From c721d2e8f196ecbcdc44b0610c9ed14f77304b59 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Fri, 11 Jul 2025 11:26:59 -0400
Subject: [PATCH] lock down llm usage

---
 modules/services/ollama/nginx.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/services/ollama/nginx.nix b/modules/services/ollama/nginx.nix
index eee9c94..8fd0217 100644
--- a/modules/services/ollama/nginx.nix
+++ b/modules/services/ollama/nginx.nix
@@ -1,5 +1,5 @@
-{
-  nginx = {
+{inputs, ...}: {
+  services.nginx = {
     enable = true;
     recommendedProxySettings = true;
     virtualHosts = {
@@ -7,6 +7,11 @@
         forceSSL = true;
         useACMEHost = "chat.wanderingcrow.net";
         locations."/" = {
+          extraConfig = ''
+            allow 192.168.0.0/16;
+            allow ${inputs.nix-secrets.network.primary.publicIP};
+            deny all;
+          '';
           proxyPass = "http://192.168.0.72:3000";
           proxyWebsockets = true;
         };