feat: nginx reverse proxy that shi

hosts/hitsugibune/configuration.nix

@@ -30,6 +30,7 @@
 in {
   imports = [
     ./hardware-configuration.nix
+    ./nginx.nix
     ./nextcloud.nix
     ./teamspeak.nix
     ./matrix.nix

hosts/hitsugibune/llm.nix

@@ -1,5 +1,4 @@
-{...} :
+{config, ...}: {
-{
   services.open-webui = {
     enable = true;
     openFirewall = true;
@@ -8,8 +7,25 @@
 
   services.ollama = {
     enable = true;
+    host = "chattn.sprechtl.me";
     acceleration = "cuda";
     loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
+  };
 
+  services.nginx = {
+    enable = true;
+    virtualHosts.${config.services.ollama.host} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
   };
 }

hosts/hitsugibune/mail.nix

@@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   age.secrets.mail-admin = {
     file = ../../secrets/mail-admin.age;
     owner = "virtualMail";

hosts/hitsugibune/nextcloud.nix

@@ -57,9 +57,4 @@
       enableACME = true;
     };
   };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "stefan@tague.at";
-  };
 }

hosts/hitsugibune/nginx.nix

@@ -0,0 +1,12 @@
+{...}: {
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    enable = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
+  };
+}

hosts/hitsugibune/nvidia.nix

@@ -1,5 +1,8 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
   nixpkgs.config.allowUnfreePredicate = pkg:
     builtins.elem (lib.getName pkg) [
       "nvidia-x11"
@@ -14,7 +17,6 @@
   services.xserver.videoDrivers = ["nvidia"];
 
   hardware.nvidia = {
-
     # Modesetting is required.
     modesetting.enable = true;
 

hosts/saberofxebec/configuration.nix

@@ -120,7 +120,8 @@ in {
         "/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro"
       ];
       extraOptions = [
-        "--network" "host"
+        "--network"
+        "host"
         "--dns=192.168.0.201"
       ];
 

hosts/saberofxebec/disk-spindown.nix

@@ -1,14 +1,20 @@
-{lib, pkgs, ...}: {
+{
+  lib,
+  pkgs,
+  ...
+}: {
   # Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
-services.udev.extraRules = 
+  services.udev.extraRules = let
-  let
     mkRule = as: lib.concatStringsSep ", " as;
     mkRules = rs: lib.concatStringsSep "\n" rs;
-  in mkRules ([( mkRule [
+  in
+    mkRules [
+      (mkRule [
         ''ACTION=="add|change"''
         ''SUBSYSTEM=="block"''
         ''KERNEL=="sd[a-z]"''
         ''ATTR{queue/rotational}=="1"''
         ''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
-  ])]);
+      ])
+    ];
 }

hosts/saberofxebec/intel.nix

@@ -1,4 +1,8 @@
-{config, pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   services.xserver.videoDrivers = ["modesetting"];
   hardware.graphics = {
     enable = true;

hosts/saberofxebec/nvidia.nix

@@ -1,5 +1,8 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
   nixpkgs.config.allowUnfreePredicate = pkg:
     builtins.elem (lib.getName pkg) [
       "nvidia-x11"
@@ -14,7 +17,6 @@
   services.xserver.videoDrivers = ["nvidia"];
 
   hardware.nvidia = {
-
     # Modesetting is required.
     modesetting.enable = true;
 

modules/nixos/greetd.nix

@@ -1,7 +1,4 @@
-{
+{pkgs, ...}: {
-  pkgs,
-  ...
-}: {
   services.greetd = {
     enable = true;