penal-colony/nixos-vps
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
nixos-vps/modules/open-webui.nix
ashisgreat22 6b64254eab .
2026-03-22 01:45:51 +00:00

83 lines
2.3 KiB
Nix
Raw Blame History

# OpenWeb UI Module
# Provides: Web interface for LLMs (Ollama, OpenAI-compatible APIs)
#
# Usage:
# myModules.open-webui = {
# enable = true;
# port = 8080;
# domain = "ai.example.com";
# ollamaUrl = "http://100.64.0.1:11434"; # Remote Ollama via Tailscale/Headscale
# };
{
config,
lib,
...
}:
let
cfg = config.myModules.open-webui;
in
{
options.myModules.open-webui = {
enable = lib.mkEnableOption "OpenWeb UI for LLMs";
port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = "Port to expose OpenWeb UI on localhost";
};
domain = lib.mkOption {
type = lib.types.str;
example = "ai.example.com";
description = "Public domain name for OpenWeb UI";
};
ollamaUrl = lib.mkOption {
type = lib.types.str;
default = "http://127.0.0.1:11434";
example = "http://100.64.0.1:11434";
description = "URL of the Ollama API endpoint";
};
};
config = lib.mkIf cfg.enable {
services.open-webui = {
enable = true;
port = cfg.port;
host = "127.0.0.1";
environment = {
OLLAMA_API_BASE_URL = cfg.ollamaUrl;
WEBUI_URL = "https://${cfg.domain}";
OPENAI_API_BASE_URL = "https://api.tng-chimera.ai/v1/";
};
environmentFile = config.sops.templates."openwebui.env".path;
};
# SOPS template for secrets
sops.templates."openwebui.env" = {
content = ''
WEBUI_SECRET_KEY=${config.sops.placeholder.openwebui_secret_key}
OPENAI_API_KEY=${config.sops.placeholder.tng_api_key}
'';
};
sops.secrets.openwebui_secret_key = { };
sops.secrets.tng_api_key = { };
# Nginx configuration
myModules.nginx.domains.${cfg.domain} = {
port = cfg.port;
extraConfig = ''
client_max_body_size 100M;
'';
# Disable rate limiting for OpenWebUI (loads many assets at once)
rateLimit.enable = false;
# Enable WebSocket support for Socket.IO
websockets.enable = true;
# Relaxed CSP for OpenWeb UI — needs unsafe-eval for some JS, WebSockets, external images
contentSecurityPolicy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss: https: ws:; frame-ancestors 'self'";
};
};
}
Reference in a new issue View git blame Copy permalink