nolan/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add open-webui and paperless.

Browse source
This commit is contained in:
Nolan Darilek 2025-03-10 11:31:26 -05:00
parent 7a2f4a00f2
commit f29bbe2415
4 changed files with 61 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
hosts/hub/apps/open-webui.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
systemd.tmpfiles.rules = [
"d /var/lib/open-webui 0755 root root"
];
virtualisation.oci-containers.containers.open-webui = {
image = "ghcr.io/open-webui/open-webui:main";
ports = [
"8090:8080"
];
volumes = [ "/var/lib/open-webui:/app/backend/data" ];
};
services.caddy.virtualHosts."https://open-webui.tailc50184.ts.net".extraConfig = ''
bind tailscale/open-webui
reverse_proxy http://localhost:8090
'';
networking.firewall.trustedInterfaces = [ "podman0" ];
}

24
hosts/hub/apps/paperless.nix Normal file
View file

@ -0,0 +1,24 @@
{
services = {
paperless = {
enable = true;
settings = {
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true;
PAPERLESS_LOGOUT_REDIRECT_URL = "https://auth.tailc50184.ts.net/logout";
PAPERLESS_OCR_USER_ARGS = {
"invalidate_digital_signatures" = true;
};
};
};
caddy.virtualHosts."paperless.tailc50184.ts.net".extraConfig = ''
bind tailscale/paperless
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User
}
reverse_proxy localhost:28981
'';
};
}

7
hosts/hub/default.nix
View file

@ -22,11 +22,13 @@
../../roles/syncthing.nix ../../roles/syncthing.nix
./apps/dev.nix ./apps/dev.nix
./apps/nextcloud.nix ./apps/nextcloud.nix
./apps/paperless.nix
./apps/searxng.nix ./apps/searxng.nix
./apps/actual.nix ./apps/actual.nix
./apps/adguard.nix ./apps/adguard.nix
./apps/audiobookshelf.nix ./apps/audiobookshelf.nix
./apps/ollama.nix ./apps/ollama.nix
./apps/open-webui.nix
]; ];
boot.loader.grub = { boot.loader.grub = {
@ -139,6 +141,11 @@
reverse_proxy localhost:9091 reverse_proxy localhost:9091
''; '';
services.caddy.virtualHosts."auth.tailc50184.ts.net".extraConfig = ''
bind tailscale/auth
reverse_proxy localhost:9091
'';
services.authelia.instances.main.settings.access_control.rules = [ services.authelia.instances.main.settings.access_control.rules = [
{ {
domain = "syncthing.thewordnerd.info"; domain = "syncthing.thewordnerd.info";

8
roles/authelia.nix
View file

@ -82,6 +82,10 @@
domain = "*.thewordnerd.info"; domain = "*.thewordnerd.info";
policy = "one_factor"; policy = "one_factor";
} }
{
domain = "*.tailc50184.ts.net";
policy = "one_factor";
}
]; ];
}; };
session = { session = {
@ -90,6 +94,10 @@
domain = "thewordnerd.info"; domain = "thewordnerd.info";
authelia_url = "https://auth.thewordnerd.info"; authelia_url = "https://auth.thewordnerd.info";
} }
{
domain = "tailc50184.ts.net";
authelia_url = "https://auth.tailc50184.ts.net";
}
]; ];
}; };
notifier = { notifier = {