cst1/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

Compare commits

merge into: cst1:npins-update
Branches Tags
cst1:main
cst1:add_cst1_ssh
cst1:init-dgnum-page
cst1:takumi-can-do-ollama
cst1:declarative-buckets
cst1:move-ollama
cst1:prepare-for-terranix
cst1:ollama-api
cst1:npins-update
cst1:internal-lib
cst1:ds-update
cst1:ds-fr
cst1:colmena-liminix
cst1:tvix-store
cst1:nixpkgs
cst1:liminix-v1
DGNum:main
DGNum:lix-patched
DGNum:npins-update
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix
...
pull from: cst1:main
Branches Tags
cst1:add_cst1_ssh
cst1:init-dgnum-page
cst1:takumi-can-do-ollama
cst1:declarative-buckets
cst1:main
cst1:move-ollama
cst1:prepare-for-terranix
cst1:ollama-api
cst1:npins-update
cst1:internal-lib
cst1:ds-update
cst1:ds-fr
cst1:colmena-liminix
cst1:tvix-store
cst1:nixpkgs
cst1:liminix-v1
DGNum:main
DGNum:lix-patched
DGNum:npins-update
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix

6 commits
npins-upda ... main

Author SHA1 Message Date
Ryan Lahfa
f20353b727 fix(storage01): pass through the admin API of Garage 
not the web API!

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:52:22 +02:00
Ryan Lahfa
a4de5f4d31 feat(krz01): move ollama to compute01 via a reverse proxy 
krz01 has no public web IP.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:40:56 +02:00
Ryan Lahfa
363f8d3c67 fix(krz01): open 80/443 for ACME 
Oopsie!

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:20:28 +02:00
Ryan Lahfa
12b20e6acf feat(storage01): add monorepo-terraform-state.s3.dgnum.eu 
This is required to bootstrap the Terranix setup.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:13:11 +02:00
Ryan Lahfa
de6742aa0d feat(storage01): add s3-admin.dgnum.eu 
This is the administration endpoint of the S3, you can create new
buckets and more, from there.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:13:11 +02:00
Ryan Lahfa
d76e655174 feat(krz01): add a NGINX in front of ollama protected by password 
This way, you can do direct requests to ollama from other places.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 16:43:33 +02:00
5 changed files with 65 additions and 8 deletions
Show stats Expand all files Collapse all files

1
machines/compute01/_configuration.nix
View file

@ -21,6 +21,7 @@ lib.extra.mkConfig {
"librenms" "librenms"
"mastodon" "mastodon"
"nextcloud" "nextcloud"
"ollama-proxy"
"outline" "outline"
"plausible" "plausible"
"postgresql" "postgresql"

27
machines/compute01/ollama-proxy.nix Normal file
View file

@ -0,0 +1,27 @@
{
pkgs,
nodes,
meta,
...
}:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."ollama01.beta.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}";
basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
'';
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

24
machines/krz01/_configuration.nix
View file

@ -2,6 +2,8 @@
config, config,
lib, lib,
pkgs, pkgs,
meta,
name,
... ...
}: }:
@ -12,11 +14,11 @@ lib.extra.mkConfig {
enabledServices = [ enabledServices = [
# INFO: This list needs to stay sorted alphabetically # INFO: This list needs to stay sorted alphabetically
# Machine learning API machine
"microvm-ml01"
"microvm-router01" "microvm-router01"
"nvidia-tesla-k80" "nvidia-tesla-k80"
"proxmox" "proxmox"
# Machine learning API machine
"microvm-ml01"
]; ];
extraConfig = { extraConfig = {
@ -57,14 +59,20 @@ lib.extra.mkConfig {
]; ];
})) }))
]; ];
services.ollama = {
enable = true; services = {
package = pkgs.callPackage ./ollama.nix { ollama = {
cudaPackages = pkgs.cudaPackages_11; enable = true;
# We need to thread our nvidia x11 driver for CUDA. host = meta.network.${name}.netbirdIp;
extraLibraries = [ config.hardware.nvidia.package ]; package = pkgs.callPackage ./ollama.nix {
cudaPackages = pkgs.cudaPackages_11;
# We need to thread our nvidia x11 driver for CUDA.
extraLibraries = [ config.hardware.nvidia.package ];
};
}; };
}; };
networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ];
}; };
root = ./.; root = ./.;

13
machines/storage01/garage.nix
View file

@ -15,6 +15,8 @@ let
]; ];
buckets = [ buckets = [
"monorepo-terraform-state"
"banda-website" "banda-website"
"castopod-dgnum" "castopod-dgnum"
"hackens-website" "hackens-website"
@ -77,6 +79,17 @@ in
users.groups.garage = { }; users.groups.garage = { };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"s3-admin.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:3903;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';
};
${host} = { ${host} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

8
meta/dns.nix
View file

@ -68,6 +68,12 @@ let
"support" # Zammad support "support" # Zammad support
"telegraf" # Telegraf "telegraf" # Telegraf
# Beta-grade machine learning API servers
"ollama01.beta"
"openui.beta"
"whisper.beta"
"stable-diffusion.beta"
# DGSI # DGSI
"dgsi" "dgsi"
"profil" "profil"
@ -87,6 +93,8 @@ let
"*.s3" "*.s3"
"cdn" "cdn"
"s3" "s3"
# The administration endpoint for Garage.
"s3-admin"
]; ];
rescue01.dual = [ rescue01.dual = [