Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

service: ollama + open-webui

Browse Source
This commit is contained in:
Kabbone 2024-04-14 21:04:25 +02:00
parent 653476ec32
commit 8d4d1e4be8
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
4 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/server_big/default.nix
View File

@ -40,6 +40,10 @@
environment = { environment = {
etc = { etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = { "fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf; source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444"; mode = "0444";
@ -80,6 +84,12 @@
findtime = "15m"; findtime = "15m";
}; };
jails = { jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = '' gitea = ''
enabled = true enabled = true
filter = gitea filter = gitea

2
modules/services/server/default.nix
View File

@ -18,7 +18,7 @@
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./jitsi.nix ./jitsi.nix
#./ollama.nix ./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

4
modules/services/server/fail2ban/filter/open-webui.conf Normal file
View File

@ -0,0 +1,4 @@
[Definition]
failregex = <HOST> - .*(401 Unauthorized|invalid credentials|Attempted access of unknown user).*
ignoreregex =
journalmatch = _SYSTEMD_UNIT=podman-open-webui.service + _COMM=podman-open-webui

33
modules/services/server/ollama.nix
View File

@ -4,20 +4,25 @@ let
ollamahostname = "llm.kabtop.de"; ollamahostname = "llm.kabtop.de";
in in
{ {
services.ollama = { virtualisation.oci-containers.containers."open-webui" = {
enable = true; autoStart = true;
listenAddress = "127.0.0.1:11434"; image = "ghcr.io/open-webui/open-webui:ollama";
}; volumes = [
"/var/lib/open-webui:/app/backend/data"
];
hostname = "open-webui";
ports = [ "8081:8080" ];
};
services.nginx = { services = {
virtualHosts = { nginx = {
ollamahostname = { virtualHosts = {
enableACME = true; ${ollamahostname} = {
forceSSL = true; enableACME = true;
listen = [ { forceSSL = true;
addr = "127.0.0.1"; port = 11434; locations."/".proxyPass = "http://localhost:8081";
} ]; };
}; };
};
}; };
};
} }