bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-05-08 14:50:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

llama-stack

Browse source
This commit is contained in:
Bryan Ramos 2026-04-13 23:28:14 -04:00
parent c41a6ff637
commit cb5b10493f
1 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

43
system/machines/server/modules/nginx/default.nix
View file

@ -125,23 +125,40 @@ in
};
};
virtualHosts."ai.${domain}" = {
virtualHosts."ai.${domain}" = let
apiKeyAuth = ''
set $api_key "";
if ($http_authorization ~* "^Bearer (.+)$") {
set $api_key $1;
}
if ($api_key = "") {
return 401 '{"error": "Missing Authorization header"}';
}
include ${config.sops.templates."nginx-ai-auth.conf".path};
'';
in {
useACMEHost = domain;
forceSSL = true;
# Web UI — llama.cpp chat interface (browser)
# Auth handled by llama.cpp itself (--api-key flag)
locations."/" = {
proxyPass = "http://192.168.0.23:8321";
proxyPass = "http://192.168.0.23:8000";
proxyWebsockets = true;
extraConfig = ''
# API key auth — validated against the sops-managed key
set $api_key "";
if ($http_authorization ~* "^Bearer (.+)$") {
set $api_key $1;
}
if ($api_key = "") {
return 401 '{"error": "Missing Authorization header"}';
}
include ${config.sops.templates."nginx-ai-auth.conf".path};
'';
};
# API — Llama Stack (opencode, programmatic clients)
locations."/v1/" = {
proxyPass = "http://192.168.0.23:8321/v1/";
proxyWebsockets = true;
extraConfig = apiKeyAuth;
};
# Llama Stack beta API
locations."/v1beta/" = {
proxyPass = "http://192.168.0.23:8321/v1beta/";
proxyWebsockets = true;
extraConfig = apiKeyAuth;
};
};