diff options
Diffstat (limited to 'Omni/Cloud')
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Mail.nix | 10 | ||||
| -rw-r--r-- | Omni/Cloud/OpenWebui.nix | 43 | ||||
| -rw-r--r-- | Omni/Cloud/Ports.nix | 1 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 14 |
5 files changed, 67 insertions, 3 deletions
diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index 93d7cfc..e48dd56 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -32,7 +32,7 @@ in { # this is necessary bc prosody needs access to the acme certs managed in Omni/Cloud/Web.nix, when # i learn how to use security.acme better, and use separate certs, then i can fix this group group = "nginx"; - admins = ["bsima@${rootDomain}"]; + admins = ["ben@${rootDomain}"]; allowRegistration = true; inherit ssl; uploadHttp = { diff --git a/Omni/Cloud/Mail.nix b/Omni/Cloud/Mail.nix index bccf5db..22551c2 100644 --- a/Omni/Cloud/Mail.nix +++ b/Omni/Cloud/Mail.nix @@ -23,6 +23,12 @@ Known issues: enableManageSieve = true; virusScanning = false; # ur on ur own localDnsResolver = true; + dmarcReporting = { + enable = true; + organizationName = "Ben Sima"; + domain = "bensima.com"; + localpart = "dmarc"; + }; # Define proper virtual aliases instead of placeholder extraVirtualAliases = { @@ -56,6 +62,10 @@ Known issues: hashedPasswordFile = "/home/ben/hashed-mail-password"; quota = "1G"; }; + "dmarc@bensima.com" = { + hashedPasswordFile = "/home/ben/hashed-mail-password"; + quota = "1G"; + }; }; }; diff --git a/Omni/Cloud/OpenWebui.nix b/Omni/Cloud/OpenWebui.nix new file mode 100644 index 0000000..fc662c2 --- /dev/null +++ b/Omni/Cloud/OpenWebui.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + ... +}: let + ports = import ./Ports.nix; +in { + config.virtualisation.oci-containers.backend = "docker"; + + config.virtualisation.oci-containers.containers.open-webui-aichat = { + image = "ghcr.io/open-webui/open-webui:main"; + volumes = ["/var/lib/open-webui-aichat:/app/backend/data"]; + environment = { + PORT = toString ports.open-webui-aichat; + }; + extraOptions = ["--network=host"]; + }; + + # Add a service that updates and restarts the container + config.systemd.services."update-open-webui-aichat" = { + description = "pulling new open-webui image and restarting the service"; + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ + # Pull the latest image + "${pkgs.docker}/bin/docker pull ghcr.io/open-webui/open-webui:main" + # Restart the container + "${pkgs.systemd}/bin/systemctl stop docker-open-webui-aichat" + "${pkgs.systemd}/bin/systemctl start docker-open-webui-aichat" + ]; + }; + }; + + # Add a timer that runs every Sunday at 3 AM + config.systemd.timers."update-open-webui-aichat" = { + wantedBy = ["timers.target"]; + timerConfig.OnCalendar = "Sun 03:00:00"; + timerConfig.Persistent = true; + unitConfig.Description = "Weekly timer for pulling new open-webui image and restarting service."; + }; +} diff --git a/Omni/Cloud/Ports.nix b/Omni/Cloud/Ports.nix index 7f16bf3..ac67d54 100644 --- a/Omni/Cloud/Ports.nix +++ b/Omni/Cloud/Ports.nix @@ -33,6 +33,7 @@ nostr-relay = 8084; ollama = 11434; open-webui = 8088; + open-webui-aichat = 4242; radicale = 5232; sabten = 8081; ssh = 22; diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index d99f3a6..45afc4d 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -77,7 +77,6 @@ in { "simatime.com" "www.bsima.me" "bsima.me" - "mail.bensima.com" ]; locations = { # nostr nip-5 verification @@ -171,6 +170,17 @@ in { }; }; }; + + "aichat.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${toString ports.open-webui-aichat}"; + proxyWebsockets = true; + }; + }; + }; }; }; }; @@ -187,10 +197,10 @@ in { "jupyter" "git" "monica" - "syncthing" # xmpp stuff "upload" "conference" + "aichat" ]; }; } |