hosts/profiles/opencode-server/default.nix at main

hyl.st / helm

fork atom

nix config

fork atom

helm / hosts / profiles / opencode-server / default.nix

at main 50 lines 1.1 kB view raw

wrap content

Anish Lakhwara idk some stuff, mostly 25.11 and opencode stuff 7w ago

615ea7b0

 1{
 2  self,
 3  config,
 4  pkgs,
 5  inputs,
 6  ...
 7}:
 8
 9let
10  opencode = inputs.llm-agents.packages.${pkgs.system}.opencode;
11in
12{
13  systemd.services.opencode-server = {
14    description = "OpenCode HTTP Server";
15    after = [ "network.target" ];
16    wantedBy = [ "multi-user.target" ];
17
18    # Read the API key from the agenix secret file and export it
19    script = ''
20      export ANTHROPIC_API_KEY="$(cat /run/agenix/anthropicToken)"
21      exec ${opencode}/bin/opencode serve --port 4096 --hostname 0.0.0.0
22    '';
23
24    serviceConfig = {
25      Type = "simple";
26      WorkingDirectory = "/home/anish/usr";
27      User = "anish";
28      Restart = "on-failure";
29      RestartSec = "10";
30
31      # Hardening
32      NoNewPrivileges = true;
33      PrivateTmp = true;
34    };
35  };
36
37  # Open firewall port for LAN access
38  networking.firewall.allowedTCPPorts = [ 4096 ];
39
40  services.nginx = {
41    enable = true;
42    virtualHosts = {
43      "opencode.mossnet.lan" = {
44        forceSSL = false;
45        enableACME = false;
46        locations."/".proxyPass = "http://localhost:4096/";
47      };
48    };
49  };
50}