From dda9c7dad7680ee84be0ea4bcbe06aa0c856ad85 Mon Sep 17 00:00:00 2001 From: Nick Date: Thu, 4 Dec 2025 04:38:53 -0600 Subject: [PATCH] feat: got ollama microvm working --- .gitattributes | 0 modules/config/instances/config/ollama.nix | 38 ++-- modules/home/cli/utilities/nvTop/default.nix | 0 .../audioMetadata/picard/default.nix | 0 .../home/gui/apps/tools/mullvad/default.nix | 13 -- modules/nixos/default.nix | 1 + .../guests/defenseioGpu/config/default.nix | 0 modules/nixos/guests/defenseioGpu/default.nix | 0 modules/nixos/guests/mastodon/default.nix | 3 - modules/nixos/guests/ollama/default.nix | 162 ++++++++++++++++++ .../opencloud/ceresOpenCloud/default.nix | 4 - modules/nixos/guests/torrent/default.nix | 1 - modules/nixos/services/ivpn/default.nix | 3 - modules/nixos/services/mullvad/default.nix | 6 - packages/website/.envrc | 0 packages/zookeeper/.envrc | 0 packages/zookeeper/.gitignore | 0 17 files changed, 189 insertions(+), 42 deletions(-) mode change 100644 => 100755 .gitattributes mode change 100644 => 100755 modules/home/cli/utilities/nvTop/default.nix mode change 100644 => 100755 modules/home/gui/apps/media/audio/audioEditing/audioMetadata/picard/default.nix delete mode 100755 modules/home/gui/apps/tools/mullvad/default.nix mode change 100644 => 100755 modules/nixos/guests/defenseioGpu/config/default.nix mode change 100644 => 100755 modules/nixos/guests/defenseioGpu/default.nix create mode 100755 modules/nixos/guests/ollama/default.nix delete mode 100755 modules/nixos/services/ivpn/default.nix delete mode 100755 modules/nixos/services/mullvad/default.nix mode change 100644 => 100755 packages/website/.envrc mode change 100644 => 100755 packages/zookeeper/.envrc mode change 100644 => 100755 packages/zookeeper/.gitignore diff --git a/.gitattributes b/.gitattributes old mode 100644 new mode 100755 diff --git a/modules/config/instances/config/ollama.nix b/modules/config/instances/config/ollama.nix index 4e463f0..8498166 100755 --- a/modules/config/instances/config/ollama.nix +++ b/modules/config/instances/config/ollama.nix @@ -2,22 +2,21 @@ let inherit (moduleFunctions.instancesFunctions) domain0 - servicePath sslPath - sopsPath + varPath + mntPath + secretPath ; - label = "Ollama"; name = "ollama"; domain = "${name}.${domain0}"; + secrets = "${secretPath}/${name}"; + ssl = "${sslPath}/${domain}"; in { label = label; name = name; short = label; - sops = { - path0 = "${sopsPath}/${name}"; - }; domains = { url0 = domain; }; @@ -27,16 +26,31 @@ in "chat" "ai" ]; - paths = { - path0 = "${servicePath}/${label}"; - path1 = "/mnt/media/storage/${name}"; - }; ports = { port0 = 8088; # Open-WebUI (Ollama Front End) port1 = 11434; # Ollama API }; + interface = { + id = "vm-${name}"; + mac = "02:00:00:00:56:08"; + idUser = "vmuser-${name}"; + macUser = "02:00:00:00:00:08"; + ip = "192.168.50.118"; + gate = "192.168.50.1"; + ssh = 2208; + }; ssl = { - cert = "${sslPath}/${name}.${domain0}/fullchain.pem"; - key = "${sslPath}/${name}.${domain0}/key.pem"; + path = ssl; + cert = "${ssl}/fullchain.pem"; + key = "${ssl}/key.pem"; + }; + varPaths = { + path0 = "${varPath}/${name}"; + }; + mntPaths = { + path0 = "${mntPath}/${name}"; + }; + secretPaths = { + path0 = secrets; }; } diff --git a/modules/home/cli/utilities/nvTop/default.nix b/modules/home/cli/utilities/nvTop/default.nix old mode 100644 new mode 100755 diff --git a/modules/home/gui/apps/media/audio/audioEditing/audioMetadata/picard/default.nix b/modules/home/gui/apps/media/audio/audioEditing/audioMetadata/picard/default.nix old mode 100644 new mode 100755 diff --git a/modules/home/gui/apps/tools/mullvad/default.nix b/modules/home/gui/apps/tools/mullvad/default.nix deleted file mode 100755 index 27636ef..0000000 --- a/modules/home/gui/apps/tools/mullvad/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - pkgs, - ... -}: -{ - home.packages = builtins.attrValues { - inherit (pkgs) - # mullvad - mullvad-closest - mullvad-vpn - ; - }; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 5c845e9..71ea442 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -56,6 +56,7 @@ in mastodon microvm minecraft + ollama projectSite restic sambaCeres diff --git a/modules/nixos/guests/defenseioGpu/config/default.nix b/modules/nixos/guests/defenseioGpu/config/default.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/guests/defenseioGpu/default.nix b/modules/nixos/guests/defenseioGpu/default.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix index 24f0428..5d1b81c 100755 --- a/modules/nixos/guests/mastodon/default.nix +++ b/modules/nixos/guests/mastodon/default.nix @@ -440,9 +440,6 @@ in inherit fedifetcherPython ; - inherit (pkgs) - bottom - ; }; microvm = { diff --git a/modules/nixos/guests/ollama/default.nix b/modules/nixos/guests/ollama/default.nix new file mode 100755 index 0000000..967cc87 --- /dev/null +++ b/modules/nixos/guests/ollama/default.nix @@ -0,0 +1,162 @@ +{ + config, + flake, + pkgs, + ... +}: +let + inherit (flake.config.people) user0; + inherit (flake.config.services) instances; + serviceCfg = instances.ollama; + hostCfg = instances.web; + dns0 = instances.web.dns.provider0; + host = serviceCfg.domains.url0; + localhost = instances.web.localhost.address1; + dns0Path = "dns/${dns0}"; +in +{ + microvm.vms = { + ${serviceCfg.name} = { + autostart = true; + restartIfChanged = true; + config = { + system.stateVersion = "24.05"; + time.timeZone = "America/Winnipeg"; + users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; + services = { + ollama = { + enable = true; + group = serviceCfg.name; + host = "http://${localhost}"; + user = serviceCfg.name; + port = serviceCfg.ports.port1; + acceleration = "cuda"; + models = serviceCfg.varPaths.path0; + }; + open-webui = { + enable = true; + host = localhost; + port = serviceCfg.ports.port0; + environment = { + ENABLE_OLLAMA_API = "True"; + ANONYMIZED_TELEMETRY = "False"; + DO_NOT_TRACK = "True"; + SCARF_NO_ANALYTICS = "True"; + OLLAMA_BASE_URL = "http://${localhost}:${toString serviceCfg.ports.port1}"; + WEBUI_AUTH = "True"; + }; + }; + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ + 22 # SSH + serviceCfg.ports.port0 + ]; + systemd = { + network = { + enable = true; + networks."20-lan" = { + matchConfig.Name = "enp0s5"; + addresses = [ + { Address = "${serviceCfg.interface.ip}/24"; } + ]; + routes = [ + { + Destination = "${hostCfg.localhost.address1}/0"; + Gateway = serviceCfg.interface.gate; + } + ]; + dns = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; + }; + tmpfiles.rules = [ + "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -" + ]; + }; + systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ]; + microvm = { + vcpu = 1; + mem = 1024 * 3; + hypervisor = "qemu"; + interfaces = [ + { + type = "tap"; + id = serviceCfg.interface.id; + mac = serviceCfg.interface.mac; + } + { + type = "user"; + id = serviceCfg.interface.idUser; + mac = serviceCfg.interface.macUser; + } + ]; + forwardPorts = [ + { + from = "host"; + host.port = serviceCfg.interface.ssh; + guest.port = 22; + } + ]; + shares = [ + { + mountPoint = "/nix/.ro-store"; + proto = "virtiofs"; + source = "/nix/store"; + tag = "read_only_nix_store"; + } + { + mountPoint = "/var/lib/private/${serviceCfg.name}"; + proto = "virtiofs"; + source = "${serviceCfg.mntPaths.path0}/data"; + tag = "${serviceCfg.name}_data"; + } + { + mountPoint = "/var/lib/private/open-webui"; + proto = "virtiofs"; + source = "${serviceCfg.mntPaths.path0}/config"; + tag = "${serviceCfg.name}_config"; + } + ]; + }; + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + yazi + bottom + ffmpeg + ; + }; + }; + }; + }; + security.acme.certs."${host}" = { + dnsProvider = dns0; + environmentFile = config.sops.secrets.${dns0Path}.path; + group = "caddy"; + }; + services.caddy.virtualHosts = { + "${host}" = { + extraConfig = '' + reverse_proxy ${serviceCfg.interface.ip}:${toString serviceCfg.ports.port0} { + header_up X-Real-IP {remote_host} + } + tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} + encode zstd gzip + ''; + }; + }; + users.users.caddy.extraGroups = [ "acme" ]; + systemd.tmpfiles.rules = [ + "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" + "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -" + "d ${serviceCfg.mntPaths.path0}/config 0751 microvm wheel - -" + ]; +} diff --git a/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix b/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix index 86900b7..2ffd160 100755 --- a/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix +++ b/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix @@ -158,10 +158,6 @@ in }; environment.systemPackages = builtins.attrValues { inherit (pkgs) - yazi - bottom - trashy - fastfetch opencloud ; }; diff --git a/modules/nixos/guests/torrent/default.nix b/modules/nixos/guests/torrent/default.nix index caa32d8..b89cea1 100755 --- a/modules/nixos/guests/torrent/default.nix +++ b/modules/nixos/guests/torrent/default.nix @@ -364,7 +364,6 @@ in }; environment.systemPackages = builtins.attrValues { inherit (pkgs) - bottom conntrack-tools gawk iptables diff --git a/modules/nixos/services/ivpn/default.nix b/modules/nixos/services/ivpn/default.nix deleted file mode 100755 index c1c245c..0000000 --- a/modules/nixos/services/ivpn/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - services.ivpn.enable = true; -} diff --git a/modules/nixos/services/mullvad/default.nix b/modules/nixos/services/mullvad/default.nix deleted file mode 100755 index 28c51b7..0000000 --- a/modules/nixos/services/mullvad/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.mullvad-vpn = { - enable = true; - enableExcludeWrapper = false; - }; -} diff --git a/packages/website/.envrc b/packages/website/.envrc old mode 100644 new mode 100755 diff --git a/packages/zookeeper/.envrc b/packages/zookeeper/.envrc old mode 100644 new mode 100755 diff --git a/packages/zookeeper/.gitignore b/packages/zookeeper/.gitignore old mode 100644 new mode 100755