kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 11:06:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
963e1aea210caf9216ece07981a71fda877861c0
computer-playbook/roles/web-app-openwebui/templates/env.j2

85 lines
2.9 KiB
Django/Jinja
Raw Blame History

# Documentation: https://docs.openwebui.com/getting-started/env-configuration/
# =========================
# Open WebUI Base Settings
# =========================
OLLAMA_BASE_URL={{ OLLAMA_BASE_LOCAL_URL }}
OFFLINE_MODE={{ OPENWEBUI_OFFLINE_MODE | ternary(1, 0) }}
HF_HUB_OFFLINE={{ OPENWEBUI_HF_HUB_OFFLINE | ternary(1, 0) }}
ENABLE_PERSISTENT_CONFIG=false
{% if OPENWEBUI_OIDC_ENABLED %}
# =========================
# OIDC / OAuth2 Settings
# =========================
# Enable sign-up/login via OIDC provider
ENABLE_OAUTH_SIGNUP=true
# Client credentials (must match Keycloak client)
OAUTH_CLIENT_ID={{ OIDC.CLIENT.ID }}
OAUTH_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
# Well-known configuration URL from Keycloak
OPENID_PROVIDER_URL={{ OIDC.CLIENT.DISCOVERY_DOCUMENT }}
# Redirect URI (must match what is configured in Keycloak client)
OPENID_REDIRECT_URI={{ (domains | get_url(application_id, WEB_PROTOCOL)) ~ '/oauth/oidc/callback' }}
# Display name of the provider in the login button
OAUTH_PROVIDER_NAME={{ OIDC.BUTTON_TEXT }}
# Scopes to request (openid is required; email/profile recommended)
OAUTH_SCOPES=openid email profile
# =========================
# Optional: Role Management
# =========================
# Enable automatic role mapping from token claims
# ENABLE_OAUTH_ROLE_MANAGEMENT=true
# OAUTH_ROLES_CLAIM=roles
# OAUTH_ALLOWED_ROLES=user
# OAUTH_ADMIN_ROLES=admin
# =========================
# Optional: Group Management
# =========================
# ENABLE_OAUTH_GROUP_MANAGEMENT=true
# ENABLE_OAUTH_GROUP_CREATION=false
# OAUTH_GROUP_CLAIM={{ RBAC.GROUP.CLAIM }}
{% endif %}
{% if OPENWEBUI_LDAP_ENABLED %}
# =========================
# LDAP Authentication
# =========================
# Enable LDAP login in parallel to OIDC (both can coexist)
ENABLE_LDAP=true
# --- Server Settings ---
# Label shown in the UI (optional)
LDAP_SERVER_LABEL=OpenLDAP
# Hostname/IP and port from your global LDAP settings
LDAP_SERVER_HOST={{ LDAP.SERVER.DOMAIN }}
LDAP_SERVER_PORT={{ LDAP.SERVER.PORT }}
# TLS: set to true for StartTLS or LDAPS (maps from your SECURITY setting)
# SECURITY can be "", "TLS" or "SSL" in your mapping; treat TLS/SSL as true
LDAP_USE_TLS={{ ('true' if (LDAP.SERVER.SECURITY | upper) in ['TLS','SSL'] else 'false') }}
# Certificate validation (set to true if you use a proper CA; false for self-signed/dev)
LDAP_VALIDATE_CERT={{ ('true' if (LDAP.SERVER.SECURITY | upper) in ['TLS','SSL'] else 'false') }}
# --- Bind Credentials (app/service account) ---
LDAP_APP_DN={{ LDAP.DN.ADMINISTRATOR.DATA }}
LDAP_APP_PASSWORD={{ LDAP.BIND_CREDENTIAL }}
# --- User Schema / Search ---
# Base DN for user search
LDAP_SEARCH_BASE={{ LDAP.DN.ROOT }}
# Attribute used as login name (uid / sAMAccountName / mail, etc.)
LDAP_ATTRIBUTE_FOR_USERNAME={{ LDAP.USER.ATTRIBUTES.ID }}
# Attribute for email address
LDAP_ATTRIBUTE_FOR_MAIL={{ LDAP.USER.ATTRIBUTES.MAIL }}
# Search filter with placeholder for username
LDAP_SEARCH_FILTER=({{ LDAP.USER.ATTRIBUTES.ID }}=%(user)s)
{% endif %}
Reference in New Issue View Git Blame Copy Permalink