diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 1d515f8..155ec5d 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -7,35 +7,38 @@ services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; }; - config = lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - } - ]; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + { + services.ollama = { + # TODO: these should match whats set in the users file + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.services.ollama.exposePort (let ports = [ config.services.ollama.port ]; - in - lib.mkIf config.services.ollama.exposePort { + in { + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; }; - })) - ]; + })) + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + }) + ] + ); }