From 03fdaa739f784d98c94d26aaa9a187ca5014b500 Mon Sep 17 00:00:00 2001 From: oddlama Date: Sun, 9 Jun 2024 21:09:04 +0200 Subject: [PATCH] chore: expose open-webui to sentinel --- hosts/sire/guests/ai.nix | 12 +++++------- hosts/ward/guests/adguardhome.nix | 1 - ...guard-proxy-sentinel-psks-sentinel+sire-ai.age | 9 +++++++++ ...guard-proxy-sentinel-psks-sentinel+sire-ai.age | 8 ++++++++ ...f74-wireguard-proxy-home-psks-sire-ai+ward.age | Bin 313 -> 0 bytes ...512d-wireguard-proxy-sentinel-priv-sire-ai.age | 7 +++++++ ...20913cd2-wireguard-proxy-home-priv-sire-ai.age | Bin 378 -> 0 bytes ...96b-wireguard-proxy-home-psks-sire-ai+ward.age | Bin 367 -> 0 bytes 8 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 secrets/rekeyed/sentinel/4cff83edc1d2b2ca516f8cb63fb06782-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age create mode 100644 secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age delete mode 100644 secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age create mode 100644 secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age delete mode 100644 secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age delete mode 100644 secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age diff --git a/hosts/sire/guests/ai.nix b/hosts/sire/guests/ai.nix index df732f5..8ff2a38 100644 --- a/hosts/sire/guests/ai.nix +++ b/hosts/sire/guests/ai.nix @@ -4,11 +4,9 @@ in { microvm.mem = 1024 * 16; microvm.vcpu = 20; - wireguard.proxy-home = { - client.via = "ward"; - firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ - config.services.open-webui.port - ]; + wireguard.proxy-sentinel = { + client.via = "sentinel"; + firewallRuleForNode.sentinel.allowedTCPPorts = [config.services.open-webui.port]; }; networking.firewall.allowedTCPPorts = [config.services.ollama.port]; @@ -42,7 +40,7 @@ in { WEBUI_AUTH = "False"; ENABLE_SIGNUP = "False"; - OLLAMA_BASE_URL = "http://localhgost:11434"; + OLLAMA_BASE_URL = "http://localhost:11434"; TRANSFORMERS_CACHE = "/var/lib/open-webui/.cache/huggingface"; WEBUI_AUTH_TRUSTED_EMAIL_HEADER = "X-Email"; @@ -65,7 +63,7 @@ in { oauth2 = { enable = true; allowedGroups = ["access_openwebui"]; - X-Email = "\${upstream_http_x_auth_request_email}@local"; + X-Email = "\${upstream_http_x_auth_request_email}@${config.repo.secrets.global.domains.personal}"; }; # FIXME: refer to lan 192.168... and fd10:: via globals extraConfig = '' diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index d2a7955..1c4d2f1 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -92,7 +92,6 @@ in { globals.services.influxdb.domain globals.services.loki.domain globals.services.paperless.domain - globals.services.open-webui.domain "home.${config.repo.secrets.global.domains.me}" "fritzbox.${config.repo.secrets.global.domains.me}" ]; diff --git a/secrets/rekeyed/sentinel/4cff83edc1d2b2ca516f8cb63fb06782-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age b/secrets/rekeyed/sentinel/4cff83edc1d2b2ca516f8cb63fb06782-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age new file mode 100644 index 0000000..dc35959 --- /dev/null +++ b/secrets/rekeyed/sentinel/4cff83edc1d2b2ca516f8cb63fb06782-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA dgbLVhH6YDLeLmrOOasvIhuknfgfLOS+akmDka/tlC0 +Xjire4VON0/X6hdkBlGE0ithtaE5R+nV/O+wF7QHgrw +-> rM_"d!6-grease ( Lrm6}R$' p-;N +Wz7nuz35agyIS+Br7snkV3nmUAYT3bgwPTZTHBDHXeAwfvNSdaPovC9o8jNNrhuM +zdPqY5p9E3ytlaosQ8Tqwff/GrrGb9TUUQ +--- NgSDbER4QRFN2lbic7IuZKrcvi1ffJBuQrgcut6fsDc +¨)`S9w8gJsviilσ +a&lm*ڶ$\EѴ?72)ѹ*9W \ No newline at end of file diff --git a/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age b/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age new file mode 100644 index 0000000..898d615 --- /dev/null +++ b/secrets/rekeyed/sire-ai/89b98207bb1577a81049b4ce319739bf-wireguard-proxy-sentinel-psks-sentinel+sire-ai.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 vhmDsA KWeO3Be+gkSPD9LfWvmcdlaYDAbFyRN4K7F7EfwqIgg +cAFnWvJJ/G6dme0dl02J894/qArsqS0beqU+AzwD1+o +-> #1V}iM=x-grease aa},EP2g +WqXnjOoLDNOeW4gTnEvipyPvOA2/2PnDjf6vw13ReOlCSCgGYETdFJ5hrWyVhPbG +zH/NWp8G21UgKUo +--- EM6RpMXpWmiosw/Plq3LAYBeVMpcs9dsuufL/4buhGk +e!I DS b]}j!z#{{B@V܃jU uN \ No newline at end of file diff --git a/secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age b/secrets/rekeyed/sire-ai/9341385afdc96bb54570bceb6808df74-wireguard-proxy-home-psks-sire-ai+ward.age deleted file mode 100644 index 5b1f15d3295eddf8b57232aae5bbda7a5ef6ca1b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 313 zcmV-90mlAeXJsvAZewzJaCB*JZZ2JT2xnIQ+G#2b4fTwQ7{T=L^(8KFj;9x zOn6FcICV#AZcABcLwQ1LO*KfPRb9Y90IeBnWY;an7Z&3;@EiE8ndQ)m=VrXzk zT2)zaI4@;FG*>h=T6#fIQDIJUQa5ujIBID*LU~1baX1P)jNH2AcK6S-4JP)fSJI8` z4ZtA^(S671`xo*2Xk@!Peu5{AGI}jYn%KtMrd-YzwFx;u(f%_A?aAoSFR%*|vM6zL Le!Bn)@p)*Mx#V@2 diff --git a/secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age b/secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age new file mode 100644 index 0000000..3ae3d9f --- /dev/null +++ b/secrets/rekeyed/sire-ai/b106bbbb9f3c987e555b49df7263512d-wireguard-proxy-sentinel-priv-sire-ai.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 vhmDsA BuD+lFk4AT6HbasiK2B/s548l/084zHr2TVfTOr/HxM +hrDRQLYsv/2rMbHD7devlax1KPMooNtQXzm8O1L91FU +-> @*7:rQ}e-grease n2 gUD +it{\z# M!{:.W-) +HOSZdaDG5UrpLYhL0/w +--- dzhayN6ZYK73imRCl22mEQlmKZig2RAfbRPECcQkLAg +GgP 'ZʛW:.l':)*Z=+!;KV溯 = Yn)hIcS=cct \ No newline at end of file diff --git a/secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age b/secrets/rekeyed/sire-ai/b52800d176723e270d8c6f4720913cd2-wireguard-proxy-home-priv-sire-ai.age deleted file mode 100644 index b9eaa3501c39fc61e07c61c89e67e0352ca9b6a5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 378 zcmWm7u};E3002-%?BEaR(1FEZ1uTV1j7gPZy+Xm3TG|bvw0NOMd(hGvbW~S$b#O2y zx)>7^jk=il4MryyjhlkiOk3 zVvYm zUd5;sYPQX&9n*-AUV;p0hz!X7Z>+H}lxHc+Gn?2X1Kyca1VBd3!q%8Ts#jB_p~VR$ zQSn2FoM5ENp1mA3JXX?WaV4z}wQ97|&6)$ck>`6sz0#^hsYug(BLiGb!6B!zLS|iCmvuyppW|QG z%%a3`@L~HjajwR9r{C_!Wb85#JXziS>dnm6%y8;AalH3)_I>*};nFa+WZV_*C*R@8 T)63zqY+$%AAN& diff --git a/secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age b/secrets/rekeyed/ward/b3ad9024ec69682628580e4dd4d5396b-wireguard-proxy-home-psks-sire-ai+ward.age deleted file mode 100644 index 8bc78657536a8d4a82e30a8551adb6945238c72d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 367 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7^h-|lOjqy=^Di?_ z(YAC?bn|hGa`QLIEsrpW(04LUiV6=1DUPhjG%+m>3C;@4_T`Ey&+?8kH4gPQj?4-x zN-xXOHY^WH&qyjvG4P5k*AMjakIM1&F3WK;O$XVg9B!hUUX+?xoT^}?;NTSM6&b9h zU|U-rl4TgiRT^1P=vosoE8$1 zl5gf4QflDkl~Ed;YG^^WKxvtR~+dV5$uv^;Zs;#0hWS{c~ Ln|)!6-hKuExsH9j