hosts/herra/ai.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

{pkgs, ...}: {
  # ----------------------------
  # Docker runtime (for UI only)
  # ----------------------------
  virtualisation.docker.enable = true;
  virtualisation.docker.autoPrune.enable = true;

  # ----------------------------
  # Ollama (native, stable core)
  # ----------------------------
  services.ollama = {
    enable = true;
    host = "127.0.0.1";
    port = 11434;
  };

  # ----------------------------
  # Persistent storage
  # ----------------------------
  systemd.tmpfiles.rules = [
    "d /var/lib/odysseus 0755 root root -"
  ];

  # ----------------------------
  # Odysseus UI container (minimal)
  # ----------------------------
  virtualisation.oci-containers.containers.odysseus = {
    image = "ghcr.io/pewdiepie-archdaemon/odysseus:latest";

    ports = [
      "7000:7000"
    ];

    volumes = [
      "/var/lib/odysseus:/app/data"
    ];

    environment = {
      LLM_HOST = "http://host.docker.internal:11434";
      AUTH_ENABLED = "true";
    };

    extraOptions = [
      "--add-host=host.docker.internal:host-gateway"
      "--restart=unless-stopped"
    ];
  };

  # ----------------------------
  # Optional: reverse proxy (clean URL)
  # ----------------------------
  services.nginx = {
    enable = true;

    virtualHosts."ai.local" = {
      locations."/" = {
        proxyPass = "http://127.0.0.1:7000";
        proxyWebsockets = true;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    7000
  ];
}