service: ollama + open-webui

modules/services/server/default.nix

@@ -18,7 +18,7 @@
   ./matrix.nix
   ./coturn.nix
   ./jitsi.nix
-  #./ollama.nix
+  ./ollama.nix
 ]
 
 # picom, polybar and sxhkd are pulled from desktop module

modules/services/server/fail2ban/filter/open-webui.conf

@@ -0,0 +1,4 @@
+[Definition]
+failregex =  <HOST> - .*(401 Unauthorized|invalid credentials|Attempted access of unknown user).*
+ignoreregex =
+journalmatch = _SYSTEMD_UNIT=podman-open-webui.service + _COMM=podman-open-webui

modules/services/server/ollama.nix

@@ -4,20 +4,25 @@ let
   ollamahostname = "llm.kabtop.de";
 in
 {
-    services.ollama = {
-        enable = true;
-        listenAddress = "127.0.0.1:11434";
-    };
+  virtualisation.oci-containers.containers."open-webui" = {
+    autoStart = true;
+    image = "ghcr.io/open-webui/open-webui:ollama";
+    volumes = [
+      "/var/lib/open-webui:/app/backend/data"
+    ];
+    hostname = "open-webui";
+    ports = [ "8081:8080" ];
+  };
 
-    services.nginx = {
-        virtualHosts = {
-            ollamahostname = {
-                enableACME = true;
-                forceSSL = true;
-                listen = [ {
-                    addr = "127.0.0.1"; port = 11434;
-                } ];
-            };
-        };
+  services = {
+    nginx = {
+      virtualHosts = {
+          ${ollamahostname} = {
+              enableACME = true;
+              forceSSL = true;
+              locations."/".proxyPass = "http://localhost:8081";
+          };
+      };
     };
+  };
 }