Adds the ollama/ollama container on port 11434, a persistent model store at /var/ollama, and a oneshot service that pulls the model on first boot. Opens port 11434 in the firewall. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
682 B
Nix
27 lines
682 B
Nix
{pkgs, ...}: {
|
|
networking.firewall.allowedTCPPorts = [
|
|
80 #nginx/http
|
|
22 #ssh
|
|
222 #ubuntu vm ssh
|
|
443 #ssl
|
|
|
|
2200 #forgejo ssh
|
|
3000 #forgejo http
|
|
|
|
8082 #webdav
|
|
8087 #nextcloud
|
|
|
|
5432 #coldairnetworks postgres
|
|
9090 #sync.io
|
|
|
|
11434 #ollama
|
|
];
|
|
|
|
# Allow DNS from all podman bridge networks (10.89.0.0/16).
|
|
# NixOS auto-adds a rule for podman0 but not for networks created by
|
|
# docker-compose/arion (podman1, podman2, podman3…).
|
|
networking.firewall.extraCommands = ''
|
|
iptables -I nixos-fw -s 10.89.0.0/16 -p udp --dport 53 -j nixos-fw-accept
|
|
iptables -I nixos-fw -s 10.89.0.0/16 -p tcp --dport 53 -j nixos-fw-accept
|
|
'';
|
|
}
|