From 620aebfd11526f78298620c4d37997079e75d858 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Mon, 7 Oct 2024 14:47:09 -0500
Subject: [PATCH] feat: nginx test

---
 nixos/modules/services/ollama.nix | 35 +++++++++++++++++--------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/nixos/modules/services/ollama.nix b/nixos/modules/services/ollama.nix
index 623a154..54f0f0f 100755
--- a/nixos/modules/services/ollama.nix
+++ b/nixos/modules/services/ollama.nix
@@ -2,30 +2,30 @@
   inherit (flake.config.people) user0;
   inherit (flake.config.people.user.${user0}) domain;
   inherit (flake.config.system.device) server wildcard;
-  inherit (flake.config.service.instance.ollama) paths ports subdomain name ssl;
+  inherit (flake.config.service.instance) ollama acme;
   localhost = wildcard.ip.address0;
-  host = "${subdomain}.${domain.url0}";
+  host = "${ollama.subdomain}.${domain.url0}";
 in {
   services = {
     ollama = {
       acceleration = false;
       enable = true;
-      group = name;
+      group = ollama.name;
       host = "http://${localhost}";
-      port = ports.port1;
-      user = name;
+      port = ollama.ports.port1;
+      user = ollama.name;
     };
 
     open-webui = {
       enable = true;
       host = localhost;
-      port = ports.port0;
+      port = ollama.ports.port0;
       environment = {
         ENABLE_OLLAMA_API = "True";
         ANONYMIZED_TELEMETRY = "False";
         DO_NOT_TRACK = "True";
         SCARF_NO_ANALYTICS = "True";
-        OLLAMA_BASE_URL = "http://${localhost}:${toString ports.port1}";
+        OLLAMA_BASE_URL = "http://${localhost}:${toString ollama.ports.port1}";
         WEBUI_AUTH = "True";
       };
     };
@@ -36,7 +36,7 @@ in {
     #       extraConfig = ''
     #         reverse_proxy ${localhost}:${toString ports.port0}
 
-    #         tls ${ssl.cert} ${ssl.key}
+    #         tls ${ollama.ssl.cert} ${ollama.ssl.key}
     #       '';
     #     };
     #   };
@@ -46,8 +46,8 @@ in {
       enable = true;
       virtualHosts.${host} = {
         onlySSL = true;
-        sslCertificate = ssl.cert;
-        sslCertificateKey = ssl.key;
+        sslCertificate = ollama.ssl.cert;
+        sslCertificateKey = ollama.ssl.key;
         listen = [
           {
             addr = localhost;
@@ -56,7 +56,7 @@ in {
           }
         ];
         locations."/" = {
-          proxyPass = "http://${localhost}:${toString ports.port0}";
+          proxyPass = "http://${localhost}:${toString ollama.ports.port0}";
           extraConfig = ''
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -68,20 +68,23 @@ in {
     };
   };
 
-  fileSystems."/var/lib/${name}" = {
-    device = paths.path0;
+  fileSystems."/var/lib/${ollama.name}" = {
+    device = ollama.paths.path0;
     fsType = "none";
     options = ["bind"];
     depends = [server.storage0.mount];
   };
 
-  systemd.tmpfiles.rules = ["Z ${paths.path0} 0755 ${name} ${name} -"];
+  systemd.tmpfiles.rules = [
+    "Z ${ollama.paths.path0} 0755 ${ollama.name} ${ollama.name} -"
+    "Z ${acme.paths.path0}/${host} 0755 ${ollama.name} ${ollama.name} -"
+  ];
 
   networking = {
     firewall = {
       allowedTCPPorts = [
-        ports.port0
-        ports.port1
+        ollama.ports.port0
+        ollama.ports.port1
       ];
     };
   };