feat(access): a llama

2026-02-09 12:29:19 -08:00 · 2024-09-12 15:25:05 -07:00 · 2024-09-12 15:25:05 -07:00 · 7bf1ce71de
commit 7bf1ce71de
parent e3b6048e32
14 changed files with 323 additions and 6 deletions
--- a/nixos/access/ollama.nix
+++ b/nixos/access/ollama.nix
@ -0,0 +1,81 @@
+{
+  config,
+  gensokyo-zone,
+  lib,
+  ...
+}: let
+  inherit (gensokyo-zone.lib) bindToAddress;
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) tailscale;
+  cfg = config.services.ollama;
+  requestTimeout = "${toString (60 * 60)}s";
+  upstreamName = "ollama'access";
+in {
+  services.nginx = {
+    upstreams'.${upstreamName}.servers = {
+      local = {
+        enable = mkDefault cfg.enable;
+        addr = mkDefault (bindToAddress {} cfg.host);
+        port = mkIf cfg.enable (mkDefault cfg.port);
+      };
+      service = {upstream, ...}: {
+        enable = mkIf upstream.servers.local.enable (mkDefault false);
+        accessService.name = "ollama";
+        #settings.fail_timeout = mkDefault requestTimeout;
+      };
+    };
+    virtualHosts = let
+      name.shortServer = "lm";
+      copyFromVhost = mkDefault "llama";
+      locations = {
+        "/ollama/" = {virtualHost, ...}: {
+          vouch.requireAuth = mkIf virtualHost.vouch.enable (mkDefault true);
+          proxy = {
+            enable = true;
+            upstream = upstreamName;
+            path = "/";
+          };
+          extraConfig = ''
+            proxy_buffering off;
+            proxy_read_timeout ${requestTimeout};
+          '';
+          headers.set.Access-Control-Allow-Origin = "https://${virtualHost.serverName}/llama/";
+        };
+        "/".return = mkDefault "404";
+      };
+      vouch = {
+        enable = true;
+        requireAuth = false;
+      };
+    in {
+      llama = {
+        inherit name locations vouch;
+        ssl.force = true;
+      };
+      llama'local = {
+        inherit locations vouch;
+        name = {
+          inherit (name) shortServer;
+          includeTailscale = false;
+        };
+        ssl = {
+          force = true;
+          cert = {
+            inherit copyFromVhost;
+          };
+        };
+        local.enable = mkDefault true;
+      };
+      llama'tail = {
+        inherit locations;
+        enable = mkDefault tailscale.enable;
+        name = {
+          inherit (name) shortServer;
+          qualifier = mkDefault "tail";
+        };
+        ssl.cert.copyFromVhost = "llama'local";
+        local.enable = mkDefault true;
+      };
+    };
+  };
+}