kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 19:16:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(web-app-openwebui): add bootstrap admin configuration via ADMIN_EMAIL

Browse Source 
Introduce ADMIN_EMAIL and SHOW_ADMIN_DETAILS options to bootstrap the first
administrator account on fresh installations. This ensures at least one admin
exists without manual database intervention.

Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-22 21:41:32 +02:00
parent 93d165fa4c
commit 790c184e66
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
roles/web-app-openwebui/templates/env.j2
View File

@@ -8,12 +8,25 @@ OFFLINE_MODE={{ OPENWEBUI_OFFLINE_MODE | ternary(1, 0) }}
HF_HUB_OFFLINE={{ OPENWEBUI_HF_HUB_OFFLINE | ternary(1, 0) }}
ENABLE_PERSISTENT_CONFIG=false
# =========================
# Bootstrap Admin Account
# =========================
# Use this to automatically assign the first admin in a fresh installation.
# The specified email will be promoted to ADMIN on first login.
# After initial setup you can remove this block and manage admins via the UI.
ADMIN_EMAIL=users.administrator.email
# If enabled, the pending-activation page will display the admins email address
# so new users know who to contact for access.
SHOW_ADMIN_DETAILS=true
{% if OPENWEBUI_OIDC_ENABLED %}
# =========================
# OIDC / OAuth2 Settings
# =========================
# Enable sign-up/login via OIDC provider
ENABLE_OAUTH_SIGNUP=true
DEFAULT_USER_ROLE=user
# Client credentials (must match Keycloak client)
OAUTH_CLIENT_ID={{ OIDC.CLIENT.ID }}
@@ -23,7 +36,7 @@ OAUTH_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
OPENID_PROVIDER_URL={{ OIDC.CLIENT.DISCOVERY_DOCUMENT }}
# Redirect URI (must match what is configured in Keycloak client)
OPENID_REDIRECT_URI={{ (domains | get_url(application_id, WEB_PROTOCOL)) ~ '/oauth/oidc/callback' }}
OPENID_REDIRECT_URI={{ OPENWEBUI_OIDC_REDIRECT_URL }}
# Display name of the provider in the login button
OAUTH_PROVIDER_NAME={{ OIDC.BUTTON_TEXT }}
@@ -38,7 +51,7 @@ OAUTH_SCOPES=openid email profile
ENABLE_OAUTH_ROLE_MANAGEMENT=true
OAUTH_ROLES_CLAIM={{ RBAC.GROUP.CLAIM }}
# OAUTH_ALLOWED_ROLES=user
OAUTH_ADMIN_ROLES={{ [ RBAC.GROUP.NAME, application_id ~ '-administrator' ] | path_join }}
OAUTH_ADMIN_ROLES={{ OPENWEBUI_OIDC_ADMIN_GROUP }}
# =========================
# Optional: Group Management