From 6ab901d11f801e3f168b63bf2d2ad79c7cbcea9c Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 28 Jun 2026 20:12:56 -0700 Subject: [PATCH] add Ollama with qwen2.5-coder:1.5b for local LLM inference Adds the ollama/ollama container on port 11434, a persistent model store at /var/ollama, and a oneshot service that pulls the model on first boot. Opens port 11434 in the firewall. Co-Authored-By: Claude Sonnet 4.6 --- nixos/firewall.nix | 2 ++ nixos/linux.nix | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/nixos/firewall.nix b/nixos/firewall.nix index add3da9..84bc5ac 100644 --- a/nixos/firewall.nix +++ b/nixos/firewall.nix @@ -13,6 +13,8 @@ 5432 #coldairnetworks postgres 9090 #sync.io + + 11434 #ollama ]; # Allow DNS from all podman bridge networks (10.89.0.0/16). diff --git a/nixos/linux.nix b/nixos/linux.nix index a3f993a..93e57cd 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -223,6 +223,26 @@ in { systemd.services.arion-atitraining.after = lib.mkAfter [ "build-atitraining-image.service" ]; systemd.services.arion-atitraining.wants = [ "build-atitraining-image.service" ]; + systemd.services.ollama-pull = { + description = "Pull qwen2.5-coder:1.5b model into Ollama"; + wantedBy = [ "multi-user.target" ]; + after = [ "podman-ollama.service" ]; + wants = [ "podman-ollama.service" ]; + path = [ pkgs.curl ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + until curl -sf http://localhost:11434/api/tags > /dev/null 2>&1; do + echo "Waiting for ollama..." + sleep 3 + done + curl -sf http://localhost:11434/api/pull \ + -d '{"name":"qwen2.5-coder:1.5b","stream":false}' + ''; + }; + systemd.services.novnc = { description = "noVNC WebSocket proxy for VNC desktop"; wantedBy = [ "multi-user.target" ]; @@ -319,6 +339,7 @@ in { "d /var/coldairnetworks-db/ssl 0755 root root" "d /var/atitraining/db 0755 root root" "d /var/atitraining/wp-uploads 0755 root root" + "d /var/ollama 0755 root root" ]; networking.hostName = "${hostname}"; @@ -442,6 +463,14 @@ in { user = "0"; # run as root }; + "ollama" = { + autoStart = true; + image = "ollama/ollama:latest"; + ports = ["11434:11434"]; + volumes = ["/var/ollama:/root/.ollama"]; + environment = {}; + }; + "blog-quine" = { autoStart = true; image = "quineglobal/blog-quine@sha256:88097e4867a99a375db490bf7a989c122653cdb48bfdf6d9ad5e2f6a0bfb2d38";