diff --git a/services/authelia.nix b/services/authelia.nix index a069823..7e3828b 100644 --- a/services/authelia.nix +++ b/services/authelia.nix @@ -81,6 +81,7 @@ in { domain = "torrent.nordhammer.it"; policy = "one_factor"; } { domain = "profilarr.nordhammer.it"; policy = "one_factor"; } { domain = "sabnzbd.nordhammer.it"; policy = "one_factor"; } + { domain = "ollama.nordhammer.it"; policy = "one_factor"; } ]; }; diff --git a/services/nginx.nix b/services/nginx.nix index 9b81fbd..4d97a26 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -96,6 +96,7 @@ in "sonarr.nordhammer.it" = protectedProxy 8989; "radarr.nordhammer.it" = protectedProxy 7878; "prowlarr.nordhammer.it" = protectedProxy 9696; + # qBit's CSRF check rejects any request whose Referer origin differs # from the Host — after Authelia's redirect the Referer is # auth.nordhammer.it, which trips the check. Strip it so qBit skips. @@ -113,6 +114,7 @@ in "adguard.nordhammer.it" = protectedProxy 3000; "profilarr.nordhammer.it" = protectedProxy 6868; "sabnzbd.nordhammer.it" = protectedProxy 8085; + "ollama.nordhammer.it" = protectedProxy 8888; # --- Local-only: serves update history JSON to Homepage's customapi widget --- "homepage-updates.local" = { diff --git a/services/ollama.nix b/services/ollama.nix index 4631034..954bc49 100644 --- a/services/ollama.nix +++ b/services/ollama.nix @@ -5,5 +5,8 @@ services.ollama.enable = true; services.ollama.acceleration = "cuda"; + services.open-webui.enable = true; + services.open-webui.port = 8888; + }; } \ No newline at end of file