--- /dev/null
+{% if grains['id'] == 'dom0' %}
+
+openwebui--configure-qube-firewall:
+ cmd.run:
+ - name: |
+ qvm-firewall q-openwebui reset
+ qvm-firewall q-openwebui del accept
+ qvm-firewall q-openwebui add accept specialtarget=dns
+ qvm-firewall q-openwebui add accept proto=icmp
+ qvm-firewall q-openwebui add accept ghcr.io proto=tcp
+ qvm-firewall q-openwebui add accept pkg-containers.githubusercontent.com proto=tcp
+ qvm-firewall q-openwebui add accept openrouter.ai proto=tcp
+ qvm-firewall q-openwebui add drop
+
+{% elif grains['id'] == 'q-openwebui' %}
+
+{% set username = 'user' %}
+{% set container_name = 'open-webui' %}
+{% set service_file_dir = '/home/' ~ username ~ '/.config/systemd/user/' %}
+{% set service_file = '/home/' ~ username ~ '/.config/systemd/user/container-' ~ container_name ~ '.service' %}
+{% set userid = salt['user.info'](username).uid %}
+{% set quadlet_file_dir = '/home/' ~ username ~ '/.config/containers/systemd/' %}
+{% set quadlet_file_path = quadlet_file_dir ~ container_name ~ '.container' %}
+
+{% set xdg_runtime_dir = '/run/user' + userid | string %}
+
+openwebui--create-quadlet-dir:
+ file.directory:
+ - name: /home/{{ username }}/.config/containers/systemd/
+ - user: {{ username }}
+ - group: {{ username }}
+ - makedirs: True
+
+openwebui--deploy-quadlet-file:
+ file.managed:
+ - name: /home/{{ username }}/.config/containers/systemd/open-webui.container
+ - contents: |
+ [Unit]
+ Description=Open WebUI container managed by Podman
+
+ [Container]
+ Image=ghcr.io/open-webui/open-webui:ollama
+ PublishPort=3000:8080
+ Volume=ollama:/root/.ollama
+ Volume=open-webui:/app/backend/data
+
+ [Service]
+ Restart=always
+ TimeoutStartSec=1800
+
+ [Install]
+ WantedBy=default.target
+ - user: {{ username }}
+ - group: {{ username }}
+ - mode: 644
+ - require:
+ - file: openwebui--create-quadlet-dir
+
+openwebui--enable-linger:
+ cmd.run:
+ - name: loginctl enable-linger user
+ - unless: loginctl show-user user | grep Linger=yes
+
+openwebui--reload-user-daemon:
+ cmd.run:
+ - name: |
+ systemctl --user daemon-reload
+ - runas: {{ username }}
+ - env:
+ - XDG_RUNTIME_DIR: /run/user/1000
+ - DBUS_SESSION_BUS_ADDRESS: unix:path=/run/user/1000/bus
+ - require:
+ - cmd: openwebui--enable-linger
+
+{% endif %}
--- /dev/null
+{% if grains['id'] == 'dom0' %}
+
+openwebui--create-qube:
+ qvm.vm:
+ - name: q-openwebui
+ - present:
+ - template: template-openwebui
+ - label: orange
+ - prefs:
+ - label: orange
+ - autostart: True
+ - audiovm:
+ - guivm: dom0
+ - netvm: sys-vpn-mullvad
+ - memory: 4000
+ - maxmem: 6000
+ - vcpus: 4
+ - features:
+ - set:
+ - menu-items: xterm.desktop org.mozilla.firefox.desktop
+ - service:
+ - enable:
+ - shutdown-idle
+ - require:
+ - qvm: openwebui--create-template
+
+openwebui--extend-private-storage:
+ cmd.run:
+ - name: qvm-volume extend q-openwebui:private 10737418240
+
+{% endif %}
--- /dev/null
+{% import "templates/versions.jinja" as version %}
+
+include:
+ - templates.templates--install-fedora-minimal
+
+{% if grains['id'] == 'dom0' %}
+
+openwebui-create-template:
+ qvm.clone:
+ - name: template-openwebui
+ - source: fedora-{{ version.fedora }}-minimal
+ - class: TemplateVM
+ - require:
+ - qvm: templates--install-fedora-{{ version.fedora }}-minimal
+
+openwebui--create-template-prefs:
+ qvm.prefs:
+ - name: template-openwebui
+ - label: orange
+ - netvm:
+ - audiovm:
+ - guivm:
+ - require:
+ - qvm: openwebui--create-template
+
+{% endif %}
projects / salt-qubes.git / commitdiff