threads=2 \
+    --ram=8192 \
+    --os-variant=fedora41 \
+    --network bridge:virbr0 \
+    --graphics none \
+    --console pty,target.type=virtio \
+    --import --disk "path=active/software_osbuild/secrets/fedora43-base.qcow2,bus=virtio"
     ```
 
 ### Image Build and Watch One Liner
 
 ```bash
-composer-cli blueprints push active/software_osbuild/fedora-43-base.toml && \
+composer-cli blueprints push active/software_osbuild/fedora43-base.toml && \
-composer-cli compose start fedora-43-base qcow2 && \
+composer-cli compose start fedora43-base qcow2 && \
 watch composer-cli compose status
 ```