feat: nginx reverse proxy that shi

2025-11-08 20:04:43 +01:00 · 2025-11-08 20:04:43 +01:00 · 8fc518d422
commit 8fc518d422
parent 411755a47e
13 changed files with 98 additions and 58 deletions
--- a/hosts/hitsugibune/configuration.nix
+++ b/hosts/hitsugibune/configuration.nix
@ -30,6 +30,7 @@
 in {
  imports = [
    ./hardware-configuration.nix
+    ./nginx.nix
    ./nextcloud.nix
    ./teamspeak.nix
    ./matrix.nix
--- a/hosts/hitsugibune/llm.nix
+++ b/hosts/hitsugibune/llm.nix
@ -1,5 +1,4 @@
-{...} :
-{
+{config, ...}: {
  services.open-webui = {
    enable = true;
    openFirewall = true;
@ -8,8 +7,25 @@

  services.ollama = {
    enable = true;
+    host = "chattn.sprechtl.me";
    acceleration = "cuda";
-  loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ];
+    loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
+  };

-};
+  services.nginx = {
+    enable = true;
+    virtualHosts.${config.services.ollama.host} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
+  };
 }
--- a/hosts/hitsugibune/mail.nix
+++ b/hosts/hitsugibune/mail.nix
@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
+  config,
+  pkgs,
+  ...
+}: {
  age.secrets.mail-admin = {
    file = ../../secrets/mail-admin.age;
    owner = "virtualMail";
@ -8,7 +12,7 @@
  mailserver = {
    enable = true;
    fqdn = "mail.sprechtl.me";
-    domains = [ "sprechtl.me" ];
+    domains = ["sprechtl.me"];

    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
--- a/hosts/hitsugibune/nextcloud.nix
+++ b/hosts/hitsugibune/nextcloud.nix
@ -57,9 +57,4 @@
      enableACME = true;
    };
  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "stefan@tague.at";
-  };
 }
--- a/hosts/hitsugibune/nginx.nix
+++ b/hosts/hitsugibune/nginx.nix
@ -0,0 +1,12 @@
+{...}: {
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    enable = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stefan@tague.at";
+  };
+}
--- a/hosts/hitsugibune/nvidia.nix
+++ b/hosts/hitsugibune/nvidia.nix
@ -1,5 +1,8 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "nvidia-x11"
@ -14,7 +17,6 @@
  services.xserver.videoDrivers = ["nvidia"];

  hardware.nvidia = {
-
    # Modesetting is required.
    modesetting.enable = true;

--- a/hosts/saberofxebec/configuration.nix
+++ b/hosts/saberofxebec/configuration.nix
@ -120,7 +120,8 @@ in {
        "/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro"
      ];
      extraOptions = [
-        "--network" "host"
+        "--network"
+        "host"
        "--dns=192.168.0.201"
      ];

--- a/hosts/saberofxebec/disk-spindown.nix
+++ b/hosts/saberofxebec/disk-spindown.nix
@ -1,14 +1,20 @@
-{lib, pkgs, ...}: {
-# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
-services.udev.extraRules = 
-  let
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  # Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
+  services.udev.extraRules = let
    mkRule = as: lib.concatStringsSep ", " as;
    mkRules = rs: lib.concatStringsSep "\n" rs;
-  in mkRules ([( mkRule [
+  in
+    mkRules [
+      (mkRule [
        ''ACTION=="add|change"''
        ''SUBSYSTEM=="block"''
        ''KERNEL=="sd[a-z]"''
        ''ATTR{queue/rotational}=="1"''
        ''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
-  ])]);
+      ])
+    ];
 }
--- a/hosts/saberofxebec/hardware-configuration.nix
+++ b/hosts/saberofxebec/hardware-configuration.nix
@ -16,7 +16,7 @@
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
-  boot.supportedFilesystems = [ "ntfs" ];
+  boot.supportedFilesystems = ["ntfs"];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee";
@ -26,7 +26,7 @@
  fileSystems."/media" = {
    device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe";
    fsType = "ntfs-3g";
-    options = [ "rw" ];
+    options = ["rw"];
  };

  fileSystems."/boot" = {
--- a/hosts/saberofxebec/intel.nix
+++ b/hosts/saberofxebec/intel.nix
@ -1,5 +1,9 @@
-{config, pkgs, ...}: {
-  services.xserver.videoDrivers = [ "modesetting" ];
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.xserver.videoDrivers = ["modesetting"];
  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
@ -7,5 +11,5 @@
      vpl-gpu-rt # Enable QSV
    ];
  };
-  environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
+  environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";};
 }
--- a/hosts/saberofxebec/nvidia.nix
+++ b/hosts/saberofxebec/nvidia.nix
@ -1,5 +1,8 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "nvidia-x11"
@ -14,7 +17,6 @@
  services.xserver.videoDrivers = ["nvidia"];

  hardware.nvidia = {
-
    # Modesetting is required.
    modesetting.enable = true;

--- a/modules/nixos/greetd.nix
+++ b/modules/nixos/greetd.nix
@ -1,7 +1,4 @@
-{
-  pkgs,
-  ...
-}: {
+{pkgs, ...}: {
  services.greetd = {
    enable = true;