add openwebui

2026-02-01 14:03:13 -06:00
parent 7dd49cd8e4
commit 8a8b48a6cc
3 changed files with 106 additions and 7 deletions
--- a/system/virtualization/docker/netbird/default.nix
+++ b/system/virtualization/docker/netbird/default.nix
@@ -27,7 +27,7 @@

 # Containers
        virtualisation.oci-containers.containers."netbird-dashboard" = {
-            image = "netbirdio/dashboard:latest";
+            image = "netbirdio/dashboard:v2.30.1";
            environment = {
                "AUTH_AUDIENCE" = "netbird-dashboard";
                "AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
@@ -71,7 +71,7 @@
            ];
        };
        virtualisation.oci-containers.containers."netbird-management" = {
-            image = "netbirdio/management:latest";
+            image = "netbirdio/management:v0.64.4";
            volumes = [
                "/etc/netbird/management.json:/etc/netbird/management.json:rw"
                "netbird_netbird_management:/var/lib/netbird:rw"
@@ -128,7 +128,7 @@
            ];
        };
        virtualisation.oci-containers.containers."netbird-relay" = {
-            image = "netbirdio/relay:latest";
+            image = "netbirdio/relay:v0.64.4";

            environmentFiles = [ config.sops.templates."netbird-relay.env".path ];

@@ -163,7 +163,7 @@
            ];
        };
        virtualisation.oci-containers.containers."netbird-signal" = {
-            image = "netbirdio/signal:latest";
+            image = "netbirdio/signal:v0.64.4";
            labels = {
                "traefik.enable" = "true";
                "traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
--- a/system/virtualization/docker/openwebui/default.nix
+++ b/system/virtualization/docker/openwebui/default.nix
@@ -1 +1,101 @@
-{}
+{ config, lib, pkgs, ... }: let
+
+    hostPort = 11434;
+
+    subdomain = "ai";
+
+    name = "openwebui";
+
+in {
+
+    options.sysconfig.docker.openwebui.enable = with lib; mkOption {
+        type = with types; bool;
+        default = false;
+    };
+
+    config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
+
+        environment.systemPackages = with pkgs; [
+            openwebui
+        ];
+
+        virtualisation.oci-containers.containers.openwebui = {
+            image = "ghcr.io/openwebui/openwebui:v0.7.2";
+
+            # unstable, waiting for 26.05
+            #pull = "newer";
+
+            hostname = "${subdomain}.esotericbytes.com";
+
+            networks = [
+                "docker-main"
+            ];
+
+            /*ports = [
+                "${builtins.toString hostPort}:3000"
+            ];*/
+
+            volumes = [
+                "vol_openwebui:/app/backend/data"
+            ];
+
+            labels = {
+                "traefik.enable" = "true";
+                "traefik.http.routers.${name}.entrypoints" = "localsecure";
+                "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
+                "traefik.http.routers.${name}.service" = "${name}";
+                "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
+                
+                "traefik.http.services.${name}.loadbalancer.server.port" = "3000";
+            };
+
+            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
+                "--device=nvidia.com/gpu=all"
+            ];
+
+            environment = {
+            };
+        };
+
+        systemd.services."docker-openwebui" = {
+            serviceConfig = {
+                Restart = lib.mkOverride 90 "always";
+                RestartMaxDelaySec = lib.mkOverride 90 "1m";
+                RestartSec = lib.mkOverride 90 "100ms";
+                RestartSteps = lib.mkOverride 90 9;
+            };
+            after = [
+                "docker-network-setup.service"
+                "docker-volume-openwebui.service" 
+            ];
+            requires = [
+                "docker-network-setup.service"
+                "docker-volume-openwebui.service" 
+            ];
+            partOf = [
+                "docker-compose-openwebui-root.target"
+            ];
+            wantedBy = [
+                "docker-compose-openwebui-root.target"
+            ];
+        };
+
+        systemd.services."docker-volume-openwebui" = {
+            path = [ pkgs.docker ];
+            serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+            };
+            script = ''
+                docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=btrfs
+                '';
+            partOf = [ "docker-compose-openwebui-root.target" ];
+            wantedBy = [ "docker-compose-openwebui-root.target" ];
+        };
+
+        systemd.targets."docker-compose-openwebui-root" = {
+            wantedBy = [ "multi-user.target" ];
+        };
+
+    };
+}