diff --git a/roles/svc-ai-ollama/config/main.yml b/roles/svc-ai-ollama/config/main.yml index 6d4257d3..0dece7da 100644 --- a/roles/svc-ai-ollama/config/main.yml +++ b/roles/svc-ai-ollama/config/main.yml @@ -11,4 +11,8 @@ docker: port: 11434 volumes: models: "ollama_models" - network: "ollama" \ No newline at end of file + network: "ollama" +preload_models: + - "llama3:latest" + - "mistral:latest" + - "nomic-embed-text:latest" \ No newline at end of file diff --git a/roles/svc-ai-ollama/tasks/01_core.yml b/roles/svc-ai-ollama/tasks/01_core.yml index 58163f3d..be171468 100644 --- a/roles/svc-ai-ollama/tasks/01_core.yml +++ b/roles/svc-ai-ollama/tasks/01_core.yml @@ -16,4 +16,23 @@ vars: docker_compose_flush_handlers: true +- name: Pre-pull Ollama models + vars: + _cmd: "docker exec -i {{ OLLAMA_CONTAINER }} ollama pull {{ model }}" + shell: "{{ _cmd }}" + register: pull_result + loop: "{{ OLLAMA_PRELOAD_MODELS }}" + loop_control: + loop_var: model + async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" + poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" + changed_when: > + (not (ASYNC_ENABLED | bool)) and ( + 'downloaded' in (pull_result.stdout | default('')) or + 'pulling manifest' in (pull_result.stdout | default('')) + ) + failed_when: > + (pull_result.rc | default(0)) != 0 and + ('up to date' not in (pull_result.stdout | default(''))) + - include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/svc-ai-ollama/vars/main.yml b/roles/svc-ai-ollama/vars/main.yml index 3fb2fb6c..49ac27e6 100644 --- a/roles/svc-ai-ollama/vars/main.yml +++ b/roles/svc-ai-ollama/vars/main.yml @@ -12,3 +12,5 @@ OLLAMA_CONTAINER: "{{ applications | get_app_conf(application_id, OLLAMA_PORT: "{{ applications | get_app_conf(application_id, 'docker.services.ollama.port') }}" OLLAMA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.models') }}" OLLAMA_NETWORK: "{{ applications | get_app_conf(application_id, 'docker.network') }}" +OLLAMA_PRELOAD_MODELS: "{{ applications | get_app_conf(application_id, 'preload_models') }}" + diff --git a/roles/sys-svc-proxy/templates/location/html.conf.j2 b/roles/sys-svc-proxy/templates/location/html.conf.j2 index 9c13c277..fe15fdd5 100644 --- a/roles/sys-svc-proxy/templates/location/html.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/html.conf.j2 @@ -10,10 +10,12 @@ location {{location}} # headers proxy_set_header Host $host; + proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port {{ WEB_PORT }}; + proxy_pass_request_headers on; {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} diff --git a/roles/web-app-openwebui/templates/env.j2 b/roles/web-app-openwebui/templates/env.j2 index e4f99aba..20df3a7b 100644 --- a/roles/web-app-openwebui/templates/env.j2 +++ b/roles/web-app-openwebui/templates/env.j2 @@ -14,7 +14,7 @@ ENABLE_PERSISTENT_CONFIG=false # Use this to automatically assign the first admin in a fresh installation. # The specified email will be promoted to ADMIN on first login. # After initial setup you can remove this block and manage admins via the UI. -ADMIN_EMAIL=users.administrator.email +ADMIN_EMAIL={{ users.administrator.email }} # If enabled, the pending-activation page will display the admin’s email address # so new users know who to contact for access. @@ -42,7 +42,7 @@ OPENID_REDIRECT_URI={{ OPENWEBUI_OIDC_REDIRECT_URL }} OAUTH_PROVIDER_NAME={{ OIDC.BUTTON_TEXT }} # Scopes to request (openid is required; email/profile recommended) -OAUTH_SCOPES=openid email profile +OAUTH_SCOPES=openid email profile {{ RBAC.GROUP.CLAIM }} # ========================= # Optional: Role Management