Loading nixos/modules/services/misc/ollama.nix +36 −2 Original line number Diff line number Diff line Loading @@ -21,6 +21,8 @@ in example = "/home/foo"; description = '' The home directory that the ollama service is started in. See also `services.ollama.writablePaths` and `services.ollama.sandbox`. ''; }; models = lib.mkOption { Loading @@ -29,6 +31,37 @@ in example = "/path/to/ollama/models"; description = '' The directory that the ollama service will read models from and download new models to. See also `services.ollama.writablePaths` and `services.ollama.sandbox` if downloading models or other mutation of the filesystem is required. ''; }; sandbox = lib.mkOption { type = types.bool; default = true; example = false; description = '' Whether to enable systemd's sandboxing capabilities. This sets [`DynamicUser`]( https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser= ), which runs the server as a unique user with read-only access to most of the filesystem. See also `services.ollama.writablePaths`. ''; }; writablePaths = lib.mkOption { type = types.listOf types.str; default = [ ]; example = [ "/home/foo" "/mnt/foo" ]; description = '' Paths that the server should have write access to. This sets [`ReadWritePaths`]( https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ReadWritePaths= ), which allows specified paths to be written to through the default sandboxing. See also `services.ollama.sandbox`. ''; }; listenAddress = lib.mkOption { Loading Loading @@ -59,8 +92,8 @@ in type = types.attrsOf types.str; default = { }; example = { HOME = "/tmp"; OLLAMA_LLM_LIBRARY = "cpu"; HIP_VISIBLE_DEVICES = "0,1"; }; description = '' Set arbitrary environment variables for the ollama service. Loading @@ -87,7 +120,8 @@ in ExecStart = "${lib.getExe ollamaPackage} serve"; WorkingDirectory = cfg.home; StateDirectory = [ "ollama" ]; DynamicUser = true; DynamicUser = cfg.sandbox; ReadWritePaths = cfg.writablePaths; }; }; Loading Loading
nixos/modules/services/misc/ollama.nix +36 −2 Original line number Diff line number Diff line Loading @@ -21,6 +21,8 @@ in example = "/home/foo"; description = '' The home directory that the ollama service is started in. See also `services.ollama.writablePaths` and `services.ollama.sandbox`. ''; }; models = lib.mkOption { Loading @@ -29,6 +31,37 @@ in example = "/path/to/ollama/models"; description = '' The directory that the ollama service will read models from and download new models to. See also `services.ollama.writablePaths` and `services.ollama.sandbox` if downloading models or other mutation of the filesystem is required. ''; }; sandbox = lib.mkOption { type = types.bool; default = true; example = false; description = '' Whether to enable systemd's sandboxing capabilities. This sets [`DynamicUser`]( https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser= ), which runs the server as a unique user with read-only access to most of the filesystem. See also `services.ollama.writablePaths`. ''; }; writablePaths = lib.mkOption { type = types.listOf types.str; default = [ ]; example = [ "/home/foo" "/mnt/foo" ]; description = '' Paths that the server should have write access to. This sets [`ReadWritePaths`]( https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ReadWritePaths= ), which allows specified paths to be written to through the default sandboxing. See also `services.ollama.sandbox`. ''; }; listenAddress = lib.mkOption { Loading Loading @@ -59,8 +92,8 @@ in type = types.attrsOf types.str; default = { }; example = { HOME = "/tmp"; OLLAMA_LLM_LIBRARY = "cpu"; HIP_VISIBLE_DEVICES = "0,1"; }; description = '' Set arbitrary environment variables for the ollama service. Loading @@ -87,7 +120,8 @@ in ExecStart = "${lib.getExe ollamaPackage} serve"; WorkingDirectory = cfg.home; StateDirectory = [ "ollama" ]; DynamicUser = true; DynamicUser = cfg.sandbox; ReadWritePaths = cfg.writablePaths; }; }; Loading
