stuff

triple-dezert/proxied/services/llm.nix

@@ -10,9 +10,16 @@ in
     fromContainer = "llm";
     port = contain.config.services.open-webui.port;
   };
-  vacu.databases.open-webui = {
+  # vacu.databases.open-webui = {
-    authByIp = contain.localAddress;
+  #   authByIp = contain.localAddress;
-  };
+  # };
+  # networking.firewall.extraCommands = ''
+  #   iptables -t filter -I nixos-fw -i ve-llm -p tcp -m tcp --dport 5432 -j nixos-fw-accept
+  # '';
+  # networking.firewall.extraStopCommands = ''
+  #   iptables -t filter -D nixos-fw -i ve-llm -p tcp -m tcp --dport 5432 -j nixos-fw-accept || true
+  # '';
+
   systemd.tmpfiles.settings.whatever."/trip/llm-models".d = {
     mode = "0744";
   };
@@ -37,18 +44,21 @@ in
       { config, ... }:
       {
         system.stateVersion = "24.05";
+        networking.useHostResolvConf = false;
+        networking.nameservers = [ "10.78.79.1" ];
         networking.firewall.enable = false;
 
         services.open-webui = {
           enable = true;
           port = 8080;
+          host = "0.0.0.0";
           environment = {
             OLLAMA_API_BASE_URL = "http://${config.services.ollama.listenAddress}";
             ENV = "prod";
             WEBUI_URL = "https://${outer_config.vacu.proxiedServices.llm.domain}/";
             ENABLE_COMMUNITY_SHARING = "False";
-            DATABASE_URL = "postgresql://open-webui@${contain.hostAddress}/open-webui";
+            # DATABASE_URL = "postgresql://open-webui:password@${contain.hostAddress}/open-webui";
-            SAFE_MODE = "True";
+            SAFE_MODE = "False";
             WEBUI_SESSION_COOKIE_SAME_SITE = "strict";
             WEBUI_SESSION_COOKIE_SECURE = "True";
             ENABLE_OPENAI_API = "False";