diff --git a/flake.lock b/flake.lock index fd8dcbd..0d82e7c 100644 --- a/flake.lock +++ b/flake.lock @@ -324,11 +324,11 @@ ] }, "locked": { - "lastModified": 1705540973, - "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", + "lastModified": 1706145859, + "narHash": "sha256-+iGHKwzKVW6aGAWfUmUSJW1KiE6WLYhKyTyWZMTw/cg=", "owner": "nix-community", "repo": "disko", - "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", + "rev": "5a2dc95464080764b9ca1b82b5d6d981157522be", "type": "github" }, "original": { @@ -403,11 +403,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -627,11 +627,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -767,11 +767,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "type": "github" }, "original": { @@ -808,11 +808,11 @@ ] }, "locked": { - "lastModified": 1705535278, - "narHash": "sha256-V5+XKfNbiY0bLKLQlH+AXyhHttEL7XcZBH9iSbxxexA=", + "lastModified": 1706221476, + "narHash": "sha256-T4b8YafVjHXvtDY8ARec1WrXO8uyyNZOpNgv9yoQy2M=", "owner": "nix-community", "repo": "home-manager", - "rev": "b84191db127c16a92cbdf7f7b9969d58bb456699", + "rev": "c7ce343d9bf1a329056a4dd5b32ea8cc43b55e15", "type": "github" }, "original": { @@ -829,11 +829,11 @@ ] }, "locked": { - "lastModified": 1705104164, - "narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=", + "lastModified": 1705879479, + "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=", "owner": "nix-community", "repo": "home-manager", - "rev": "0912d26b30332ae6a90e1b321ff88e80492127dd", + "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913", "type": "github" }, "original": { @@ -850,11 +850,11 @@ ] }, "locked": { - "lastModified": 1700847865, - "narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=", + "lastModified": 1706001011, + "narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe", + "rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084", "type": "github" }, "original": { @@ -911,11 +911,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1705423846, - "narHash": "sha256-PULm77CvMZ9cQ4MaTXgvJom2ePB9c38p39JB4TFXEdw=", + "lastModified": 1705838953, + "narHash": "sha256-bu00HScTFCapBq6r1U5QXPO7yDZhzNkGCbGfYKOHRDM=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "1d0951ca1b3721ff4e6049c3a37df56c78c60c65", + "rev": "aca52761b7d82325fadfec11ea78e01fff8f06e8", "type": "github" }, "original": { @@ -948,11 +948,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1705592620, - "narHash": "sha256-97/yDm6n9C6fma0pSM/mMQeMLfmEOZPGbpKARNoKeG4=", + "lastModified": 1706214321, + "narHash": "sha256-42FZWeJQNYgz0ZkclMzShuvjT9TvJNRN78Iu3SEyD4M=", "owner": "astro", "repo": "microvm.nix", - "rev": "ccf44d60393a571b549448167fa03882693a5a3d", + "rev": "186b8bf6dbacc1ab55fe8ac8d5a2bbf76a1a70e1", "type": "github" }, "original": { @@ -969,11 +969,11 @@ ] }, "locked": { - "lastModified": 1704277720, - "narHash": "sha256-meAKNgmh3goankLGWqqpw73pm9IvXjEENJloF0coskE=", + "lastModified": 1705915768, + "narHash": "sha256-+Jlz8OAqkOwJlioac9wtpsCnjgGYUhvLpgJR/5tP9po=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0dd382b70c351f528561f71a0a7df82c9d2be9a4", + "rev": "1e706ef323de76236eb183d7784f3bd57255ec0b", "type": "github" }, "original": { @@ -1032,11 +1032,11 @@ ] }, "locked": { - "lastModified": 1705282324, - "narHash": "sha256-LnURMA7yCM5t7et9O2+2YfGQh0FKAfE5GyahNDDzJVM=", + "lastModified": 1705806513, + "narHash": "sha256-FcOmNjhHFfPz2udZbRpZ1sfyhVMr+C2O8kOxPj+HDDk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "49aaeecf41ae0a0944e2c627cb515bcde428a1d1", + "rev": "f8e04fbcebcc24cebc91989981bd45f69b963ed7", "type": "github" }, "original": { @@ -1092,11 +1092,11 @@ ] }, "locked": { - "lastModified": 1705400161, - "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=", + "lastModified": 1706085261, + "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234", + "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", "type": "github" }, "original": { @@ -1107,11 +1107,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1705312285, - "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", + "lastModified": 1706182238, + "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", + "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", "type": "github" }, "original": { @@ -1122,11 +1122,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705496572, - "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -1138,11 +1138,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1705193289, - "narHash": "sha256-oL5EAaZHiA3ABLdyKag/DgT+457vmELv8A+eaox2xsI=", + "lastModified": 1705798119, + "narHash": "sha256-WPVKxYMcvGW/2X16pfF1ef05EQ0Ql5XPCxqoCDlQSrY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "da839f74dc77c9826fa333b1bc2c8258fd6ffcbe", + "rev": "a26fc04e3d43acfa1dc52065a4ce39ca7a2ec91c", "type": "github" }, "original": { @@ -1243,11 +1243,11 @@ ] }, "locked": { - "lastModified": 1705585910, - "narHash": "sha256-5pvcEdTiVn5F+6gpyQbTxeLhcRlV/oN8nNiwjgLqigs=", + "lastModified": 1706195865, + "narHash": "sha256-yJ++qYtmG6zeVLMJ7RzlADCq7F2tdoTPYMEN9hv3TKE=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "5b2b874c87882a5fc7f30be353410432e685ca0d", + "rev": "f64c8b95825425c9bdfdc76cf200aacaaf403873", "type": "github" }, "original": { @@ -1331,11 +1331,11 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1705581923, - "narHash": "sha256-ms+6X+Sbx7Je8vMzux4ricuUR6JNHGoMZJLqhjGLxn8=", + "lastModified": 1706198703, + "narHash": "sha256-7INiYw039cf5202QxnIlOVXx+QMI8qsUGzbg5mnFSF4=", "owner": "nix-community", "repo": "nixvim", - "rev": "df7a90127b079a39bfaba3eae1885ce6ab3a062a", + "rev": "7164a89f72c28305e9ee7833220913d27aca9bd4", "type": "github" }, "original": { @@ -1446,11 +1446,11 @@ ] }, "locked": { - "lastModified": 1705072518, - "narHash": "sha256-90dERRuG781f0EWjn2AOtScZqsTcpIFLpY8TN2VbkL8=", + "lastModified": 1705757126, + "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "274ae3979a0eacae422e1bbcf63b8b7a335e1114", + "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", "type": "github" }, "original": { @@ -1472,11 +1472,11 @@ "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { - "lastModified": 1705229514, - "narHash": "sha256-itILy0zimR/iyUGq5Dgg0fiW8plRDyxF153LWGsg3Cw=", + "lastModified": 1705757126, + "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ffa9a5b90b0acfaa03b1533b83eaf5dead819a05", + "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", "type": "github" }, "original": { @@ -1605,11 +1605,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1705504375, - "narHash": "sha256-oRVxuJ6sCljsgfoWb+SsIK2MvUjsxrXQHRoVTUDVC40=", + "lastModified": 1706172305, + "narHash": "sha256-9VXEpF+wFyVNmUAMyGFPqXCSTAa+oXEkwm2Fe0Oq/JM=", "owner": "danth", "repo": "stylix", - "rev": "2d59480b4531ce8d062d20a42560a266cb42b9d0", + "rev": "1a5dee1957dc45e125013ae3919ff284cfb83cdc", "type": "github" }, "original": { @@ -1814,11 +1814,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1705487953, - "narHash": "sha256-6oh1H7/74v57m3AtK8jQLvN9LtKqyeT862krjJasOJs=", + "lastModified": 1706214060, + "narHash": "sha256-P2AyxPfn8+nfFB3xKUikd6fTN8jVl5/ZLV1gsz5eiT0=", "owner": "Toqozz", "repo": "wired-notify", - "rev": "fe0f02af93b09e5fe689c948a557e466b99d9a58", + "rev": "d65f227779061299842b4e1891954c4843ee2750", "type": "github" }, "original": { diff --git a/hosts/desktopnix/default.nix b/hosts/desktopnix/default.nix index f8f5a47..8b1f8f9 100644 --- a/hosts/desktopnix/default.nix +++ b/hosts/desktopnix/default.nix @@ -40,7 +40,7 @@ xkbVariant = "bone"; }; virtualisation.podman = { - enable = false; + enable = true; dockerCompat = true; }; diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index bd0f7f4..58849a5 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -13,6 +13,7 @@ vaultwardendomain = "pw.${config.secrets.secrets.global.domains.web}"; paperlessdomain = "ppl.${config.secrets.secrets.global.domains.web}"; immichdomain = "immich.${config.secrets.secrets.global.domains.web}"; + ollamadomain = "ollama.${config.secrets.secrets.global.domains.web}"; ipOf = hostName: lib.net.cidr.host config.secrets.secrets.global.net.ips."${config.guests.${hostName}.nodeName}" config.secrets.secrets.global.net.privateSubnet; in { services.nginx = { @@ -79,6 +80,27 @@ in { ''; }; + upstreams.ollama = { + servers."${ipOf "ollama"}:3000" = {}; + + extraConfig = '' + zone ollama 64k ; + keepalive 5 ; + ''; + }; + virtualHosts.${ollamadomain} = { + forceSSL = true; + useACMEHost = "web"; + locations."/" = { + proxyPass = "http://ollama"; + proxyWebsockets = true; + }; + extraConfig = '' + allow ${config.secrets.secrets.global.net.privateSubnet}; + deny all; + ''; + }; + upstreams.adguardhome = { servers."${ipOf "adguardhome"}:3000" = {}; @@ -95,10 +117,11 @@ in { proxyWebsockets = true; }; extraConfig = '' - allow 192.168.178.0/24; + allow ${config.secrets.secrets.global.net.privateSubnet}; deny all; ''; }; + upstreams.paperless = { servers."${ipOf "paperless"}:3000" = {}; @@ -223,6 +246,7 @@ in { // mkContainer "adguardhome" {} // mkContainer "vaultwarden" {} // mkContainer "ddclient" {} + // mkContainer "ollama" {} // mkContainer "nextcloud" { enablePanzer = true; } diff --git a/hosts/elisabeth/secrets/ollama/host.pub b/hosts/elisabeth/secrets/ollama/host.pub new file mode 100644 index 0000000..c94f7fb --- /dev/null +++ b/hosts/elisabeth/secrets/ollama/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHD5D88M/eb/uW/i8vYn3pkVbn3rLBJiO/qsckKA6ALJ diff --git a/modules/config/nix.nix b/modules/config/nix.nix index d9e757e..c148189 100644 --- a/modules/config/nix.nix +++ b/modules/config/nix.nix @@ -42,7 +42,7 @@ optimise.automatic = true; gc = { automatic = true; - dates = "daily"; + dates = "monthly"; }; registry = { diff --git a/modules/optional/printing.nix b/modules/optional/printing.nix index 4dfaf9c..17ee20f 100644 --- a/modules/optional/printing.nix +++ b/modules/optional/printing.nix @@ -1,6 +1,12 @@ {pkgs, ...}: { services.printing = { enable = true; - drivers = [pkgs.hplipWithPlugin]; + drivers = [pkgs.hplipWithPlugin pkgs.hplip]; }; + environment.persistence."/state".directories = [ + { + directory = "/var/lib/cups"; + mode = "755"; + } + ]; } diff --git a/modules/services/ollama.nix b/modules/services/ollama.nix new file mode 100644 index 0000000..eafdf7b --- /dev/null +++ b/modules/services/ollama.nix @@ -0,0 +1,13 @@ +{ + networking.firewall.allowedTCPPorts = [11434]; + services.ollama = { + listenAddress = "0.0.0.0:11434"; + enable = true; + }; + environment.persistence."/state".directories = [ + { + directory = "/var/lib/private/ollama"; + mode = "0700"; + } + ]; +} diff --git a/pkgs/ollama-webui.nix b/pkgs/ollama-webui.nix new file mode 100644 index 0000000..5330959 --- /dev/null +++ b/pkgs/ollama-webui.nix @@ -0,0 +1,62 @@ +{ + lib, + buildNpmPackage, + nodePackages, + fetchFromGitHub, + runtimeShell, +}: +# We just package the JS frontend part, not the Python reverse-proxy backend. +# NixOS can provide any another reverse proxy such as nginx. +buildNpmPackage rec { + pname = "ollama-webui"; + # ollama-webui doesn't tag versions yet. + version = "0.0.0-unstable-2023-12-22"; + + src = fetchFromGitHub { + owner = "ollama-webui"; + repo = "ollama-webui"; + rev = "77c1a77fccb04337ff95440030cd051fd16c2cd8"; + hash = "sha256-u7h2tpHgtQwYXornslY3CZjKjigqBK2mHmaiK1EoEgk="; + }; + # dependencies are downloaded into a separate node_modules Nix package + npmDepsHash = "sha256-SI2dPn1SwbGwl8093VBtcDsA2eHSxr3UUC+ta68w2t8="; + + # We have to bake in the default URL it will use for ollama webserver here, + # but it can be overriden in the UI later. + PUBLIC_API_BASE_URL = "http://localhost:11434/api"; + + # The path '/ollama/api' will be redirected to the specified backend URL + OLLAMA_API_BASE_URL = PUBLIC_API_BASE_URL; + # "npm run build" creates a static page in the "build" folder. + installPhase = '' + mkdir -p $out/lib + cp -R ./build/. $out/lib + + mkdir -p $out/bin + cat <>$out/bin/${pname} + #!${runtimeShell} + ${nodePackages.http-server}/bin/http-server $out/lib "\$@" + EOF + chmod +x $out/bin/${pname} + ''; + + meta = with lib; { + description = "ChatGPT-Style Web Interface for Ollama"; + longDescription = '' + Tools like Ollama make open-source large langue models (LLM) accessible and almost + trivial to download and run them locally on a consumer computer. + However, Ollama only runs in a terminal and doesn't store any chat history. + Ollama-WebUI is a web frontend on top of Ollama that looks and behaves similar to ChatGPT's web frontend. + You can have separate chats with different LLMs that are saved in your browser, + automatic Markdown and Latex rendering, upload files etc. + This package contains two parts: + - `/lib` The WebUI as a compiled, static html folder to bundle in your web server + - `/bin/${pname}` A runnable webserver the serves the WebUI for convenience. + ''; + homepage = "https://github.com/ollama-webui/ollama-webui"; + license = licenses.mit; + mainProgram = pname; + maintainers = with maintainers; [malteneuss]; + platforms = platforms.all; + }; +} diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index 96f06fd..1d066a7 100644 Binary files a/secrets/secrets.nix.age and b/secrets/secrets.nix.age differ