From 7fdd996f29d983d544bb44db994dea6a8a370802 Mon Sep 17 00:00:00 2001
From: Davide Polonio <poloniodavide@gmail.com>
Date: Wed, 11 Mar 2026 14:27:02 +0100
Subject: [PATCH] feat: add first ollama stack

---
 ollama/Caddyfile          | 28 +++++++++++++
 ollama/docker-compose.yml | 84 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 112 insertions(+)
 create mode 100644 ollama/Caddyfile
 create mode 100644 ollama/docker-compose.yml

diff --git a/ollama/Caddyfile b/ollama/Caddyfile
new file mode 100644
index 0000000..977fa8a
--- /dev/null
+++ b/ollama/Caddyfile
@@ -0,0 +1,28 @@
+{
+    email {env.LETSENCRYPT_EMAIL}
+}
+
+*.lan.poldebra.me {
+    tls {
+        dns namecheap {
+            api_key {env.NAMECHEAP_API_KEY}
+            user {env.NAMECHEAP_API_USER}
+            api_endpoint https://api.namecheap.com/xml.response
+        }
+        resolvers 1.1.1.1 8.8.8.8
+    }
+
+    @ollama host ollama.lan.poldebra.me
+    handle @ollama {
+        header {
+          X-Real-IP {remote_host}
+          X-Forwarded-For {remote_host}
+          X-Forwarded-Proto {scheme}
+          X-Forwarded-Host {host}
+          X-Forwarded-Port {server_port}
+        }
+        reverse_proxy 172.23.0.5:11434 {
+            header_up X-Forwarded-Proto {scheme}
+        }
+    }
+}
diff --git a/ollama/docker-compose.yml b/ollama/docker-compose.yml
new file mode 100644
index 0000000..bf17017
--- /dev/null
+++ b/ollama/docker-compose.yml
@@ -0,0 +1,84 @@
+services:
+  app:
+    image: ollama/ollama:rocm
+    restart: unless-stopped
+    hostname: ollama
+    container_name: ollama
+    user: 1000:1000
+    volumes:
+      - "/srv/ollama/data:/root/.ollama"
+    devices:
+      - "/dev/kfd:/dev/kfd"
+      - "/dev/dri:/dev/dri"
+    networks:
+      internal:
+        ipv4_address: 172.23.0.5
+    logging:
+      driver: "json-file"
+      options:
+        mode: "non-blocking"
+        max-size: "10m"
+        max-file: "3"
+
+  tailscale:
+    hostname: ollama
+    image: tailscale/tailscale:latest
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "tailscale status"]
+      interval: 1s
+      timeout: 5s
+      retries: 60
+    volumes:
+      - /srv/docker/ollama/tailscale:/var/lib
+      - /lib/modules:/lib/modules:ro
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+      - net_raw
+    command: tailscaled
+    networks:
+      - internal
+    logging:
+      driver: "json-file"
+      options:
+        mode: "non-blocking"
+        max-size: "10m"
+        max-file: "3"
+
+  reverse_proxy:
+    image: caddybuilds/caddy-namecheap:2-alpine
+    restart: unless-stopped
+    network_mode: service:tailscale
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - /srv/docker/ollama/caddy/config/:/config/caddy:rw
+      - /srv/docker/ollama/caddy/data/:/data/caddy:rw
+      - /srv/docker/ollama/caddy/share/:/usr/share/caddy:rw
+    env_file:
+      - caddy.env
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "https://ollama.lan.poldebra.me"]
+      interval: 10s
+      timeout: 30s
+      retries: 5
+      start_period: 90s
+    depends_on:
+      app:
+        condition: service_started
+      tailscale:
+        condition: service_healthy
+    logging:
+      driver: "json-file"
+      options:
+        mode: "non-blocking"
+        max-size: "10m"
+        max-file: "3"
+
+networks:
+  internal:
+    ipam:
+      config:
+        - subnet: 172.23.0.0/24