zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Set up openwebui + ollama

Browse Source
This commit is contained in:
Zuckerberg
2026-01-10 23:00:10 -08:00
parent c130ce6edd
commit f053c677e8
5 changed files with 59 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
machines/fry/default.nix
View File

@@ -9,4 +9,60 @@
nix.distributedBuilds = lib.mkForce false; nix.distributedBuilds = lib.mkForce false;
nix.gc.automatic = lib.mkForce false; nix.gc.automatic = lib.mkForce false;
nixpkgs.config.rocmSupport = true;
services.ollama = {
enable = true;
acceleration = "rocm";
rocmOverrideGfx = "11.0.2";
host = "127.0.0.1";
};
services.open-webui = {
enable = true;
host = "127.0.0.1"; # nginx proxy
port = 12831;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://localhost:${toString config.services.ollama.port}";
};
};
# nginx
services.nginx = {
enable = true;
openFirewall = false; # All nginx services are internal
virtualHosts =
let
mkHost = external: config:
{
${external} = {
useACMEHost = "fry.neet.dev"; # Use wildcard cert
forceSSL = true;
locations."/" = config;
};
};
mkVirtualHost = external: internal:
mkHost external {
proxyPass = internal;
proxyWebsockets = true;
};
in
lib.mkMerge [
(mkVirtualHost "chat.fry.neet.dev" "http://localhost:${toString config.services.open-webui.port}")
];
};
# Get wildcard cert
security.acme.certs."fry.neet.dev" = {
dnsProvider = "digitalocean";
credentialsFile = "/run/agenix/digitalocean-dns-credentials";
extraDomainNames = [ "*.fry.neet.dev" ];
group = "nginx";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = false; # sadly this erroneously fails
};
age.secrets.digitalocean-dns-credentials.file = ../../secrets/digitalocean-dns-credentials.age;
} }

1
machines/fry/properties.nix
View File

@@ -7,6 +7,7 @@
systemRoles = [ systemRoles = [
"personal" "personal"
"dns-challenge"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/Df5lG07Il7fizEgZR/T9bMlR0joESRJ7cqM9BkOyP"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/Df5lG07Il7fizEgZR/T9bMlR0joESRJ7cqM9BkOyP";

1
machines/storage/s0/properties.nix
View File

@@ -17,6 +17,7 @@
"media-server" "media-server"
"linkwarden" "linkwarden"
"outline" "outline"
"dns-challenge"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

BIN
secrets/digitalocean-dns-credentials.age
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@@ -55,7 +55,7 @@ with roles;
"librechat-env-file.age".publicKeys = librechat; "librechat-env-file.age".publicKeys = librechat;
# For ACME DNS Challenge # For ACME DNS Challenge
"digitalocean-dns-credentials.age".publicKeys = server; "digitalocean-dns-credentials.age".publicKeys = dns-challenge;
# Frigate (DVR) # Frigate (DVR)
"frigate-credentials.age".publicKeys = frigate; "frigate-credentials.age".publicKeys = frigate;