From a13deb82775011c8770521af1cfd3141717175dd Mon Sep 17 00:00:00 2001
From: "Chris (wolcen) Thompson" <chris@agaric.coop>
Date: Sun, 7 Sep 2025 17:18:27 -0400
Subject: [PATCH] Additional ollama settings

---
 hosts/default/configuration.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 28d673f..b364c3e 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -214,8 +214,9 @@ in
     logReversePathDrops = true;
     checkReversePath = "loose";
     extraCommands = ''
-      # Enable connections to Ollama for VPN users:
+      # Enable connections to openweb-ui for VPN users:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.0/24 --destination 10.40.4.2 --dport 8080 -j ACCEPT
+      # Enable connections to ollama from the openweb-ui instance:
       iptables -t filter -I INPUT --protocol TCP --source 10.40.4.2/32 --destination 10.40.4.2 --dport 11434 -j ACCEPT
     '';
     # wireguard trips rpfilter up
@@ -398,9 +399,11 @@ in
   services.ollama = {
     enable = true;
     acceleration = "rocm";
-    #environmentVariables = {
-    #  HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
-    #};
+    environmentVariables = {
+      HCC_AMDGPU_TARGET = "gfx1031"; # used to be necessary, but doesn't seem to anymore
+      OLLAMA_LOAD_TIMEOUT = "2"; # Reduce load timeout (from 5 min)...if it's that big, forget it.
+      OLLAMA_ORIGINS = "10.40.4.2"; # Only accept connections from locally.
+    };
     host = "10.40.4.2"; # See also ip46tables update in firewall extracommands
     rocmOverrideGfx = "10.3.0";
   };