Add default enclave config and template

tinfoilanalytics · Jan 27, 2025 · b4686e8 · b4686e8
1 parent 41bdbcc
commit b4686e8
Show file tree

Hide file tree

Showing 5 changed files with 111 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,22 @@
+name: Build and Attest
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: large
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: tinfoilanalytics/[email protected]
+        with:
+          docker-context: .
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,20 @@
+FROM ghcr.io/tinfoilanalytics/nitro-attestation-shim:v0.2.2 AS shim
+
+FROM ollama/ollama
+
+RUN apt update -y
+RUN apt install -y iproute2 jq
+
+COPY --from=shim /nitro-attestation-shim /nitro-attestation-shim
+COPY config.json /app/config.json
+COPY start.sh /app/start.sh
+
+ENV HOME=/
+
+RUN chmod +x /app/start.sh && \
+    nohup bash -c "ollama serve &" && sleep 5 && \
+    for model in $(jq -r '.models[]' /app/config.json); do \
+    ollama pull "$model"; \
+    done
+
+ENTRYPOINT ["/app/start.sh"]
diff --git a/README.md b/README.md
@@ -1,2 +1,34 @@
 # default-models-nitro
-Default CPU-only model enclave for Tinfoil
+
+This repository serves as both:
+
+- Tinfoil's default inference enclave running CPU-only models using Ollama inference server, on AWS Nitro Enclaves
+- A template for running your choice of CPU-only models on Nitro Enclaves
+
+## Default Configuration
+
+The default enclave runs the following models:
+
+- `llama3.2:1b`
+- `llama-guard3:1b`
+- `qwen2.5-coder:0.5b`
+- `nomic-embed-text`
+
+And exposes the following endpoints for inference:
+
+- `/api/chat`
+- `/v1/chat/completions`
+- `/api/generate`
+- `/api/embed`
+
+As shown in `config.json`.
+
+## Custom Configuration
+
+If you want to run a different set of models and/or expose a different set of endpoints:
+
+1. Click "Use this template" to create a new repository
+2. Edit `config.json` to customize:
+    - `models`: Any model from Ollama's [library](https://ollama.com/library)
+    - `paths`: API endpoints from Ollama's [API documentation](https://ollama.ai/docs/api) you want to expose
+3. Create a release tag (e.g. `v0.0.1`) to trigger the build workflow
diff --git a/config.json b/config.json
@@ -0,0 +1,14 @@
+{
+    "models": [
+        "llama3.2:1b",
+        "llama-guard3:1b",
+        "qwen2.5-coder:0.5b",
+        "nomic-embed-text"
+    ],
+    "paths": [
+        "/api/chat",
+        "/v1/chat/completions",
+        "/api/generate",
+        "/api/embed"
+    ]
+}
diff --git a/start.sh b/start.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Read configuration
+CONFIG_FILE="/app/config.json"
+PATHS=$(jq -r '.paths[]' $CONFIG_FILE)
+
+# Build shim arguments
+SHIM_ARGS=(
+    "-e" "[email protected]"
+    "-u" "11434"
+)
+
+# Add paths from config
+for path in $PATHS; do
+    SHIM_ARGS+=("-p" "$path")
+done
+
+# Add final arguments
+SHIM_ARGS+=("--" "/bin/ollama" "serve")
+
+# Execute shim with arguments
+exec /nitro-attestation-shim "${SHIM_ARGS[@]}"