From a4de5f4d318c82fd20bd15ccf26f18cf27b1e3da Mon Sep 17 00:00:00 2001 From: Ryan Lahfa Date: Thu, 10 Oct 2024 17:35:40 +0200 Subject: [PATCH] feat(krz01): move ollama to compute01 via a reverse proxy krz01 has no public web IP. Signed-off-by: Ryan Lahfa --- machines/compute01/_configuration.nix | 1 + machines/compute01/ollama-proxy.nix | 27 +++++++++++++++++++++++++++ machines/krz01/_configuration.nix | 22 ++++------------------ meta/dns.nix | 14 ++++++-------- 4 files changed, 38 insertions(+), 26 deletions(-) create mode 100644 machines/compute01/ollama-proxy.nix diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 11546d8..1f26c83 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -21,6 +21,7 @@ lib.extra.mkConfig { "librenms" "mastodon" "nextcloud" + "ollama-proxy" "outline" "plausible" "postgresql" diff --git a/machines/compute01/ollama-proxy.nix b/machines/compute01/ollama-proxy.nix new file mode 100644 index 0000000..0d396a5 --- /dev/null +++ b/machines/compute01/ollama-proxy.nix @@ -0,0 +1,27 @@ +{ + pkgs, + nodes, + meta, + ... +}: +{ + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."ollama01.beta.dgnum.eu" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}"; + basicAuthFile = pkgs.writeText "ollama-htpasswd" '' + raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2 + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/machines/krz01/_configuration.nix b/machines/krz01/_configuration.nix index ce003b5..21a6f59 100644 --- a/machines/krz01/_configuration.nix +++ b/machines/krz01/_configuration.nix @@ -2,6 +2,8 @@ config, lib, pkgs, + meta, + name, ... }: @@ -59,22 +61,9 @@ lib.extra.mkConfig { ]; services = { - nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts."ollama01.beta.dgnum.eu" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://${config.services.ollama.host}:${toString config.services.ollama.port}"; - basicAuthFile = pkgs.writeText "ollama-htpasswd" '' - raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2 - ''; - }; - }; - }; ollama = { enable = true; + host = meta.network.${name}.netbirdIp; package = pkgs.callPackage ./ollama.nix { cudaPackages = pkgs.cudaPackages_11; # We need to thread our nvidia x11 driver for CUDA. @@ -83,10 +72,7 @@ lib.extra.mkConfig { }; }; - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; + networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ]; }; root = ./.; diff --git a/meta/dns.nix b/meta/dns.nix index 8f40258..cd0dada 100644 --- a/meta/dns.nix +++ b/meta/dns.nix @@ -68,6 +68,12 @@ let "support" # Zammad support "telegraf" # Telegraf + # Beta-grade machine learning API servers + "ollama01.beta" + "openui.beta" + "whisper.beta" + "stable-diffusion.beta" + # DGSI "dgsi" "profil" @@ -129,14 +135,6 @@ let "cas-eleves" "vote" ]; - - krz01.dual = [ - # Beta-grade machine learning API servers - "ollama01.beta" - "openui.beta" - "whisper.beta" - "stable-diffusion.beta" - ]; } ) );