feat(krz01): move ollama to compute01 via a reverse proxy

krz01 has no public web IP. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:35:40 +02:00 · 2024-10-10 17:35:40 +02:00 · a4de5f4d31
commit a4de5f4d31
parent 363f8d3c67
4 changed files with 38 additions and 26 deletions
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -21,6 +21,7 @@ lib.extra.mkConfig {
    "librenms"
    "mastodon"
    "nextcloud"
+    "ollama-proxy"
    "outline"
    "plausible"
    "postgresql"
--- a/machines/compute01/ollama-proxy.nix
+++ b/machines/compute01/ollama-proxy.nix
@ -0,0 +1,27 @@
+{
+  pkgs,
+  nodes,
+  meta,
+  ...
+}:
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."ollama01.beta.dgnum.eu" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}";
+        basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
+          raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
+        '';
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
--- a/machines/krz01/_configuration.nix
+++ b/machines/krz01/_configuration.nix
@ -2,6 +2,8 @@
  config,
  lib,
  pkgs,
+  meta,
+  name,
  ...
 }:

@ -59,22 +61,9 @@ lib.extra.mkConfig {
    ];

    services = {
-      nginx = {
-        enable = true;
-        recommendedProxySettings = true;
-        virtualHosts."ollama01.beta.dgnum.eu" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://${config.services.ollama.host}:${toString config.services.ollama.port}";
-            basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
-              raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
-            '';
-          };
-        };
-      };
      ollama = {
        enable = true;
+        host = meta.network.${name}.netbirdIp;
        package = pkgs.callPackage ./ollama.nix {
          cudaPackages = pkgs.cudaPackages_11;
          # We need to thread our nvidia x11 driver for CUDA.
@ -83,10 +72,7 @@ lib.extra.mkConfig {
      };
    };

-    networking.firewall.allowedTCPPorts = [
-      80
-      443
-    ];
+    networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ];
  };

  root = ./.;
--- a/meta/dns.nix
+++ b/meta/dns.nix
@ -68,6 +68,12 @@ let
          "support" # Zammad support
          "telegraf" # Telegraf

+          # Beta-grade machine learning API servers
+          "ollama01.beta"
+          "openui.beta"
+          "whisper.beta"
+          "stable-diffusion.beta"
+
          # DGSI
          "dgsi"
          "profil"
@ -129,14 +135,6 @@ let
          "cas-eleves"
          "vote"
        ];
-
-        krz01.dual = [
-          # Beta-grade machine learning API servers
-          "ollama01.beta"
-          "openui.beta"
-          "whisper.beta"
-          "stable-diffusion.beta"
-        ];
      }
    )
  );