gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/access/ollama.nix
arcnmx 7bf1ce71de feat(access): a llama
2024-09-12 16:52:51 -07:00

81 lines
2.1 KiB
Nix
Raw Blame History

{
config,
gensokyo-zone,
lib,
...
}: let
inherit (gensokyo-zone.lib) bindToAddress;
inherit (lib.modules) mkIf mkDefault;
inherit (config.services) tailscale;
cfg = config.services.ollama;
requestTimeout = "${toString (60 * 60)}s";
upstreamName = "ollama'access";
in {
services.nginx = {
upstreams'.${upstreamName}.servers = {
local = {
enable = mkDefault cfg.enable;
addr = mkDefault (bindToAddress {} cfg.host);
port = mkIf cfg.enable (mkDefault cfg.port);
};
service = {upstream, ...}: {
enable = mkIf upstream.servers.local.enable (mkDefault false);
accessService.name = "ollama";
#settings.fail_timeout = mkDefault requestTimeout;
};
};
virtualHosts = let
name.shortServer = "lm";
copyFromVhost = mkDefault "llama";
locations = {
"/ollama/" = {virtualHost, ...}: {
vouch.requireAuth = mkIf virtualHost.vouch.enable (mkDefault true);
proxy = {
enable = true;
upstream = upstreamName;
path = "/";
};
extraConfig = ''
proxy_buffering off;
proxy_read_timeout ${requestTimeout};
'';
headers.set.Access-Control-Allow-Origin = "https://${virtualHost.serverName}/llama/";
};
"/".return = mkDefault "404";
};
vouch = {
enable = true;
requireAuth = false;
};
in {
llama = {
inherit name locations vouch;
ssl.force = true;
};
llama'local = {
inherit locations vouch;
name = {
inherit (name) shortServer;
includeTailscale = false;
};
ssl = {
force = true;
cert = {
inherit copyFromVhost;
};
};
local.enable = mkDefault true;
};
llama'tail = {
inherit locations;
enable = mkDefault tailscale.enable;
name = {
inherit (name) shortServer;
qualifier = mkDefault "tail";
};
ssl.cert.copyFromVhost = "llama'local";
local.enable = mkDefault true;
};
};
};
}
Reference in a new issue View git blame Copy permalink