feat(krz01): move ollama to compute01 via a reverse proxy

krz01 has no public web IP. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-10-10 17:35:40 +02:00 · 2024-10-10 17:35:40 +02:00 · a4de5f4d31
commit a4de5f4d31
parent 363f8d3c67
4 changed files with 38 additions and 26 deletions
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -21,6 +21,7 @@ lib.extra.mkConfig {
    "librenms"
    "mastodon"
    "nextcloud"
    "ollama-proxy"
    "outline"
    "plausible"
    "postgresql"
--- a/machines/compute01/ollama-proxy.nix
+++ b/machines/compute01/ollama-proxy.nix
@ -0,0 +1,27 @@
 {
  pkgs,
  nodes,
  meta,
  ...
 }:
 {
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."ollama01.beta.dgnum.eu" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}";
        basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
          raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
        '';
      };
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
--- a/machines/krz01/_configuration.nix
+++ b/machines/krz01/_configuration.nix
@ -2,6 +2,8 @@
  config,
  lib,
  pkgs,
  meta,
  name,
  ...
 }:
@ -59,22 +61,9 @@ lib.extra.mkConfig {
    ];
    services = {
      nginx = {
        enable = true;
        recommendedProxySettings = true;
        virtualHosts."ollama01.beta.dgnum.eu" = {
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://${config.services.ollama.host}:${toString config.services.ollama.port}";
            basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
              raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
            '';
          };
        };
      };
      ollama = {
        enable = true;
        host = meta.network.${name}.netbirdIp;
        package = pkgs.callPackage ./ollama.nix {
          cudaPackages = pkgs.cudaPackages_11;
          # We need to thread our nvidia x11 driver for CUDA.
@ -83,10 +72,7 @@ lib.extra.mkConfig {
      };
    };
-    networking.firewall.allowedTCPPorts = [
+    networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ];
      80
      443
    ];
  };
  root = ./.;
--- a/meta/dns.nix
+++ b/meta/dns.nix
@ -68,6 +68,12 @@ let
          "support" # Zammad support
          "telegraf" # Telegraf
          # Beta-grade machine learning API servers
          "ollama01.beta"
          "openui.beta"
          "whisper.beta"
          "stable-diffusion.beta"
          # DGSI
          "dgsi"
          "profil"
@ -129,14 +135,6 @@ let
          "cas-eleves"
          "vote"
        ];
        krz01.dual = [
          # Beta-grade machine learning API servers
          "ollama01.beta"
          "openui.beta"
          "whisper.beta"
          "stable-diffusion.beta"
        ];
      }
    )
  );