Run with a Local LLM Provider¶
Use Vibepit with an LLM provider like Ollama, LM Studio, or llama.cpp on your LAN accessible from inside the sandbox while blocking all other access to your local network.
Allow access to the LLM provider in you local network¶
If you have your LLM provider (e.g. Ollama) running on a machine named llm-server on your LAN,
you have to configure Vibepit using the following options to make it work.
By default, Vibepit blocks access to RFC 1918 private IP ranges and other reserved ranges to prevent the sandbox from reaching services on your local network. You should relax this only for the specific range where your LLM provider runs, while keeping everything else blocked.
Add your IP subnet or only single IPs to the allow-cidr list in your global config
(~/.config/vibepit/config.yaml):
# Prevent default CIDR blocker from preventing access to the local network.
allow-cidr:
- 192.168.1.0/24 # for the full subnet
- 192.168.1.2/32 # for a single IP
# Allow proxy server to forward requests to the local LLM provider API
allow-http:
- llm-server:8000
This allows the sandbox to reach any IP in 192.168.1.0/24 or only a single host while the default
block-cidr rules continue to protect all other private ranges.
Note
allow-cidr takes precedence over block-cidr. If both lists contain
overlapping ranges, the allow entry wins.
Configure the upstream DNS resolver¶
If your LAN uses a local DNS server (e.g. Pi-hole, AdGuard Home, or a
corporate DNS), you can point Vibepit's DNS proxy at it by adding
upstream-dns to your global config:
This routes all DNS queries through your LAN resolver after the allowlist check, letting you resolve internal hostnames alongside public domains.
Don't want to change upstream DNS resolver?¶
In this case, you can add the hosts you want to resolve using extra-hosts
Example: Configure OpenCode¶
Extend your ~/.config/opencode/opencode.json config file with the following provider section.