From 13163dc1fb0f328d1327c689bdead0f80b18d979 Mon Sep 17 00:00:00 2001 From: Jordan Holt Date: Mon, 2 Jun 2025 23:21:29 +0100 Subject: [PATCH] hosts/library: add open-webui --- flake.lock | 8 ++++---- hosts/library/ai.nix | 34 ++++++++++++++++++++++++++++++++++ hosts/library/default.nix | 1 + hosts/library/nginx.nix | 12 ++++++++++++ hosts/library/tunnel.nix | 1 + hosts/vps1/nginx.nix | 8 ++++++++ 6 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 hosts/library/ai.nix diff --git a/flake.lock b/flake.lock index 0a55679..57c8d8b 100644 --- a/flake.lock +++ b/flake.lock @@ -864,11 +864,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1748291697, - "narHash": "sha256-JR+fy+JcZgPqwvUUgtZoshjzFZQKYTTMuhOceat8MEs=", + "lastModified": 1748902299, + "narHash": "sha256-JwF4JjCldYyMqk0E97iyOnlxX1nB3falBI3/xus+ciI=", "ref": "refs/heads/master", - "rev": "175720e8761b9eb2e8616bee78825750d0600a69", - "revCount": 30, + "rev": "900d707866109485d776256a8717a8c2610706b2", + "revCount": 31, "type": "git", "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" }, diff --git a/hosts/library/ai.nix b/hosts/library/ai.nix new file mode 100644 index 0000000..0c3ab98 --- /dev/null +++ b/hosts/library/ai.nix @@ -0,0 +1,34 @@ +{ + inputs, + config, + pkgs, + ... +}: + +{ + age.secrets."files/services/open-webui/envfile" = { + file = "${inputs.secrets}/files/services/open-webui/envfile.age"; + }; + + services.open-webui = { + enable = true; + package = pkgs.unstable.open-webui; + port = 8081; + environment = + let + clientId = "open-webui"; + publicUrl = "https://chat.ai.vimium.com"; + in + { + WEBUI_URL = publicUrl; + ENABLE_LOGIN_FORM = "False"; + ENABLE_OAUTH_SIGNUP = "True"; + ENABLE_OAUTH_ROLE_MANAGEMENT = "True"; + OAUTH_CLIENT_ID = clientId; + OAUTH_PROVIDER_NAME = "Vimium"; + OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration"; + OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback"; + }; + environmentFile = config.age.secrets."files/services/open-webui/envfile".path; + }; +} diff --git a/hosts/library/default.nix b/hosts/library/default.nix index 4e9a2dc..3ad9cee 100644 --- a/hosts/library/default.nix +++ b/hosts/library/default.nix @@ -5,6 +5,7 @@ { imports = [ ./hardware-configuration.nix + ./ai.nix ./grafana.nix ./jellyfin.nix ./nginx.nix diff --git a/hosts/library/nginx.nix b/hosts/library/nginx.nix index 0ae2f02..1aa0c00 100644 --- a/hosts/library/nginx.nix +++ b/hosts/library/nginx.nix @@ -36,6 +36,18 @@ ''; }; }; + "chat.ai.vimium.com" = { + listen = [ + { + addr = "127.0.0.1"; + port = 8001; + } + ]; + locations."/" = { + proxyPass = "http://localhost:8081"; + extraConfig = proxyConfig; + }; + }; "jellyfin.vimium.com" = { default = true; listen = [ diff --git a/hosts/library/tunnel.nix b/hosts/library/tunnel.nix index 7cc86fb..2c7ee7d 100644 --- a/hosts/library/tunnel.nix +++ b/hosts/library/tunnel.nix @@ -22,6 +22,7 @@ -o TCPKeepAlive=no \ -i %h/.ssh/id_jellyfin \ -R localhost:8000:localhost:8000 \ + -R localhost:8001:localhost:8001 \ jellyfin@vps1.mesh.vimium.net ''; Restart = "always"; diff --git a/hosts/vps1/nginx.nix b/hosts/vps1/nginx.nix index 1609a83..e1c4c39 100644 --- a/hosts/vps1/nginx.nix +++ b/hosts/vps1/nginx.nix @@ -85,6 +85,14 @@ in virtualHosts = { ## Static sites + "chat.ai.vimium.com" = { + forceSSL = true; + enableACME = true; + extraConfig = nginxErrorPages + nginxEdgeHeaders; + locations."/" = { + proxyPass = "http://localhost:8001"; + }; + }; "jellyfin.vimium.com" = { forceSSL = true; enableACME = true;