Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

openwebui test
2025-08-21 11:37:24 -05:00 · 2025-08-21 11:37:23 -05:00
4 changed files with 87 additions and 0 deletions
--- a/common/_services/forejo.nix
+++ b/common/_services/forejo.nix
--- a/common/_services/librechat.nix
+++ b/common/_services/librechat.nix
--- a/hosts/h001/containers/default.nix
+++ b/hosts/h001/containers/default.nix
@ -12,6 +12,7 @@ in
    ./opengist.nix
    ./homarr.nix
    ./zitadel.nix
    ./open-webui.nix
  ];
  config = {
--- a/hosts/h001/containers/open-webui.nix
+++ b/hosts/h001/containers/open-webui.nix
@ -0,0 +1,86 @@
 {
  config,
  lib,
  ...
 }:
 let
  name = "open-webui";
  hostAddress = "10.0.0.1";
  containerAddress = "10.0.0.4";
  hostAddress6 = "fc00::1";
  containerAddress6 = "fc00::4";
 in
 {
  options = { };
  config = {
    services.nginx.virtualHosts."chat.joshuabell.xyz" = {
      locations = {
        "/" = {
          proxyWebsockets = true;
          recommendedProxySettings = true;
          proxyPass = "http://${containerAddress}:8080";
          extraConfig = ''
            proxy_set_header X-Forwarded-Proto https;
          '';
        };
      };
    };
    containers.${name} = {
      # ephemeral = true; # Trying out a non ephemeral container setup...
      autoStart = true;
      privateNetwork = true;
      hostAddress = hostAddress;
      localAddress = containerAddress;
      hostAddress6 = hostAddress6;
      localAddress6 = containerAddress6;
      config =
        { config, pkgs, ... }:
        {
          system.stateVersion = "25.05";
          networking = {
            firewall = {
              enable = true;
            };
            # Use systemd-resolved inside the container
            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
            useHostResolvConf = lib.mkForce false;
          };
          services.resolved.enable = true;
          services.open-webui = {
            enable = true;
            port = 8080;
            host = "::";
            openFirewall = true;
            environment = {
              # Declarative config, we don't use admin panel for anything
              ENABLE_PERSISTENT_CONFIG = false;
              ENABLE_OAUTH_PERSISTENT_CONFIG = false;
              WEBUI_URL = "https://chat.joshuabell.xyz";
              CUSTOM_NAME = "Josh AI";
              ENV = "prod";
              ENABLE_SIGNUP = false;
              ENABLE_LOGIN_FORM = false;
              ENABLE_OAUTH_SIGNUP = true;
              WEBUI_SESSION_COOKIE_SAME_SITE = "lax";
              # OAUTH_SUB_CLAIM = "";
              # OAUTH_UPDATE_PICTURE_ON_LOGIN = true;
              # OAUTH_PICTURE_CLAIM = "";
              # WEBUI_AUTH_TRUSTED_EMAIL_HEADER
              OAUTH_CLIENT_ID = "334366065716953091";
              OAUTH_CLIENT_SECRET = "";
              OPENID_PROVIDER_URL = "https://sso.joshuabell.xyz/.well-known/openid-configuration";
              # OAUTH_PROVIDER_NAME = "";
              # OAUTH_SCOPES = "";
              # OPENID_REDIRECT_URI = "https://chat.joshuabell.xyz/oauth/oidc/callback";
            };
          };
        };
    };
  };
 }
Author	SHA1	Message	Date
RingOfStorms (Joshua Bell)	37231b8b68	Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles	2025-08-21 11:37:24 -05:00
RingOfStorms (Joshua Bell)	6170ae32b4	openwebui test	2025-08-21 11:37:23 -05:00