hosts/library: add open-webui

2025-06-02 23:21:29 +01:00
parent 471c46d4cb
commit 13163dc1fb
6 changed files with 60 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@ -864,11 +864,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1748291697,
-        "narHash": "sha256-JR+fy+JcZgPqwvUUgtZoshjzFZQKYTTMuhOceat8MEs=",
+        "lastModified": 1748902299,
+        "narHash": "sha256-JwF4JjCldYyMqk0E97iyOnlxX1nB3falBI3/xus+ciI=",
        "ref": "refs/heads/master",
-        "rev": "175720e8761b9eb2e8616bee78825750d0600a69",
-        "revCount": 30,
+        "rev": "900d707866109485d776256a8717a8c2610706b2",
+        "revCount": 31,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
--- a/hosts/library/ai.nix
+++ b/hosts/library/ai.nix
@ -0,0 +1,34 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+
+{
+  age.secrets."files/services/open-webui/envfile" = {
+    file = "${inputs.secrets}/files/services/open-webui/envfile.age";
+  };
+
+  services.open-webui = {
+    enable = true;
+    package = pkgs.unstable.open-webui;
+    port = 8081;
+    environment =
+      let
+        clientId = "open-webui";
+        publicUrl = "https://chat.ai.vimium.com";
+      in
+      {
+        WEBUI_URL = publicUrl;
+        ENABLE_LOGIN_FORM = "False";
+        ENABLE_OAUTH_SIGNUP = "True";
+        ENABLE_OAUTH_ROLE_MANAGEMENT = "True";
+        OAUTH_CLIENT_ID = clientId;
+        OAUTH_PROVIDER_NAME = "Vimium";
+        OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
+        OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
+      };
+    environmentFile = config.age.secrets."files/services/open-webui/envfile".path;
+  };
+}
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@ -5,6 +5,7 @@
 {
  imports = [
    ./hardware-configuration.nix
+    ./ai.nix
    ./grafana.nix
    ./jellyfin.nix
    ./nginx.nix
--- a/hosts/library/nginx.nix
+++ b/hosts/library/nginx.nix
@ -36,6 +36,18 @@
            '';
          };
        };
+        "chat.ai.vimium.com" = {
+          listen = [
+            {
+              addr = "127.0.0.1";
+              port = 8001;
+            }
+          ];
+          locations."/" = {
+            proxyPass = "http://localhost:8081";
+            extraConfig = proxyConfig;
+          };
+        };
        "jellyfin.vimium.com" = {
          default = true;
          listen = [
--- a/hosts/library/tunnel.nix
+++ b/hosts/library/tunnel.nix
@ -22,6 +22,7 @@
          -o TCPKeepAlive=no \
          -i %h/.ssh/id_jellyfin \
          -R localhost:8000:localhost:8000 \
+          -R localhost:8001:localhost:8001 \
          jellyfin@vps1.mesh.vimium.net
      '';
      Restart = "always";
--- a/hosts/vps1/nginx.nix
+++ b/hosts/vps1/nginx.nix
@ -85,6 +85,14 @@ in
    virtualHosts =
      {
        ## Static sites
+        "chat.ai.vimium.com" = {
+          forceSSL = true;
+          enableACME = true;
+          extraConfig = nginxErrorPages + nginxEdgeHeaders;
+          locations."/" = {
+            proxyPass = "http://localhost:8001";
+          };
+        };
        "jellyfin.vimium.com" = {
          forceSSL = true;
          enableACME = true;