jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

hosts/library: add open-webui
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m17s
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-06-02 23:21:29 +01:00
parent 471c46d4cb
commit 13163dc1fb
6 changed files with 60 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@ -864,11 +864,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748291697, "lastModified": 1748902299,
"narHash": "sha256-JR+fy+JcZgPqwvUUgtZoshjzFZQKYTTMuhOceat8MEs=", "narHash": "sha256-JwF4JjCldYyMqk0E97iyOnlxX1nB3falBI3/xus+ciI=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "175720e8761b9eb2e8616bee78825750d0600a69", "rev": "900d707866109485d776256a8717a8c2610706b2",
"revCount": 30, "revCount": 31,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },

34
hosts/library/ai.nix Normal file
View File

@ -0,0 +1,34 @@
{
inputs,
config,
pkgs,
...
}:
{
age.secrets."files/services/open-webui/envfile" = {
file = "${inputs.secrets}/files/services/open-webui/envfile.age";
};
services.open-webui = {
enable = true;
package = pkgs.unstable.open-webui;
port = 8081;
environment =
let
clientId = "open-webui";
publicUrl = "https://chat.ai.vimium.com";
in
{
WEBUI_URL = publicUrl;
ENABLE_LOGIN_FORM = "False";
ENABLE_OAUTH_SIGNUP = "True";
ENABLE_OAUTH_ROLE_MANAGEMENT = "True";
OAUTH_CLIENT_ID = clientId;
OAUTH_PROVIDER_NAME = "Vimium";
OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
};
environmentFile = config.age.secrets."files/services/open-webui/envfile".path;
};
}

1
hosts/library/default.nix
View File

@ -5,6 +5,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./ai.nix
./grafana.nix ./grafana.nix
./jellyfin.nix ./jellyfin.nix
./nginx.nix ./nginx.nix

12
hosts/library/nginx.nix
View File

@ -36,6 +36,18 @@
''; '';
}; };
}; };
"chat.ai.vimium.com" = {
listen = [
{
addr = "127.0.0.1";
port = 8001;
}
];
locations."/" = {
proxyPass = "http://localhost:8081";
extraConfig = proxyConfig;
};
};
"jellyfin.vimium.com" = { "jellyfin.vimium.com" = {
default = true; default = true;
listen = [ listen = [

1
hosts/library/tunnel.nix
View File

@ -22,6 +22,7 @@
-o TCPKeepAlive=no \ -o TCPKeepAlive=no \
-i %h/.ssh/id_jellyfin \ -i %h/.ssh/id_jellyfin \
-R localhost:8000:localhost:8000 \ -R localhost:8000:localhost:8000 \
-R localhost:8001:localhost:8001 \
jellyfin@vps1.mesh.vimium.net jellyfin@vps1.mesh.vimium.net
''; '';
Restart = "always"; Restart = "always";

8
hosts/vps1/nginx.nix
View File

@ -85,6 +85,14 @@ in
virtualHosts = virtualHosts =
{ {
## Static sites ## Static sites
"chat.ai.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8001";
};
};
"jellyfin.vimium.com" = { "jellyfin.vimium.com" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;