openwebui test

2025-08-21 11:37:23 -05:00 · 2025-08-21 11:37:23 -05:00 · 6170ae32b4
commit 6170ae32b4
parent 8b49688deb
4 changed files with 87 additions and 0 deletions
--- a/hosts/h001/containers/default.nix
+++ b/hosts/h001/containers/default.nix
@ -12,6 +12,7 @@ in
    ./opengist.nix
    ./homarr.nix
    ./zitadel.nix
+    ./open-webui.nix
  ];

  config = {
--- a/hosts/h001/containers/open-webui.nix
+++ b/hosts/h001/containers/open-webui.nix
@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  name = "open-webui";
+
+  hostAddress = "10.0.0.1";
+  containerAddress = "10.0.0.4";
+  hostAddress6 = "fc00::1";
+  containerAddress6 = "fc00::4";
+in
+{
+  options = { };
+  config = {
+    services.nginx.virtualHosts."chat.joshuabell.xyz" = {
+      locations = {
+        "/" = {
+          proxyWebsockets = true;
+          recommendedProxySettings = true;
+          proxyPass = "http://${containerAddress}:8080";
+          extraConfig = ''
+            proxy_set_header X-Forwarded-Proto https;
+          '';
+        };
+      };
+    };
+
+    containers.${name} = {
+      # ephemeral = true; # Trying out a non ephemeral container setup...
+      autoStart = true;
+      privateNetwork = true;
+      hostAddress = hostAddress;
+      localAddress = containerAddress;
+      hostAddress6 = hostAddress6;
+      localAddress6 = containerAddress6;
+      config =
+        { config, pkgs, ... }:
+        {
+          system.stateVersion = "25.05";
+
+          networking = {
+            firewall = {
+              enable = true;
+            };
+            # Use systemd-resolved inside the container
+            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+            useHostResolvConf = lib.mkForce false;
+          };
+          services.resolved.enable = true;
+
+          services.open-webui = {
+            enable = true;
+            port = 8080;
+            host = "::";
+            openFirewall = true;
+            environment = {
+              # Declarative config, we don't use admin panel for anything
+              ENABLE_PERSISTENT_CONFIG = false;
+              ENABLE_OAUTH_PERSISTENT_CONFIG = false;
+
+              WEBUI_URL = "https://chat.joshuabell.xyz";
+              CUSTOM_NAME = "Josh AI";
+              ENV = "prod";
+
+              ENABLE_SIGNUP = false;
+              ENABLE_LOGIN_FORM = false;
+              ENABLE_OAUTH_SIGNUP = true;
+              WEBUI_SESSION_COOKIE_SAME_SITE = "lax";
+              # OAUTH_SUB_CLAIM = "";
+              # OAUTH_UPDATE_PICTURE_ON_LOGIN = true;
+              # OAUTH_PICTURE_CLAIM = "";
+              # WEBUI_AUTH_TRUSTED_EMAIL_HEADER
+              OAUTH_CLIENT_ID = "334366065716953091";
+              OAUTH_CLIENT_SECRET = "";
+              OPENID_PROVIDER_URL = "https://sso.joshuabell.xyz/.well-known/openid-configuration";
+              # OAUTH_PROVIDER_NAME = "";
+              # OAUTH_SCOPES = "";
+              # OPENID_REDIRECT_URI = "https://chat.joshuabell.xyz/oauth/oidc/callback";
+            };
+          };
+        };
+    };
+  };
+}