feat: nginx reverse proxy that shi

hosts/hitsugibune/configuration.nix

@@ -30,6 +30,7 @@
 in {
   imports = [
     ./hardware-configuration.nix
+    ./nginx.nix
     ./nextcloud.nix
     ./teamspeak.nix
     ./matrix.nix

hosts/hitsugibune/llm.nix

@@ -1,5 +1,4 @@
-{...} :
-{
+{config, ...}: {
   services.open-webui = {
     enable = true;
     openFirewall = true;
@@ -7,9 +6,26 @@
   };
 
   services.ollama = {
-  enable = true;
-  acceleration = "cuda";
-  loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ];
-    
-};
+    enable = true;
+    host = "chattn.sprechtl.me";
+    acceleration = "cuda";
+    loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts.${config.services.ollama.host} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
+  };
 }

hosts/hitsugibune/mail.nix

@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   age.secrets.mail-admin = {
     file = ../../secrets/mail-admin.age;
     owner = "virtualMail";
@@ -8,7 +12,7 @@
   mailserver = {
     enable = true;
     fqdn = "mail.sprechtl.me";
-    domains = [ "sprechtl.me" ];
+    domains = ["sprechtl.me"];
 
     # A list of all login accounts. To create the password hashes, use
     # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'

hosts/hitsugibune/nextcloud.nix

@@ -57,9 +57,4 @@
       enableACME = true;
     };
   };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "stefan@tague.at";
-  };
 }

hosts/hitsugibune/nginx.nix

@@ -0,0 +1,12 @@
+{...}: {
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    enable = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
+  };
+}

hosts/hitsugibune/nvidia.nix

@@ -1,9 +1,12 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
   nixpkgs.config.allowUnfreePredicate = pkg:
     builtins.elem (lib.getName pkg) [
-             "nvidia-x11"
-             "nvidia-settings"
+      "nvidia-x11"
+      "nvidia-settings"
     ];
   # Enable OpenGL
   hardware.graphics = {
@@ -14,13 +17,12 @@
   services.xserver.videoDrivers = ["nvidia"];
 
   hardware.nvidia = {
-
     # Modesetting is required.
     modesetting.enable = true;
 
     # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
     # Enable this if you have graphical corruption issues or application crashes after waking
-    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
     # of just the bare essentials.
     powerManagement.enable = false;
 
@@ -30,9 +32,9 @@
 
     # Use the NVidia open source kernel module (not to be confused with the
     # independent third-party "nouveau" open source driver).
-    # Support is limited to the Turing and later architectures. Full list of 
-    # supported GPUs is at: 
-    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Support is limited to the Turing and later architectures. Full list of
+    # supported GPUs is at:
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
     # Only available from driver 515.43.04+
     open = false;