lib: add mkCaddyReverseProxy, mkFail2banJail, mkGrafanaAnnotationService, extractArrApiKey

2026-04-09 19:00:47 -04:00
parent c74d356595
commit 75319256f3
23 changed files with 221 additions and 180 deletions
--- a/services/grafana/llama-cpp-annotations.nix
+++ b/services/grafana/llama-cpp-annotations.nix
@@ -1,39 +1,18 @@
 {
  config,
-  pkgs,
  service_configs,
  lib,
  ...
 }:
-lib.mkIf (config.services.grafana.enable && config.services.llama-cpp.enable) {
-  systemd.services.llama-cpp-annotations = {
+lib.mkIf (config.services.grafana.enable && config.services.llama-cpp.enable) (
+  lib.mkGrafanaAnnotationService {
+    name = "llama-cpp";
    description = "LLM request annotation service for Grafana";
-    after = [
-      "grafana.service"
-      "llama-cpp.service"
-    ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      ExecStart = "${pkgs.python3}/bin/python3 ${./llama-cpp-annotations.py}";
-      Restart = "always";
-      RestartSec = "10s";
-      DynamicUser = true;
-      StateDirectory = "llama-cpp-annotations";
-      NoNewPrivileges = true;
-      ProtectSystem = "strict";
-      ProtectHome = true;
-      PrivateTmp = true;
-      RestrictAddressFamilies = [
-        "AF_INET"
-        "AF_INET6"
-      ];
-      MemoryDenyWriteExecute = true;
-    };
+    script = ./llama-cpp-annotations.py;
+    after = [ "llama-cpp.service" ];
    environment = {
-      GRAFANA_URL = "http://127.0.0.1:${toString service_configs.ports.private.grafana.port}";
-      STATE_FILE = "/var/lib/llama-cpp-annotations/state.json";
      POLL_INTERVAL = "5";
      CPU_THRESHOLD = "50";
    };
-  };
-}
+  }
+)