From 36b3b2cff4ef3662bbe95438d9120d6e47597015 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Mon, 7 Oct 2024 14:49:28 -0500
Subject: [PATCH] feat: fuck nginx

---
 nixos/modules/services/acme.nix   |  2 -
 nixos/modules/services/ollama.nix | 64 +++++++++----------------------
 2 files changed, 18 insertions(+), 48 deletions(-)

diff --git a/nixos/modules/services/acme.nix b/nixos/modules/services/acme.nix
index 7f9a437..ade27b3 100755
--- a/nixos/modules/services/acme.nix
+++ b/nixos/modules/services/acme.nix
@@ -83,6 +83,4 @@ in {
       sopsSecrets
     );
   };
-  users.users.nginx.extraGroups = ["acme"];
-  users.groups.acme.members = ["nginx"];
 }
diff --git a/nixos/modules/services/ollama.nix b/nixos/modules/services/ollama.nix
index 54f0f0f..52e3d7a 100755
--- a/nixos/modules/services/ollama.nix
+++ b/nixos/modules/services/ollama.nix
@@ -2,89 +2,61 @@
   inherit (flake.config.people) user0;
   inherit (flake.config.people.user.${user0}) domain;
   inherit (flake.config.system.device) server wildcard;
-  inherit (flake.config.service.instance) ollama acme;
+  inherit (flake.config.service.instance.ollama) paths ports subdomain name ssl;
   localhost = wildcard.ip.address0;
-  host = "${ollama.subdomain}.${domain.url0}";
+  host = "${subdomain}.${domain.url0}";
 in {
   services = {
     ollama = {
       acceleration = false;
       enable = true;
-      group = ollama.name;
+      group = name;
       host = "http://${localhost}";
-      port = ollama.ports.port1;
-      user = ollama.name;
+      port = ports.port1;
+      user = name;
     };
 
     open-webui = {
       enable = true;
       host = localhost;
-      port = ollama.ports.port0;
+      port = ports.port0;
       environment = {
         ENABLE_OLLAMA_API = "True";
         ANONYMIZED_TELEMETRY = "False";
         DO_NOT_TRACK = "True";
         SCARF_NO_ANALYTICS = "True";
-        OLLAMA_BASE_URL = "http://${localhost}:${toString ollama.ports.port1}";
+        OLLAMA_BASE_URL = "http://${localhost}:${toString ports.port1}";
         WEBUI_AUTH = "True";
       };
     };
 
-    # caddy = {
-    #   virtualHosts = {
-    #     ${host} = {
-    #       extraConfig = ''
-    #         reverse_proxy ${localhost}:${toString ports.port0}
-
-    #         tls ${ollama.ssl.cert} ${ollama.ssl.key}
-    #       '';
-    #     };
-    #   };
-    # };
-
-    nginx = {
-      enable = true;
-      virtualHosts.${host} = {
-        onlySSL = true;
-        sslCertificate = ollama.ssl.cert;
-        sslCertificateKey = ollama.ssl.key;
-        listen = [
-          {
-            addr = localhost;
-            port = 4443;
-            ssl = true;
-          }
-        ];
-        locations."/" = {
-          proxyPass = "http://${localhost}:${toString ollama.ports.port0}";
+    caddy = {
+      virtualHosts = {
+        ${host} = {
           extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
+            reverse_proxy ${localhost}:${toString ports.port0}
+
+            tls ${ssl.cert} ${ssl.key}
           '';
         };
       };
     };
   };
 
-  fileSystems."/var/lib/${ollama.name}" = {
-    device = ollama.paths.path0;
+  fileSystems."/var/lib/${name}" = {
+    device = paths.path0;
     fsType = "none";
     options = ["bind"];
     depends = [server.storage0.mount];
   };
 
-  systemd.tmpfiles.rules = [
-    "Z ${ollama.paths.path0} 0755 ${ollama.name} ${ollama.name} -"
-    "Z ${acme.paths.path0}/${host} 0755 ${ollama.name} ${ollama.name} -"
-  ];
+  systemd.tmpfiles.rules = ["Z ${paths.path0} 0755 ${name} ${name} -"];
 
   networking = {
     firewall = {
       allowedTCPPorts = [
-        ollama.ports.port0
-        ollama.ports.port1
+        ports.port0
+        ports.port1
       ];
     };
   };