k/nixos_configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos_configs/hosts/server/service.nix
k abba34b8ec Ollama
2026-05-10 15:46:17 -04:00

296 lines
7.1 KiB
Nix
Raw Blame History

{
pkgs,
lib,
...
}: {
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443 51820 2020 26615];
allowedUDPPorts = [51820 24454 26615];
};
nat.externalInterface = "wlp0s20f3";
nat.internalInterfaces = ["wg0"];
wireguard.interfaces = {
wg0 = {
ips = ["10.0.0.1/24"];
listenPort = 51820;
privateKeyFile = "/keys/wg-private";
peers = [
{
# laptop
publicKey = "Ze2y3K+blI3aBc1AKTlvv90j+McBaitB+qSLazsuSFM=";
allowedIPs = ["10.0.0.2/32"];
}
{
# phone
publicKey = "vcheBoHRxCrwzbMw0UI9ZsQfVDJizBWkeM+pF5/8+HE=";
allowedIPs = ["10.0.0.3/32"];
}
];
};
};
};
networking.nat.enable = true;
security.acme = {
acceptTerms = true;
defaults.email = "markers711@gmail.com";
};
virtualisation = {
docker = {enable = true;};
libvirtd = {enable = true;};
kvmgt = {enable = true;};
};
services = {
openssh = {
enable = true;
ports = [2020];
};
jellyfin = {enable = true;};
fail2ban = {
enable = true;
jails = {
nginx-http-auth = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/error.log";
# "auto" or "polling" is required for file-based logs on NixOS
backend = "auto";
};
};
nginx-botsearch = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/access.log";
backend = "auto";
maxretry = 2;
};
};
recidive = {
settings = {
enabled = true;
port = "allports";
protocol = "all";
# Look for 'Ban' messages in fail2ban's own log
backend = "systemd";
#logpath = "/var/log/fail2ban.log";
#backend = "auto";
bantime = "1w"; # Ban for 1 week
findtime = "1d"; # Look back 1 day
maxretry = 5; # If they were banned 5 times in 24 hours
};
};
};
};
postgresql = {enable = true;};
i2p = {enable = true;};
nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
ollama = {
enable = true;
package = pkgs.ollama-vulkan;
environmentVariables = {
GGML_VK_DISABLE_INTEGER_DOT_PRODUCT = "1";
OLLAMA_FLASH_ATTENTION = "1";
OLLAMA_VULKAN = "1";
OLLAMA_HOST = "0.0.0.0:11434";
};
};
anubis = {
defaultOptions = {
enable = true;
settings.SERVE_ROBOTS_TXT = true;
firewall.enabled = true;
firewall.block_openai = true;
firewall.block_google = true;
};
};
open-webui = {
enable = true;
port = 5009;
};
forgejo = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
service.ENABLE_PUSH_CREATE_USER = true;
server = {
HTTP_PORT = 8001;
SSH_PORT = 2020;
DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true;
};
};
};
gitea-actions-runner.package = pkgs.forgejo-runner;
gitea-actions-runner.instances.home = {
enable = true;
url = "https://git.dhilton.xyz";
name = "nixsrv";
token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
labels = [
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
"ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
"ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04"
"native:host"
];
};
home-assistant = {
enable = false;
extraComponents = ["wiz" "fail2ban" "ollama" "wyoming" "androidtv" "androidtv_remote"];
config = {
default_config = {};
"automation ui" = "!include automations.yaml";
http = {
use_x_forwarded_for = "true";
trusted_proxies = ["127.0.0.1"];
server_port = 8002;
};
};
};
wyoming = {
piper.servers."piperNix" = {
enable = false;
uri = "tcp://0.0.0.0:10200";
voice = "en-us-ryan-low";
};
faster-whisper.servers."whisperNix" = {
enable = false;
uri = "tcp://0.0.0.0:10300";
language = "en";
};
};
searx = {
enable = true;
settings = {
server.port = 8003;
server.secret_key = "secretlol";
search.formats = ["html" "json"];
};
};
akkoma = {
enable = true;
initDb.enable = true;
config = {
":pleroma" = {
":instance" = {
name = "dhilton fedi";
description = "dhilton akkoma server";
email = "markers711@gmail.com";
registration_open = false;
};
"Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";};
};
};
nginx = {
enableACME = true;
forceSSL = true;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"dhilton.xyz" = {
enableACME = true;
forceSSL = true;
root = "/var/www/dhilton";
};
"git.dhilton.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
};
};
"jel.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
"mlf.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5002";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 4G;
proxy_request_buffering off;
proxy_buffering off;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
send_timeout 600s;
'';
};
"srx.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
proxyWebsockets = true;
};
};
"oai.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5009";
proxyWebsockets = true;
};
};
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8100";
proxyWebsockets = true;
};
};
"nix.dhilton.xyz" = {
locations."/".proxyPass = "http://127.0.0.1:5000";
};
};
};
};
}
Reference in a new issue View git blame Copy permalink