feat: fuck nginx

2025-06-16 18:15:13 -05:00 · 2024-10-07 14:49:28 -05:00 · 2024-10-07 14:49:28 -05:00 · 36b3b2cff4
commit 36b3b2cff4
parent 620aebfd11
2 changed files with 18 additions and 48 deletions
--- a/nixos/modules/services/acme.nix
+++ b/nixos/modules/services/acme.nix
@ -83,6 +83,4 @@ in {
      sopsSecrets
    );
  };
-  users.users.nginx.extraGroups = ["acme"];
-  users.groups.acme.members = ["nginx"];
 }
--- a/nixos/modules/services/ollama.nix
+++ b/nixos/modules/services/ollama.nix
@ -2,89 +2,61 @@
  inherit (flake.config.people) user0;
  inherit (flake.config.people.user.${user0}) domain;
  inherit (flake.config.system.device) server wildcard;
-  inherit (flake.config.service.instance) ollama acme;
+  inherit (flake.config.service.instance.ollama) paths ports subdomain name ssl;
  localhost = wildcard.ip.address0;
-  host = "${ollama.subdomain}.${domain.url0}";
+  host = "${subdomain}.${domain.url0}";
 in {
  services = {
    ollama = {
      acceleration = false;
      enable = true;
-      group = ollama.name;
+      group = name;
      host = "http://${localhost}";
-      port = ollama.ports.port1;
-      user = ollama.name;
+      port = ports.port1;
+      user = name;
    };

    open-webui = {
      enable = true;
      host = localhost;
-      port = ollama.ports.port0;
+      port = ports.port0;
      environment = {
        ENABLE_OLLAMA_API = "True";
        ANONYMIZED_TELEMETRY = "False";
        DO_NOT_TRACK = "True";
        SCARF_NO_ANALYTICS = "True";
-        OLLAMA_BASE_URL = "http://${localhost}:${toString ollama.ports.port1}";
+        OLLAMA_BASE_URL = "http://${localhost}:${toString ports.port1}";
        WEBUI_AUTH = "True";
      };
    };

-    # caddy = {
-    #   virtualHosts = {
-    #     ${host} = {
-    #       extraConfig = ''
-    #         reverse_proxy ${localhost}:${toString ports.port0}
-
-    #         tls ${ollama.ssl.cert} ${ollama.ssl.key}
-    #       '';
-    #     };
-    #   };
-    # };
-
-    nginx = {
-      enable = true;
-      virtualHosts.${host} = {
-        onlySSL = true;
-        sslCertificate = ollama.ssl.cert;
-        sslCertificateKey = ollama.ssl.key;
-        listen = [
-          {
-            addr = localhost;
-            port = 4443;
-            ssl = true;
-          }
-        ];
-        locations."/" = {
-          proxyPass = "http://${localhost}:${toString ollama.ports.port0}";
+    caddy = {
+      virtualHosts = {
+        ${host} = {
          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
+            reverse_proxy ${localhost}:${toString ports.port0}
+
+            tls ${ssl.cert} ${ssl.key}
          '';
        };
      };
    };
  };

-  fileSystems."/var/lib/${ollama.name}" = {
-    device = ollama.paths.path0;
+  fileSystems."/var/lib/${name}" = {
+    device = paths.path0;
    fsType = "none";
    options = ["bind"];
    depends = [server.storage0.mount];
  };

-  systemd.tmpfiles.rules = [
-    "Z ${ollama.paths.path0} 0755 ${ollama.name} ${ollama.name} -"
-    "Z ${acme.paths.path0}/${host} 0755 ${ollama.name} ${ollama.name} -"
-  ];
+  systemd.tmpfiles.rules = ["Z ${paths.path0} 0755 ${name} ${name} -"];

  networking = {
    firewall = {
      allowedTCPPorts = [
-        ollama.ports.port0
-        ollama.ports.port1
+        ports.port0
+        ports.port1
      ];
    };
  };