selfhostblocks/test/services/open-webui.nix
Dmitry 24fdbb81df Fix Open WebUI tests in offline mode
Open WebUI 0.9.6 still initializes its embedding function during startup, even when OFFLINE_MODE=true and BYPASS_EMBEDDING_AND_RETRIEVAL=true. With OFFLINE_MODE=true and no cached SentenceTransformer model, startup failed with:

ValueError: No embedding model is loaded. Set RAG_EMBEDDING_MODEL to a valid SentenceTransformer model name, or configure an external RAG_EMBEDDING_ENGINE (ollama, openai, azure_openai).

Configure the tests to use a dummy Ollama embedding endpoint so startup does not try to load or download a local embedding model. The endpoint is not meant to be contacted by these tests; it only keeps startup on the external embedding configuration path.
2026-06-17 12:50:57 +02:00

247 lines
6.6 KiB
Nix

{ shb, ... }:
let
oidcSecret = "oidcSecret";
commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.open-webui.ssl);
waitForServices =
{ ... }:
[
"open-webui.service"
"nginx.service"
];
waitForPorts =
{ node, ... }:
[
node.config.shb.open-webui.port
];
};
basic =
{ config, ... }:
{
imports = [
shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix
../../modules/services/open-webui.nix
];
test = {
subdomain = "o";
};
shb.open-webui = {
enable = true;
inherit (config.test) subdomain domain;
};
# Speeds up tests because models can't be downloaded anyway and that leads to retries.
services.open-webui.environment = {
OFFLINE_MODE = "true";
BYPASS_EMBEDDING_AND_RETRIEVAL = "true";
RAG_EMBEDDING_ENGINE = "ollama";
RAG_EMBEDDING_MODEL = "dummy";
RAG_OLLAMA_BASE_URL = "http://127.0.0.1:9";
};
networking.hosts = {
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
};
};
https =
{ config, ... }:
{
shb.open-webui = {
ssl = config.shb.certs.certs.selfsigned.n;
};
systemd.services.open-webui.environment = {
# Needed for open-webui to be able to talk to auth server.
SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
};
};
ldap =
{ config, ... }:
{
shb.open-webui = {
ldap = {
userGroup = "user_group";
adminGroup = "admin_group";
};
};
};
clientLoginSso =
{ config, ... }:
{
imports = [
shb.test.baseModule
shb.test.clientLoginModule
];
virtualisation.memorySize = 4096;
test = {
subdomain = "o";
};
test.login = {
startUrl = "https://${config.test.fqdn}/auth";
beforeHook = ''
page.get_by_role("button", name="continue").click()
'';
usernameFieldLabelRegex = "Username";
passwordFieldLabelRegex = "Password";
loginButtonNameRegex = "[sS]ign [iI]n";
testLoginWith = [
{
username = "alice";
password = "NotAlicePassword";
nextPageExpect = [
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible(timeout=20000)"
];
}
{
username = "alice";
password = "AlicePassword";
nextPageExpect = [
"page.get_by_role('button', name=re.compile('Accept')).click()"
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_url(re.compile('https://o.example.com/$'), timeout=20000)"
"assert page.evaluate(\"async () => { const r = await fetch('/api/v1/auths/'); if (!r.ok) return false; const u = await r.json(); return u.email === 'alice@example.com'; }\")"
];
}
{
username = "bob";
password = "NotBobPassword";
nextPageExpect = [
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible(timeout=20000)"
];
}
{
username = "bob";
password = "BobPassword";
nextPageExpect = [
"page.get_by_role('button', name=re.compile('Accept')).click()"
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_url(re.compile('https://o.example.com/$'), timeout=20000)"
"assert page.evaluate(\"async () => { const r = await fetch('/api/v1/auths/'); if (!r.ok) return false; const u = await r.json(); return u.email === 'bob@example.com'; }\")"
];
}
{
username = "charlie";
password = "NotCharliePassword";
nextPageExpect = [
"expect(page.get_by_text(re.compile('[Ii]ncorrect'))).to_be_visible(timeout=20000)"
];
}
{
username = "charlie";
password = "CharliePassword";
nextPageExpect = [
"page.get_by_role('button', name=re.compile('Accept')).click()"
"expect(page.get_by_text('do not have permission')).to_be_visible(timeout=20000)"
];
}
];
};
};
sso =
{ config, ... }:
{
virtualisation.memorySize = 4096;
shb.open-webui = {
sso = {
enable = true;
authEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
clientID = "open-webui";
sharedSecret.result = config.shb.hardcodedsecret.oidcSecret.result;
sharedSecretForAuthelia.result = config.shb.hardcodedsecret.oidcAutheliaSecret.result;
};
};
shb.hardcodedsecret.oidcSecret = {
request = config.shb.open-webui.sso.sharedSecret.request;
settings.content = oidcSecret;
};
shb.hardcodedsecret.oidcAutheliaSecret = {
request = config.shb.open-webui.sso.sharedSecretForAuthelia.request;
settings.content = oidcSecret;
};
};
in
{
basic = shb.test.runNixOSTest {
name = "open-webui_basic";
nodes.client = { };
nodes.server = {
imports = [
basic
];
};
testScript = commonTestScript.access;
};
backup = shb.test.runNixOSTest {
name = "open-webui_backup";
nodes.server =
{ config, ... }:
{
imports = [
basic
(shb.test.backup config.shb.open-webui.backup)
];
};
nodes.client = { };
testScript = commonTestScript.backup;
};
https = shb.test.runNixOSTest {
name = "open-webui_https";
nodes.client = { };
nodes.server = {
imports = [
basic
shb.test.certs
https
];
};
testScript = commonTestScript.access;
};
sso = shb.test.runNixOSTest {
name = "open-webui_sso";
nodes.client = {
imports = [
clientLoginSso
];
};
nodes.server =
{ config, pkgs, ... }:
{
imports = [
basic
shb.test.certs
https
shb.test.ldap
ldap
(shb.test.sso config.shb.certs.certs.selfsigned.n)
sso
];
};
testScript = commonTestScript.access;
};
}