From d76e655174230b5101cf75da2da794511e6e7f31 Mon Sep 17 00:00:00 2001
From: Ryan Lahfa <ryan@dgnum.eu>
Date: Thu, 10 Oct 2024 16:38:17 +0200
Subject: [PATCH] feat(krz01): add a NGINX in front of ollama protected by
 password

This way, you can do direct requests to ollama from other places.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
---
 machines/krz01/_configuration.nix | 33 +++++++++++++++++++++++--------
 meta/dns.nix                      |  8 ++++++++
 2 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/machines/krz01/_configuration.nix b/machines/krz01/_configuration.nix
index b3138e2..8d34622 100644
--- a/machines/krz01/_configuration.nix
+++ b/machines/krz01/_configuration.nix
@@ -12,11 +12,11 @@ lib.extra.mkConfig {
 
   enabledServices = [
     # INFO: This list needs to stay sorted alphabetically
+    # Machine learning API machine
+    "microvm-ml01"
     "microvm-router01"
     "nvidia-tesla-k80"
     "proxmox"
-    # Machine learning API machine
-    "microvm-ml01"
   ];
 
   extraConfig = {
@@ -57,12 +57,29 @@ lib.extra.mkConfig {
         ];
       }))
     ];
-    services.ollama = {
-      enable = true;
-      package = pkgs.callPackage ./ollama.nix {
-        cudaPackages = pkgs.cudaPackages_11;
-        # We need to thread our nvidia x11 driver for CUDA.
-        extraLibraries = [ config.hardware.nvidia.package ];
+
+    services = {
+      nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts."ollama01.beta.dgnum.eu" = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://${config.services.ollama.host}:${toString config.services.ollama.port}";
+            basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
+              raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
+            '';
+          };
+        };
+      };
+      ollama = {
+        enable = true;
+        package = pkgs.callPackage ./ollama.nix {
+          cudaPackages = pkgs.cudaPackages_11;
+          # We need to thread our nvidia x11 driver for CUDA.
+          extraLibraries = [ config.hardware.nvidia.package ];
+        };
       };
     };
   };
diff --git a/meta/dns.nix b/meta/dns.nix
index 32601d6..59007dc 100644
--- a/meta/dns.nix
+++ b/meta/dns.nix
@@ -127,6 +127,14 @@ let
           "cas-eleves"
           "vote"
         ];
+
+        krz01.dual = [
+          # Beta-grade machine learning API servers
+          "ollama01.beta"
+          "openui.beta"
+          "whisper.beta"
+          "stable-diffusion.beta"
+        ];
       }
     )
   );