From cb5b10493fd9af2bcbc3b1a27841d98b6db51e1e Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 23:28:14 -0400 Subject: [PATCH] llama-stack --- .../machines/server/modules/nginx/default.nix | 43 +++++++++++++------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index f12500e..8496379 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -125,23 +125,40 @@ in }; }; - virtualHosts."ai.${domain}" = { + virtualHosts."ai.${domain}" = let + apiKeyAuth = '' + set $api_key ""; + if ($http_authorization ~* "^Bearer (.+)$") { + set $api_key $1; + } + if ($api_key = "") { + return 401 '{"error": "Missing Authorization header"}'; + } + include ${config.sops.templates."nginx-ai-auth.conf".path}; + ''; + in { useACMEHost = domain; forceSSL = true; + + # Web UI — llama.cpp chat interface (browser) + # Auth handled by llama.cpp itself (--api-key flag) locations."/" = { - proxyPass = "http://192.168.0.23:8321"; + proxyPass = "http://192.168.0.23:8000"; proxyWebsockets = true; - extraConfig = '' - # API key auth — validated against the sops-managed key - set $api_key ""; - if ($http_authorization ~* "^Bearer (.+)$") { - set $api_key $1; - } - if ($api_key = "") { - return 401 '{"error": "Missing Authorization header"}'; - } - include ${config.sops.templates."nginx-ai-auth.conf".path}; - ''; + }; + + # API — Llama Stack (opencode, programmatic clients) + locations."/v1/" = { + proxyPass = "http://192.168.0.23:8321/v1/"; + proxyWebsockets = true; + extraConfig = apiKeyAuth; + }; + + # Llama Stack beta API + locations."/v1beta/" = { + proxyPass = "http://192.168.0.23:8321/v1beta/"; + proxyWebsockets = true; + extraConfig = apiKeyAuth; }; };