servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Ollama

Browse Source
This commit is contained in:
uttarayan21
2025-07-29 23:11:04 +05:30
parent 3324ae280d
commit c655cb26f1
7 changed files with 109 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
nixos/mirai/services/authelia.nix
View File

@@ -20,13 +20,9 @@
authentication_backend = { authentication_backend = {
password_reset.disable = false; password_reset.disable = false;
password_change.disable = false; password_change.disable = false;
# file = {
# path = "/run/secrets/users";
# };
ldap = { ldap = {
address = "ldap://localhost:389"; address = "ldap://localhost:389";
timeout = "5s"; timeout = "5s";
# start_tls = false;
base_dn = "dc=darksailor,dc=dev"; base_dn = "dc=darksailor,dc=dev";
user = "cn=authelia,ou=people,dc=darksailor,dc=dev"; user = "cn=authelia,ou=people,dc=darksailor,dc=dev";
users_filter = "(&({username_attribute}={input})(objectClass=person))"; users_filter = "(&({username_attribute}={input})(objectClass=person))";
@@ -46,6 +42,32 @@
}; };
access_control = { access_control = {
default_policy = "one_factor"; default_policy = "one_factor";
rules = let
bypass_api = domain: [
{
domain = domain;
policy = "one_factor";
}
{
domain = domain;
policy = "bypass";
resources = [
"^/api([/?].*)?$"
];
}
];
in
(bypass_api "sonarr.tsuba.darksailor.dev")
++ (bypass_api "radarr.tsuba.darksailor.dev")
++ (bypass_api "lidarr.tsuba.darksailor.dev")
++ (bypass_api "bazarr.tsuba.darksailor.dev")
++ (bypass_api "prowlarr.tsuba.darksailor.dev")
++ [
{
domain = "llama.ryu.darksailor.dev";
policy = "one_factor";
}
];
}; };
storage = { storage = {
local = { local = {

2
nixos/ryu/ryu.nix
View File

@@ -24,10 +24,10 @@
]; ];
}; };
nvidia = { nvidia = {
open = false;
modesetting.enable = true; modesetting.enable = true;
powerManagement.enable = true; powerManagement.enable = true;
powerManagement.finegrained = false; powerManagement.finegrained = false;
open = false;
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
}; };

38
nixos/ryu/services/caddy.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
pkgs,
...
}: {
sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user;
templates = {
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
'';
};
};
services = {
caddy = {
enable = true;
extraConfig = ''
(hetzner) {
tls {
propagation_timeout -1
propagation_delay 120s
dns hetzner {env.HETZNER_API_KEY}
resolvers 1.1.1.1
}
}
'';
package = pkgs.caddy.withPlugins {
plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
};
};
};
systemd.services.caddy = {
serviceConfig = {
EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
};
};
}

5
nixos/ryu/services/default.nix
View File

@@ -1,10 +1,10 @@
{...}: { {...}: {
imports = [ imports = [
# ./ollama.nix
# ./rsyncd.nix # ./rsyncd.nix
# ./sunshine.nix # ./sunshine.nix
# ./zerotier.nix # ./zerotier.nix
# ./dnscrypt.nix # ./dnscrypt.nix
./ollama.nix
./tailscale.nix ./tailscale.nix
./samba.nix ./samba.nix
./mullvad.nix ./mullvad.nix
@@ -14,7 +14,4 @@
./minecraft.nix ./minecraft.nix
./fwupd.nix ./fwupd.nix
]; ];
services = {
# hardware.openrgb.enable = true;
};
} }

42
nixos/ryu/services/ollama.nix
View File

@@ -1,19 +1,55 @@
{pkgs, ...}: { {
pkgs,
lib,
config,
...
}: {
services = { services = {
ollama = { ollama = {
enable = false; enable = true;
host = "127.0.0.1"; host = "127.0.0.1";
loadModels = ["deepseek-r1:7b" "deepseek-r1:14b"]; loadModels = ["deepseek-r1:7b" "deepseek-r1:14b"];
port = 11434; port = 11434;
acceleration = "cuda"; acceleration = "cuda";
environmentVariables = {
OLLAMA_LLM_LIBRARY = "cuda";
LD_LIBRARY_PATH = "run/opengl-driver/lib";
};
}; };
open-webui = { open-webui = {
enable = false; enable = true;
environment = { environment = {
OLLAMA_BASE_URL = "http://127.0.0.1:11434"; OLLAMA_BASE_URL = "http://127.0.0.1:11434";
WEBUI_AUTH = "False"; WEBUI_AUTH = "False";
ENABLE_LOGIN_FORM = "False"; ENABLE_LOGIN_FORM = "False";
}; };
}; };
caddy = {
virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
import hetzner
forward_auth mirai:5555 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
'';
virtualHosts."ollama.ryu.darksailor.dev".extraConfig = ''
import hetzner
@apikey {
header Authorization "Bearer {env.LLAMA_API_KEY}"
}
handle @apikey {
header {
# Set response headers or proxy to a different service if API key is valid
Access-Control-Allow-Origin *
-Authorization "Bearer {env.LLAMA_API_KEY}" # Remove the header after validation
}
reverse_proxy localhost:${builtins.toString config.services.ollama.port}
}
respond "Unauthorized" 403
'';
};
}; };
} }

1
nixos/tsuba/services/default.nix
View File

@@ -8,6 +8,7 @@
./deluge.nix ./deluge.nix
./homeassistant.nix ./homeassistant.nix
./flaresolverr.nix ./flaresolverr.nix
./caddy.nix
# ./dnscrypt.nix # ./dnscrypt.nix
# ./resolved.nix # ./resolved.nix
# ./blocky.nix # ./blocky.nix

3
nixos/tsuba/services/jellyfin.nix
View File

@@ -8,6 +8,9 @@
enable = true; enable = true;
package = unstablePkgs.jellyseerr; package = unstablePkgs.jellyseerr;
}; };
jellyfin = {
enable = true;
};
caddy = { caddy = {
virtualHosts."jellyseerr.tsuba.darksailor.dev".extraConfig = '' virtualHosts."jellyseerr.tsuba.darksailor.dev".extraConfig = ''
import hetzner import hetzner