bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-05-08 14:50:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

llama-stack

Browse source
This commit is contained in:
Bryan Ramos 2026-04-13 23:28:14 -04:00
parent c41a6ff637
commit cb5b10493f
1 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

43
system/machines/server/modules/nginx/default.nix
View file

@ -125,23 +125,40 @@ in
}; };
}; };
virtualHosts."ai.${domain}" = { virtualHosts."ai.${domain}" = let
apiKeyAuth = ''
set $api_key "";
if ($http_authorization ~* "^Bearer (.+)$") {
set $api_key $1;
}
if ($api_key = "") {
return 401 '{"error": "Missing Authorization header"}';
}
include ${config.sops.templates."nginx-ai-auth.conf".path};
'';
in {
useACMEHost = domain; useACMEHost = domain;
forceSSL = true; forceSSL = true;
# Web UI — llama.cpp chat interface (browser)
# Auth handled by llama.cpp itself (--api-key flag)
locations."/" = { locations."/" = {
proxyPass = "http://192.168.0.23:8321"; proxyPass = "http://192.168.0.23:8000";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' };
# API key auth — validated against the sops-managed key
set $api_key ""; # API — Llama Stack (opencode, programmatic clients)
if ($http_authorization ~* "^Bearer (.+)$") { locations."/v1/" = {
set $api_key $1; proxyPass = "http://192.168.0.23:8321/v1/";
} proxyWebsockets = true;
if ($api_key = "") { extraConfig = apiKeyAuth;
return 401 '{"error": "Missing Authorization header"}'; };
}
include ${config.sops.templates."nginx-ai-auth.conf".path}; # Llama Stack beta API
''; locations."/v1beta/" = {
proxyPass = "http://192.168.0.23:8321/v1beta/";
proxyWebsockets = true;
extraConfig = apiKeyAuth;
}; };
}; };