penal-colony/nixos-vps
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
ashisgreat22 2026-03-21 20:23:32 +00:00
parent ad55793d41
commit 6b64254eab
11 changed files with 155 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/open-webui.nix
View file

@ -50,6 +50,7 @@ in
environment = {
OLLAMA_API_BASE_URL = cfg.ollamaUrl;
WEBUI_URL = "https://${cfg.domain}";
OPENAI_API_BASE_URL = "https://api.tng-chimera.ai/v1/";
};
environmentFile = config.sops.templates."openwebui.env".path;
};
@ -58,10 +59,12 @@ in
sops.templates."openwebui.env" = {
content = ''
WEBUI_SECRET_KEY=${config.sops.placeholder.openwebui_secret_key}
OPENAI_API_KEY=${config.sops.placeholder.tng_api_key}
'';
};
sops.secrets.openwebui_secret_key = { };
sops.secrets.tng_api_key = { };
# Nginx configuration
myModules.nginx.domains.${cfg.domain} = {
@ -69,8 +72,12 @@ in
extraConfig = ''
client_max_body_size 100M;
'';
# Disable rate limiting for OpenWebUI (loads many assets at once)
rateLimit.enable = false;
# Enable WebSocket support for Socket.IO
websockets.enable = true;
# Relaxed CSP for OpenWeb UI — needs unsafe-eval for some JS, WebSockets, external images
contentSecurityPolicy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss: https:; frame-ancestors 'self'";
contentSecurityPolicy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss: https: ws:; frame-ancestors 'self'";
};
};
}