diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 81ad3d0..1d515f8 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -7,45 +7,35 @@ services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; }; - config = lib.mkIf config.services.ollama.enable ( - lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.services.ollama.exposePort (let + config = lib.mkMerge [ + { + services.ollama = { + # TODO: these should match whats set in the users file + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let ports = [ config.services.ollama.port ]; - in { - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + in + lib.mkIf config.services.ollama.exposePort { allowedTCPPorts = ports; allowedUDPPorts = ports; }; - })) - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - } - { - directory = "/var/lib/private/ollama"; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - defaultPerms.mode = "0700"; - } - ]; - }; - }) - ] - ); + })) + ]; }