pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Test with Open-WebUI with full nix, podman and docker

Browse source 
At the end a docker compose is easier (wait for 25.04 maybe)
This commit is contained in:
pazpi 2025-05-24 18:10:47 +02:00
parent aec8b7a986
commit 22697d1913
11 changed files with 639 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/caddy/default.nix
View file

@ -173,7 +173,12 @@ in
} }
{ {
subdomain = "ai"; subdomain = "ai";
host = "http://${p.hosts.portainer}:4000"; host = "http://${p.hosts.portainer}:4080";
domain = p.domains.public;
}
{
subdomain = "keep";
host = "http://${p.hosts.portainer}:3000";
domain = p.domains.public; domain = p.domains.public;
} }
]; ];

2
hosts/default.nix
View file

@ -249,7 +249,7 @@ in
modules = [ modules = [
myModules myModules
proxmoxModule proxmoxModule
./open-webui ./open-webui/docker.nix
agenix.nixosModules.default agenix.nixosModules.default
]; ];
# specialArgs = { }; # specialArgs = { };

224
hosts/open-webui/default.nix
View file

@ -1,22 +1,157 @@
{ { config, pkgs, ... }:
config,
pkgs,
lib,
...
}:
let let
p = import ../parameters.nix; litellmSettings = {
litellm-port = 12345;
general_settings = {
proxy_batch_write_at = 60; # Batch write spend updates every 60s
database_connection_pool_limit = 10; # Limit the number of database connections
disable_spend_logs = true; # Turn off writing each transaction to the DB
disable_error_logs = true; # Turn off writing LLM exceptions to DB
allow_requests_on_db_unavailable = true; # Allow requests if DB is unavailable
};
environment_variables = {
LITELLM_MODE = "Production";
};
credential_list = [
{
credential_name = "dp_azure_openai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
credential_info = {
description = "Azure OpenAI credentials for DP";
};
}
{
credential_name = "dp_azure_ai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_AI";
api_key = "os.environ/AZURE_API_KEY_AI";
};
credential_info = {
description = "Azure AI credentials for DP";
};
}
];
model_list = [
{
model_name = "text-embedding-3-large";
litellm_params = {
model = "azure/text-embedding-3-large";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "text-embedding-3-small";
litellm_params = {
model = "azure/text-embedding-3-small";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "GPT-3.5 Turbo";
litellm_params = {
model = "azure/gpt-35-turbo";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4.1";
litellm_params = {
model = "azure/gpt-4.1";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4.1 Mini";
litellm_params = {
model = "azure/gpt-4.1-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT o3 Mini";
litellm_params = {
model = "azure/o3-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o Mini";
litellm_params = {
model = "azure/gpt-4o-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "Dall-e 3";
litellm_params = {
model = "azure/dall-e-3";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "image_generation";
};
}
{
model_name = "azure-openai-4o-audio";
litellm_params = {
litellm_credential_name = "dp_azure_openai_credential";
model = "azure/gpt-4o-audio-preview";
};
}
{
model_name = "DeepSeek-R1";
litellm_params = {
litellm_credential_name = "dp_azure_ai_credential";
model = "azure_ai/deepseek-r1";
};
}
];
};
in in
{ {
age.secrets = { age.secrets = {
azure-ai.file = ../../secrets/azure-ai.age; open-webui.file = ../../secrets/open-webui.age;
# open-webui-secrets.file = ../../secrets/open-webui-secrets.age;
}; };
my = { my = {
services.open-webui = {
enable = true;
port = 4000;
environmentSecretsPath = config.age.secrets.open-webui.path;
environment = {
OAUTH_PROVIDER_NAME = "authentik";
OPENID_PROVIDER_URL = "https://auth.pasetto.me/application/o/openwebui/.well-known/openid-configuration";
OPENID_REDIRECT_URI = "https://ai.pasetto.me/oauth/oidc/callback";
ENABLE_OAUTH_SIGNUP = "true";
ENABLE_LOGIN_FORM = "false";
};
litellm = {
enable = true;
settings = litellmSettings;
};
};
utils = { utils = {
commons.enable = true; commons.enable = true;
commons.gc.enable = true; commons.gc.enable = true;
@ -26,74 +161,5 @@ in
virtualisation.proxmox.enable = true; virtualisation.proxmox.enable = true;
}; };
services.litellm = {
enable = true;
environmentFile = config.age.secrets.azure-ai.path;
host = "0.0.0.0";
openFirewall = true;
port = litellm-port;
settings = {
model_list = [
{
model_name = "azure-gpt-35-turbo";
litellm_params = {
model = "azure/gpt-35-turbo";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
}
{
model_name = "azure-gpt-4o";
litellm_params = {
model = "azure/gpt-4o";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
}
{
model_name = "azure-gpt-4o-mini";
litellm_params = {
model = "azure/gpt-4o-mini";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
}
{
model_name = "azure-gpt-o3-mini";
litellm_params = {
model = "azure/o3-mini";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
api_version = "2024-12-01-preview";
};
}
{
model_name = "azure-openai-4o-audio";
litellm_params = {
model = "azure/gpt-4o-audio-preview";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
}
{
model_name = "dall-e-3";
litellm_params = {
model = "azure/dall-e-3";
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
}
{
model_name = "azure-DeepSeek-R1";
litellm_params = {
model = "azure_ai/DeepSeek-R1";
api_base = "os.environ/AZURE_API_BASE_R1";
api_key = "os.environ/AZURE_API_KEY_R1";
};
}
];
};
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

136
hosts/open-webui/docker.nix Normal file
View file

@ -0,0 +1,136 @@
{ config, pkgs, ... }:
let
litellmSettings = {
general_settings = {
proxy_batch_write_at = 60; # Batch write spend updates every 60s
database_connection_pool_limit = 10; # Limit the number of database connections
disable_spend_logs = true; # Turn off writing each transaction to the DB
disable_error_logs = true; # Turn off writing LLM exceptions to DB
allow_requests_on_db_unavailable = true; # Allow requests if DB is unavailable
};
environment_variables = {
LITELLM_MODE = "Production";
};
credential_list = [
{
credential_name = "dp_azure_openai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
credential_info = {
description = "Azure OpenAI credentials for DP";
};
}
{
credential_name = "dp_azure_ai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_AI";
api_key = "os.environ/AZURE_API_KEY_AI";
};
credential_info = {
description = "Azure AI credentials for DP";
};
}
];
model_list = [
{
model_name = "text-embedding-3-large";
litellm_params = {
model = "azure/text-embedding-3-large";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "text-embedding-3-small";
litellm_params = {
model = "azure/text-embedding-3-small";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "GPT-3.5 Turbo";
litellm_params = {
model = "azure/gpt-35-turbo";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT o3 Mini";
litellm_params = {
model = "azure/o3-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o Mini";
litellm_params = {
model = "azure/gpt-4o-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "Dall-e 3";
litellm_params = {
model = "azure/dall-e-3";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "image_generation";
};
}
{
model_name = "azure-openai-4o-audio";
litellm_params = {
litellm_credential_name = "dp_azure_openai_credential";
model = "azure/gpt-4o-audio-preview";
};
}
{
model_name = "DeepSeek-R1";
litellm_params = {
litellm_credential_name = "dp_azure_ai_credential";
model = "azure_ai/deepseek-r1";
};
}
];
};
in
{
age.secrets = {
open-webui.file = ../../secrets/open-webui.age;
};
my = {
virtualisation.docker.enable = true;
utils = {
commons.enable = true;
commons.gc.enable = true;
lxc-standard.enable = true;
};
virtualisation.proxmox.enable = true;
};
system.stateVersion = "24.11";
}

145
hosts/open-webui/service.nix Normal file
View file

@ -0,0 +1,145 @@
{
config,
pkgs,
lib,
...
}:
let
p = import ../parameters.nix;
litellm-port = 12345;
in
{
age.secrets = {
azure-ai.file = ../../secrets/azure-ai.age;
};
my = {
utils = {
commons.enable = true;
commons.gc.enable = true;
lxc-standard.enable = true;
};
virtualisation.proxmox.enable = true;
};
services.litellm = {
enable = true;
environmentFile = config.age.secrets.azure-ai.path;
host = "0.0.0.0";
openFirewall = true;
port = litellm-port;
settings = {
general_settings = {
proxy_batch_write_at = 60; # Batch write spend updates every 60s
};
environment_variables = {
LITELLM_MODE = "Production";
};
credential_list = [
{
credential_name = "dp_azure_openai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_OPENAI";
api_key = "os.environ/AZURE_API_KEY_OPENAI";
};
credential_info = {
description = "Azure OpenAI credentials for DP";
};
}
{
credential_name = "dp_azure_ai_credential";
credential_values = {
api_base = "os.environ/AZURE_API_BASE_AI";
api_key = "os.environ/AZURE_API_KEY_AI";
};
credential_info = {
description = "Azure AI credentials for DP";
};
}
];
model_list = [
{
model_name = "text-embedding-3-large";
litellm_params = {
model = "azure/text-embedding-3-large";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "text-embedding-3-small";
litellm_params = {
model = "azure/text-embedding-3-small";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "embedding";
};
}
{
model_name = "GPT-3.5 Turbo";
litellm_params = {
model = "azure/gpt-35-turbo";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o";
litellm_params = {
model = "azure/gpt-4o";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT o3 Mini";
litellm_params = {
model = "azure/o3-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "GPT-4o Mini";
litellm_params = {
model = "azure/gpt-4o-mini";
litellm_credential_name = "dp_azure_openai_credential";
};
}
{
model_name = "Dall-e 3";
litellm_params = {
model = "azure/dall-e-3";
litellm_credential_name = "dp_azure_openai_credential";
};
model_info = {
mode = "image_generation";
};
}
{
model_name = "azure-openai-4o-audio";
litellm_params = {
litellm_credential_name = "dp_azure_openai_credential";
model = "azure/gpt-4o-audio-preview";
};
}
{
model_name = "DeepSeek-R1";
litellm_params = {
litellm_credential_name = "dp_azure_ai_credential";
model = "azure_ai/deepseek-r1";
};
}
];
};
};
system.stateVersion = "24.11";
}

1
modules/services/default.nix
View file

@ -11,5 +11,6 @@
./postgres.nix ./postgres.nix
./searx.nix ./searx.nix
./vaultwarden.nix ./vaultwarden.nix
./open-webui.nix
]; ];
} }

203
modules/services/open-webui.nix Normal file
View file

@ -0,0 +1,203 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.services.open-webui;
dbPort = 5432;
settingsFormat = pkgs.formats.yaml { };
inherit (lib) types;
in
{
options.my.services.open-webui = {
enable = lib.mkEnableOption "Enable Open Webui, alternative OpenAI frontend module";
port = lib.mkOption {
type = lib.types.int;
default = 8080;
description = ''
The port on which the Open Webui service will listen.
'';
};
environmentSecretsPath = lib.mkOption {
type = lib.types.path;
default = "";
description = ''
Path to the environment file containing secrets.
'';
};
environment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "Environment variables to set for Open Webui";
};
litellm = {
enable = lib.mkEnableOption "Enable LiteLLM OpenAI proxy module";
port = lib.mkOption {
type = lib.types.int;
default = 12345;
description = ''
The port on which the LiteLLM service will listen.
'';
};
settings = lib.mkOption {
type = types.submodule {
freeformType = settingsFormat.type;
options = {
model_list = lib.mkOption {
type = settingsFormat.type;
description = ''
List of supported models on the server, with model-specific configs.
'';
default = [ ];
};
router_settings = lib.mkOption {
type = settingsFormat.type;
description = ''
LiteLLM Router settings
'';
default = { };
};
litellm_settings = lib.mkOption {
type = settingsFormat.type;
description = ''
LiteLLM Module settings
'';
default = { };
};
general_settings = lib.mkOption {
type = settingsFormat.type;
description = ''
LiteLLM Server settings
'';
default = { };
};
environment_variables = lib.mkOption {
type = settingsFormat.type;
description = ''
Environment variables to pass to the Lite
'';
default = { };
};
};
};
default = { };
description = ''
Configuration for LiteLLM.
See <https://docs.litellm.ai/docs/proxy/configs> for more.
'';
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
# Enable Podman as the container runtime
virtualisation.podman = {
enable = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
open-webui = {
image = "ghcr.io/open-webui/open-webui:main";
ports = [
"${toString cfg.port}:8080"
];
environmentFiles = [ cfg.environmentSecretsPath ];
environment =
cfg.environment
// {
ENABLE_OPENAI_API = "true";
ENABLE_OLLAMA_API = "false";
ENABLE_WEB_SEARCH = "true";
WEB_SEARCH_ENGINE = "searxng";
SEARXNG_QUERY_URL = "https://search.pasetto.me/search?q=<query>";
}
// (lib.optionalAttrs cfg.litellm.enable {
OPENAI_API_BASE_URL = "http://host.containers.internal:${toString cfg.litellm.port}";
});
volumes = [ "open-webui:/app/backend/data" ];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
};
networking.firewall.allowedTCPPorts = [ cfg.port ];
})
(lib.mkIf cfg.litellm.enable {
virtualisation.oci-containers.containers = {
litellm =
let
litellmSettings = cfg.litellm.settings;
configFile = settingsFormat.generate "config.yaml" litellmSettings;
in
{
image = "ghcr.io/berriai/litellm:main-stable";
volumes = [ "${configFile}:/app/config.yaml" ];
cmd = [ "--config=/app/config.yaml" ];
ports = [ "${toString cfg.litellm.port}:4000" ];
environmentFiles = [ cfg.environmentSecretsPath ];
environment = {
DATABASE_URL = "postgresql://llmproxy:llmproxypwd@host.containers.internal:5432/litellm";
STORE_MODEL_IN_DB = "True";
USE_PRISMA_MIGRATE = "True";
};
labels = {
"io.containers.autoupdate" = "registry";
};
};
litellm_db = {
image = "docker.io/library/postgres:16";
hostname = "db";
ports = [ "5432:5432" ];
environment = {
POSTGRES_DB = "litellm";
POSTGRES_USER = "llmproxy";
POSTGRES_PASSWORD = "llmproxypwd";
};
volumes = [ "litellm_postgres_data:/var/lib/postgresql/data" ];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
networking.firewall.allowedTCPPorts = [
cfg.litellm.port
dbPort
];
systemd.services."podman-litellm".after = [ "podman-litellm_db.service" ];
systemd.services."podman-litellm".requires = [ "podman-litellm_db.service" ];
})
];
}

2
secrets.nix
View file

@ -29,7 +29,7 @@ let
shadowsocks-password = [ machines.shadowsocks ]; shadowsocks-password = [ machines.shadowsocks ];
firefly-iii-app-key = [ machines.firefly-iii ]; firefly-iii-app-key = [ machines.firefly-iii ];
firefly-iii-mailgun-key = [ machines.firefly-iii ]; firefly-iii-mailgun-key = [ machines.firefly-iii ];
azure-ai = [ machines.open-webui ]; open-webui = [ machines.open-webui ];
paperless-admin = [ machines.paperless ]; paperless-admin = [ machines.paperless ];
paperless-oauth2-client-secret = [ machines.paperless ]; paperless-oauth2-client-secret = [ machines.paperless ];
}; };

17
secrets/azure-ai.age
View file

@ -1,17 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 p3OXOQ /ktFoPayT7BOflXXgi24MKwAUUsZfM7fFf/Fscr/5k0
RLe5EkY/3tZcXKwUgiWcGyhlAADN8Js/uyZKZAxUMpI
-> ssh-ed25519 Si3UKw W+2Nl/Xej2KcE0gk1psQck/ndnAUO1xDbYUkAVI56l8
gCjrHvi0tSUD8vJKvjIpfAfEIxrGpVp6ggBJK+3pXls
-> ssh-ed25519 3UG3uw r+A2Dp/x7PD1+yiXubBzeGqawnriGE+ez56g+UvwGy4
95lN581nC8mK2FlLLN6LXAh6CVF1xwYD8/YxgU5heR4
-> ssh-ed25519 JEhtoQ VTCjzgKW4lxUHXlVAQtrpyCYc7W1vZ2jlrlbq1pxAxI
vTg/4tg4Tu1ZRJFzOcW+5P8UBqaAVS2xk9Zb5xto8sI
-> ssh-ed25519 uqg2jw YKVIE2E842PeN0JGkIm6JWIYkOWeHC0zw7gNZU6aCjg
7W83czFxv++ygFF1RcOELvQBR8ZiN1j9cEWo/iiFdEM
--- 6Gv+howHUPpUS7voypuS6jiw/CqWqYACa/dRTCaoWYY
ë°j]§Hj,:¨XUÓ_<> µ*ðãçz6yÅS€:!-µ'ªÁ…Ây¶Â“6¶Ä¡\<5C>5ˆX©†¼ˆy€\}¼Š<C2BC>j ¶¯E¿e%@Ë”=ϾÄ'Üaz03”cO·©gÏÑV&Aú4<C3BA>B¹·CP«Ï¤ãi$Uâ{[>Mz•¢¸¯ï|ŠZÙ…Ê‰Ñ ®él X>[<04>Ý<EFBFBD>´Ë“óHÇxÛkÜ.úT¯wQèÆ¥ut<57>¬•ÕVðTGÎÂ,ª‰·†Õ"‰Ä1Ûƒüu“×¼Z»j#ñÂN¬\ÕzÉÓË«уT£ô4˽ª6$qtx
mv5Ë籚Î)pËn[áêµE~êµ:.˜ã^ 6Á½ ²D°4~—ÓhEñ\<5C>äàâ'þ
\ êêîW®
QâlvÌí¿$¯K©é5W”`³ÐSx? \CÚ6
{ÍD/œ½<C593>…m$õüi¢£s2¼

BIN
secrets/open-webui.age Normal file
View file

Binary file not shown.

2
ssh-keys.nix
View file

@ -21,7 +21,7 @@ rec {
dns02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+HIq6/ebjiv71xDozdOTn5AdnXgr1fGqIzXnH7Not+"; dns02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+HIq6/ebjiv71xDozdOTn5AdnXgr1fGqIzXnH7Not+";
shadowsocks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ4qYaS5ccciH7BNyrF5+J3d4JtHJNr1R256/ulEtxl"; shadowsocks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ4qYaS5ccciH7BNyrF5+J3d4JtHJNr1R256/ulEtxl";
firefly-iii = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYkXjRqmuTMg56EmAx8s1M/VQojM7akF/ao+jJLYgFB"; firefly-iii = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYkXjRqmuTMg56EmAx8s1M/VQojM7akF/ao+jJLYgFB";
open-webui = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhpg3rWdLaV+rInpUggwOB7F09cREH9ffeR5z8eZXD9"; open-webui = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOkm9z19sFGEs7aexOfnvyxEgehydSbeLjrYo0srFKV";
paperless = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRNgDyk3TuMooG4ZCv7SOgXh0ql1/1hhhng7uSnsLeK"; paperless = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRNgDyk3TuMooG4ZCv7SOgXh0ql1/1hhhng7uSnsLeK";
}; };