From 27f765fe22a3f587991bc6dae3fff83ee8e8ad98 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 21:45:22 -0400 Subject: [PATCH 01/11] removed --- .claude/settings.local.json | 9 --------- .gitignore | 1 + 2 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 .claude/settings.local.json diff --git a/.claude/settings.local.json b/.claude/settings.local.json deleted file mode 100644 index 8463192..0000000 --- a/.claude/settings.local.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "permissions": { - "allow": [ - "WebSearch", - "WebFetch(domain:forgejo.org)", - "Bash(ssh:*)" - ] - } -} diff --git a/.gitignore b/.gitignore index 619d00a..fad0876 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.qcow2 result .direnv +.claude From 07586a80eea6713d705746258f586cda5f6911f1 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 22:45:02 -0400 Subject: [PATCH 02/11] added llama api key --- .sops.yaml | 7 ++++++- secrets/system/llama.yaml | 16 ++++++++++++++++ system/machines/desktop/system.nix | 9 +++++++++ user/modules/utils/dev/default.nix | 6 +++--- 4 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 secrets/system/llama.yaml diff --git a/.sops.yaml b/.sops.yaml index fdad7d3..c4b8201 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,13 +12,18 @@ creation_rules: key_groups: - age: - *desktop + # Desktop secrets + - path_regex: secrets/system/llama\.yaml$ # llama.cpp API key + key_groups: + - age: + - *desktop # Server secrets (cameras) - path_regex: secrets/system/cameras\.yaml$ # RTSP Feed key_groups: - age: - *server # Server secrets (searxng) - - path_regex: secrets/system/searxng\.yaml$ + - path_regex: secrets/system/searxng\.yaml$ # searxng token key_groups: - age: - *server diff --git a/secrets/system/llama.yaml b/secrets/system/llama.yaml new file mode 100644 index 0000000..84e67dc --- /dev/null +++ b/secrets/system/llama.yaml @@ -0,0 +1,16 @@ +LLAMA_API_KEY: ENC[AES256_GCM,data:J9MRO+I4P1E6+v6xvUd9fGgCsUqTjKN+nt1W2rSia+hLyS4p5z6edGJzsf0GAeLeO0wW8WXSj04lpWSgzDKIVA==,iv:teWpdiiqFEcYy+b8PqkbClzFMoItBLUiBfCViHcqWCQ=,tag:/kmmzhs/nIfICmQMdyUPfQ==,type:str] +sops: + age: + - recipient: age17ejyzyk52unr6eyaa9rpunxpmf7u9726v6sx7me3ww3mdu5xzgjqsgj9gl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeHdwYnhLTkFCWEg4c1Na + aHlGY2lGaU5DclpnLzRvK0RTaERubFBDQjNZCnZRdmF6bk1ENWFHVm9zTFJGRW5j + aTZWM0F2Z0N2S2JnOWJVRlJOL0ZHZ2sKLS0tIGtNNjRVM3pJb0dYUDhiemNxb05C + SFF2bFN6dXByZGR5a3A3NjZZYmFGR3MK3F7VqRxqK4AobeCZo0EozK9ZImNl1PGR + MSDa0Ljk5JHaxo5LXdc3bv55BH/97cmFX6HTOY/Lj9ioIHpS/f5p+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-14T02:12:27Z" + mac: ENC[AES256_GCM,data:6cg659/N2U31u8KQUtRypS7oUb7JfbodrX8wkNjMhDN5cGEDL2wrFZ+51uYblBGhXwLR5Isk7XNSzzgHNsUeQZlJEY2/OUIZ5TOYmKpWUSpSQTwF08MqqNXj9qgSle5yfrvi43+743b50Eh3VExtpF0gpODwunPoBXl0L89Or00=,iv:Kr+GtbwqyElWgnf6mKc1lXPicCvkWoQj5LGy6r7jcM8=,tag:IjmHvCQo9kI5BZFghnUMwg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.1 diff --git a/system/machines/desktop/system.nix b/system/machines/desktop/system.nix index 7a12793..e981ab8 100644 --- a/system/machines/desktop/system.nix +++ b/system/machines/desktop/system.nix @@ -5,6 +5,10 @@ let (user: user.modules.user.security.gpg.enable or false) (lib.attrValues config.home-manager.users); + devEnabled = lib.any + (user: user.modules.user.utils.dev.enable or false) + (lib.attrValues config.home-manager.users); + sysModules = config.modules.system; in @@ -19,6 +23,11 @@ in "WIFI_HOME_PSK" = wifi; "WIFI_CAMS_SSID" = wifi; "WIFI_CAMS_PSK" = wifi; + } // lib.optionalAttrs devEnabled { + "LLAMA_API_KEY" = { + sopsFile = ../../../secrets/system/llama.yaml; + owner = config.user.name; + }; }; sops.templates."wifi-env".content = '' diff --git a/user/modules/utils/dev/default.nix b/user/modules/utils/dev/default.nix index 89c4809..991524b 100644 --- a/user/modules/utils/dev/default.nix +++ b/user/modules/utils/dev/default.nix @@ -30,9 +30,9 @@ in ]; programs = { - #bash = { - # initExtra = import ./config/penpot.nix; - #}; + bash = { + initExtra = "export LLAMA_API_KEY=$(cat /run/secrets/LLAMA_API_KEY)"; + }; direnv = { enable = true; enableBashIntegration = true; From c41a6ff63787882cc05a0ce9c60cf2213d63afc6 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 23:12:50 -0400 Subject: [PATCH 03/11] added llama-stack --- .sops.yaml | 5 ++-- secrets/system/llama.yaml | 19 +++++++++++---- .../machines/server/modules/nginx/default.nix | 23 ++++++++++--------- system/machines/server/system.nix | 15 +++++------- 4 files changed, 35 insertions(+), 27 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c4b8201..6fa100a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,11 +12,12 @@ creation_rules: key_groups: - age: - *desktop - # Desktop secrets + # Shared secrets (desktop + server) - path_regex: secrets/system/llama\.yaml$ # llama.cpp API key key_groups: - age: - - *desktop + - *desktop + - *server # Server secrets (cameras) - path_regex: secrets/system/cameras\.yaml$ # RTSP Feed key_groups: diff --git a/secrets/system/llama.yaml b/secrets/system/llama.yaml index 84e67dc..a538022 100644 --- a/secrets/system/llama.yaml +++ b/secrets/system/llama.yaml @@ -4,11 +4,20 @@ sops: - recipient: age17ejyzyk52unr6eyaa9rpunxpmf7u9726v6sx7me3ww3mdu5xzgjqsgj9gl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeHdwYnhLTkFCWEg4c1Na - aHlGY2lGaU5DclpnLzRvK0RTaERubFBDQjNZCnZRdmF6bk1ENWFHVm9zTFJGRW5j - aTZWM0F2Z0N2S2JnOWJVRlJOL0ZHZ2sKLS0tIGtNNjRVM3pJb0dYUDhiemNxb05C - SFF2bFN6dXByZGR5a3A3NjZZYmFGR3MK3F7VqRxqK4AobeCZo0EozK9ZImNl1PGR - MSDa0Ljk5JHaxo5LXdc3bv55BH/97cmFX6HTOY/Lj9ioIHpS/f5p+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUmV6Q2dCMWU3TUFkZ0I0 + dHA3dXd2U0RSRzNtL3YvdG8rYWdnOTZoTkMwCkNnYnVlVmMyRDNnS1FmWktlNU9N + UW1OMlJYODVzSHNIZWZMRkpPY05Ed3cKLS0tIDg0b0VkT0NrS3NIWE9EdWtWYXc1 + NjNESHpYbVptcnVRYWFKb3RlYkJ6OWMK3JsRXPDvJdKv2UyYIH8kr/WKbXgUDXbc + fYOD0Huo73BA0vr8PlrsF4STVgJr/arKCMdI1C0bDdcwjExKnR1tIw== + -----END AGE ENCRYPTED FILE----- + - recipient: age198jg29ryg3c0qj3yg6y9ha4ce2ue4hjdaa9kalf49fxju74dhchsquvjzp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTGNKOWczaityaXowWi9I + dmh0MjJoelV3bVlzeGpLZmVTVzJjckwwQUFzCk81ZHlTcm5oWHRQNklreUR4bWNS + OVdQelQ4YXkzeWZqOWZoNWlOVkZpWUkKLS0tIDZKQUU3LzV0UUhnRHVHQkFadkxm + djRyUEYyZ2srMlVxR0JtQlFqSWV1QWcKMIF9Sq4TUUmpVZAukjTjFbIrMxcE3+el + QSrHIm1HXLXwCKLDQ2N6b8Q9iUo/XMV0wsD3TLxdnUfegpQpfsDhag== -----END AGE ENCRYPTED FILE----- lastmodified: "2026-04-14T02:12:27Z" mac: ENC[AES256_GCM,data:6cg659/N2U31u8KQUtRypS7oUb7JfbodrX8wkNjMhDN5cGEDL2wrFZ+51uYblBGhXwLR5Isk7XNSzzgHNsUeQZlJEY2/OUIZ5TOYmKpWUSpSQTwF08MqqNXj9qgSle5yfrvi43+743b50Eh3VExtpF0gpODwunPoBXl0L89Or00=,iv:Kr+GtbwqyElWgnf6mKc1lXPicCvkWoQj5LGy6r7jcM8=,tag:IjmHvCQo9kI5BZFghnUMwg==,type:str] diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index e423815..f12500e 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -22,7 +22,6 @@ in ''; }; - searxng.enable = mkEnableOption "Publicly exposed SearXNG endpoint with secret path via sops"; }; config = mkIf cfg.enable { @@ -116,15 +115,6 @@ in }; }; - virtualHosts."searxng.${domain}" = mkIf cfg.searxng.enable { - useACMEHost = domain; - forceSSL = true; - locations."/".return = "404"; - extraConfig = '' - include ${config.sops.templates."nginx-searxng-location.conf".path}; - ''; - }; - virtualHosts."chat.${domain}" = { useACMEHost = domain; forceSSL = true; @@ -139,8 +129,19 @@ in useACMEHost = domain; forceSSL = true; locations."/" = { - proxyPass = "http://192.168.0.23:8000"; + proxyPass = "http://192.168.0.23:8321"; proxyWebsockets = true; + extraConfig = '' + # API key auth — validated against the sops-managed key + set $api_key ""; + if ($http_authorization ~* "^Bearer (.+)$") { + set $api_key $1; + } + if ($api_key = "") { + return 401 '{"error": "Missing Authorization header"}'; + } + include ${config.sops.templates."nginx-ai-auth.conf".path}; + ''; }; }; diff --git a/system/machines/server/system.nix b/system/machines/server/system.nix index b8674dd..b0247a2 100644 --- a/system/machines/server/system.nix +++ b/system/machines/server/system.nix @@ -9,20 +9,18 @@ # Camera RTSP credentials (used by frigate/go2rtc) sops.secrets = let cameras = { sopsFile = ../../../secrets/system/cameras.yaml; }; - searxng = { sopsFile = ../../../secrets/system/searxng.yaml; }; + llama = { sopsFile = ../../../secrets/system/llama.yaml; }; in { "RTSP_USER" = cameras; "RTSP_PASS" = cameras; - "SEARXNG_TOKEN" = searxng; + "LLAMA_API_KEY" = llama; }; - sops.templates."nginx-searxng-location.conf" = { + # API key auth for ai.ramos.codes — nginx validates Bearer token against sops secret + sops.templates."nginx-ai-auth.conf" = { content = '' - location /${config.sops.placeholder."SEARXNG_TOKEN"}/ { - proxy_pass http://192.168.0.23:8080/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + if ($api_key != "${config.sops.placeholder."LLAMA_API_KEY"}") { + return 401 '{"error": "Invalid API key"}'; } ''; owner = "nginx"; @@ -31,7 +29,6 @@ modules.system = { nginx = { enable = true; - searxng.enable = true; }; sandpack.enable = true; forgejo.enable = true; From cb5b10493fd9af2bcbc3b1a27841d98b6db51e1e Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 23:28:14 -0400 Subject: [PATCH 04/11] llama-stack --- .../machines/server/modules/nginx/default.nix | 43 +++++++++++++------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index f12500e..8496379 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -125,23 +125,40 @@ in }; }; - virtualHosts."ai.${domain}" = { + virtualHosts."ai.${domain}" = let + apiKeyAuth = '' + set $api_key ""; + if ($http_authorization ~* "^Bearer (.+)$") { + set $api_key $1; + } + if ($api_key = "") { + return 401 '{"error": "Missing Authorization header"}'; + } + include ${config.sops.templates."nginx-ai-auth.conf".path}; + ''; + in { useACMEHost = domain; forceSSL = true; + + # Web UI — llama.cpp chat interface (browser) + # Auth handled by llama.cpp itself (--api-key flag) locations."/" = { - proxyPass = "http://192.168.0.23:8321"; + proxyPass = "http://192.168.0.23:8000"; proxyWebsockets = true; - extraConfig = '' - # API key auth — validated against the sops-managed key - set $api_key ""; - if ($http_authorization ~* "^Bearer (.+)$") { - set $api_key $1; - } - if ($api_key = "") { - return 401 '{"error": "Missing Authorization header"}'; - } - include ${config.sops.templates."nginx-ai-auth.conf".path}; - ''; + }; + + # API — Llama Stack (opencode, programmatic clients) + locations."/v1/" = { + proxyPass = "http://192.168.0.23:8321/v1/"; + proxyWebsockets = true; + extraConfig = apiKeyAuth; + }; + + # Llama Stack beta API + locations."/v1beta/" = { + proxyPass = "http://192.168.0.23:8321/v1beta/"; + proxyWebsockets = true; + extraConfig = apiKeyAuth; }; }; From 54b2a18d6622491daf476cb24ef4d3f9644ba709 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 23:57:20 -0400 Subject: [PATCH 05/11] timeout --- system/machines/server/modules/nginx/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index 8496379..cac2217 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -151,14 +151,20 @@ in locations."/v1/" = { proxyPass = "http://192.168.0.23:8321/v1/"; proxyWebsockets = true; - extraConfig = apiKeyAuth; + extraConfig = apiKeyAuth + '' + proxy_read_timeout 300s; + proxy_send_timeout 300s; + ''; }; # Llama Stack beta API locations."/v1beta/" = { proxyPass = "http://192.168.0.23:8321/v1beta/"; proxyWebsockets = true; - extraConfig = apiKeyAuth; + extraConfig = apiKeyAuth + '' + proxy_read_timeout 300s; + proxy_send_timeout 300s; + ''; }; }; From 3feb5ddc6b6416e5117344a8efd033908da0d3cc Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Mon, 13 Apr 2026 23:58:49 -0400 Subject: [PATCH 06/11] fix perms --- system/machines/server/system.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/machines/server/system.nix b/system/machines/server/system.nix index b0247a2..3572a8b 100644 --- a/system/machines/server/system.nix +++ b/system/machines/server/system.nix @@ -13,7 +13,7 @@ in { "RTSP_USER" = cameras; "RTSP_PASS" = cameras; - "LLAMA_API_KEY" = llama; + "LLAMA_API_KEY" = llama // { owner = config.user.name; }; }; # API key auth for ai.ramos.codes — nginx validates Bearer token against sops secret From 46adf8e9f055df62748391dc5290cdf68401d2fa Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Tue, 14 Apr 2026 00:41:39 -0400 Subject: [PATCH 07/11] seperate routing for llama & stack --- system/machines/server/modules/nginx/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index cac2217..32d754b 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -140,15 +140,16 @@ in useACMEHost = domain; forceSSL = true; - # Web UI — llama.cpp chat interface (browser) + # Web UI + llama.cpp API (browser, /v1/* calls from the UI) # Auth handled by llama.cpp itself (--api-key flag) locations."/" = { proxyPass = "http://192.168.0.23:8000"; proxyWebsockets = true; }; - # API — Llama Stack (opencode, programmatic clients) - locations."/v1/" = { + # Llama Stack API (opencode, programmatic clients) + # Clients use baseURL: https://ai.ramos.codes/stack/v1 + locations."/stack/v1/" = { proxyPass = "http://192.168.0.23:8321/v1/"; proxyWebsockets = true; extraConfig = apiKeyAuth + '' @@ -158,7 +159,7 @@ in }; # Llama Stack beta API - locations."/v1beta/" = { + locations."/stack/v1beta/" = { proxyPass = "http://192.168.0.23:8321/v1beta/"; proxyWebsockets = true; extraConfig = apiKeyAuth + '' From 573f5ec95d1ef52da8fd26fb6252286214b9e901 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Tue, 14 Apr 2026 00:51:25 -0400 Subject: [PATCH 08/11] mcp --- system/machines/server/modules/nginx/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index 32d754b..8e03e7c 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -158,6 +158,16 @@ in ''; }; + # MCP servers (namespaced, for llama.cpp web UI + direct access) + locations."/mcp/web_search/" = { + proxyPass = "http://192.168.0.23:8002/"; + proxyWebsockets = true; + extraConfig = '' + proxy_read_timeout 300s; + proxy_send_timeout 300s; + ''; + }; + # Llama Stack beta API locations."/stack/v1beta/" = { proxyPass = "http://192.168.0.23:8321/v1beta/"; From d8be05169ca4646793915967fcd21da8962d3a2f Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Tue, 14 Apr 2026 00:55:20 -0400 Subject: [PATCH 09/11] api key --- system/machines/server/modules/nginx/default.nix | 1 + system/machines/server/system.nix | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index 8e03e7c..41e7687 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -163,6 +163,7 @@ in proxyPass = "http://192.168.0.23:8002/"; proxyWebsockets = true; extraConfig = '' + include ${config.sops.templates."nginx-mcp-auth.conf".path}; proxy_read_timeout 300s; proxy_send_timeout 300s; ''; diff --git a/system/machines/server/system.nix b/system/machines/server/system.nix index 3572a8b..43b75f6 100644 --- a/system/machines/server/system.nix +++ b/system/machines/server/system.nix @@ -26,6 +26,16 @@ owner = "nginx"; }; + # MCP endpoint auth — validates X-API-Key header + sops.templates."nginx-mcp-auth.conf" = { + content = '' + if ($http_x_api_key != "${config.sops.placeholder."LLAMA_API_KEY"}") { + return 401 '{"error": "Unauthorized"}'; + } + ''; + owner = "nginx"; + }; + modules.system = { nginx = { enable = true; From 9ad55ac79a9cac9c59a4b85fab8c22dc0b758150 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Tue, 14 Apr 2026 01:46:53 -0400 Subject: [PATCH 10/11] updated secret --- secrets/system/llama.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/system/llama.yaml b/secrets/system/llama.yaml index a538022..6df19c1 100644 --- a/secrets/system/llama.yaml +++ b/secrets/system/llama.yaml @@ -1,4 +1,4 @@ -LLAMA_API_KEY: ENC[AES256_GCM,data:J9MRO+I4P1E6+v6xvUd9fGgCsUqTjKN+nt1W2rSia+hLyS4p5z6edGJzsf0GAeLeO0wW8WXSj04lpWSgzDKIVA==,iv:teWpdiiqFEcYy+b8PqkbClzFMoItBLUiBfCViHcqWCQ=,tag:/kmmzhs/nIfICmQMdyUPfQ==,type:str] +LLAMA_API_KEY: ENC[AES256_GCM,data:ZVDpwGAxnHbHxt+JW3mYGyyBU5JfFAbjc/byq6Ok9wTlpQZBx969Z0wV74F5pR4axmpdGs7XlZDh1rJaQTn7lg==,iv:oAG9G25x+1FRkRNBRzLW2UJmbSxgx5Cu64Qo/6VzAyw=,tag:nkO/SdzjjLxH4fkgIdwUYQ==,type:str] sops: age: - recipient: age17ejyzyk52unr6eyaa9rpunxpmf7u9726v6sx7me3ww3mdu5xzgjqsgj9gl @@ -19,7 +19,7 @@ sops: djRyUEYyZ2srMlVxR0JtQlFqSWV1QWcKMIF9Sq4TUUmpVZAukjTjFbIrMxcE3+el QSrHIm1HXLXwCKLDQ2N6b8Q9iUo/XMV0wsD3TLxdnUfegpQpfsDhag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-14T02:12:27Z" - mac: ENC[AES256_GCM,data:6cg659/N2U31u8KQUtRypS7oUb7JfbodrX8wkNjMhDN5cGEDL2wrFZ+51uYblBGhXwLR5Isk7XNSzzgHNsUeQZlJEY2/OUIZ5TOYmKpWUSpSQTwF08MqqNXj9qgSle5yfrvi43+743b50Eh3VExtpF0gpODwunPoBXl0L89Or00=,iv:Kr+GtbwqyElWgnf6mKc1lXPicCvkWoQj5LGy6r7jcM8=,tag:IjmHvCQo9kI5BZFghnUMwg==,type:str] + lastmodified: "2026-04-14T05:45:37Z" + mac: ENC[AES256_GCM,data:G+o6OhNF5AFBDKQEU3f1MZ+GOkxQj/m7NNk4Ti8PxPPOHdByoCrauvgB78SdQf5ubcfupElcNB0yF5QsG3/m7eGaSA+8J0cDL6jB3NEE5EUbW1Fuzzg2Ez1JnFu4BstkLiDRD/TribXMNFAjykmNrHt4zee6fhU3H0MOn7+Acok=,iv:IqBLSBq1kOMRHQn1IvU8OgmWGn6EFJcef/rNr38txmY=,tag:/mSWgbPbhUNoIm3x+6zyRA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 From 042820fb2a88c46389e477abf5181b78d02222a3 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Tue, 14 Apr 2026 02:19:14 -0400 Subject: [PATCH 11/11] pruned --- .../machines/server/modules/nginx/default.nix | 31 ------------------- 1 file changed, 31 deletions(-) diff --git a/system/machines/server/modules/nginx/default.nix b/system/machines/server/modules/nginx/default.nix index 41e7687..3f4b0f2 100644 --- a/system/machines/server/modules/nginx/default.nix +++ b/system/machines/server/modules/nginx/default.nix @@ -91,17 +91,6 @@ in }; }; - virtualHosts."test.${domain}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - return = "200 'nginx is working'"; - extraConfig = '' - add_header Content-Type text/plain; - ''; - }; - }; - virtualHosts."wg.${domain}" = { useACMEHost = domain; forceSSL = true; @@ -115,16 +104,6 @@ in }; }; - virtualHosts."chat.${domain}" = { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://192.168.0.23:3080"; - proxyWebsockets = true; - extraConfig = privateAccessRules; - }; - }; - virtualHosts."ai.${domain}" = let apiKeyAuth = '' set $api_key ""; @@ -168,16 +147,6 @@ in proxy_send_timeout 300s; ''; }; - - # Llama Stack beta API - locations."/stack/v1beta/" = { - proxyPass = "http://192.168.0.23:8321/v1beta/"; - proxyWebsockets = true; - extraConfig = apiKeyAuth + '' - proxy_read_timeout 300s; - proxy_send_timeout 300s; - ''; - }; }; virtualHosts."comfy.${domain}" = {