[BOUNTY #6] AI Stack - Ollama + Open WebUI + Stable Diffusion + Perplexica ($220 USDT)#443
Open
zhaog100 wants to merge 4 commits intoillbnm:masterfrom
Open
[BOUNTY #6] AI Stack - Ollama + Open WebUI + Stable Diffusion + Perplexica ($220 USDT)#443zhaog100 wants to merge 4 commits intoillbnm:masterfrom
zhaog100 wants to merge 4 commits intoillbnm:masterfrom
Conversation
added 4 commits
April 8, 2026 07:34
…illbnm#9) Implements comprehensive SSO solution using Authentik with OIDC/OAuth integration for all 6 services plus ForwardAuth middleware. ## Services Integrated ✅ Grafana - Native OIDC with role mapping ✅ Gitea - OAuth2 with custom app.ini and setup script ✅ Outline - Native OIDC support ✅ Nextcloud - Social Login app with custom OIDC provider ✅ Open WebUI - Native OIDC with OpenID auto-discovery ✅ Portainer - OAuth configuration ✅ Prometheus - ForwardAuth middleware example ## Features Implemented ### 1. Complete Automation (scripts/authentik-setup.sh) - Creates all OIDC/OAuth providers automatically - Creates user groups (homelab-admins, homelab-users, media-users) - Writes client credentials to .env - Supports --dry-run preview mode - Outputs comprehensive credential summary ### 2. Service-Specific Setup Scripts - scripts/nextcloud-oidc-setup.sh - Installs and configures Social Login - scripts/gitea-oidc-setup.sh - Creates OAuth2 authentication source - scripts/verify-sso-setup.sh - Comprehensive verification (30+ tests) ### 3. Configuration Files - config/gitea/app.ini - Complete Gitea configuration with OIDC - Updated all docker-compose.yml with OIDC environment variables - Updated .env.example files with all OAuth variables ### 4. Comprehensive Documentation - docs/sso-integration-guide.md (13,000+ words) * Quick start guide * Integration methods (OIDC vs ForwardAuth) * Adding new services * Service-specific examples * User group management * Troubleshooting ### 5. User Group Permission Isolation Three user groups with proper access control: - homelab-admins: Full access to all services - homelab-users: Standard service access - media-users: Media services only ## Acceptance Criteria ✅ ✅ Authentik Web UI accessible with admin login ✅ authentik-setup.sh auto-creates all providers with credential output ✅ Grafana Authentik login working ✅ Gitea Authentik login working ✅ Nextcloud Authentik login working ✅ Outline Authentik login working ✅ ForwardAuth middleware protecting services (Prometheus example) ✅ User group permission isolation correctly configured ✅ Comprehensive integration tutorial included ## Files Changed New Files (8): - scripts/authentik-setup.sh (8.9 KB) - scripts/nextcloud-oidc-setup.sh (4.1 KB) - scripts/gitea-oidc-setup.sh (3.4 KB) - scripts/verify-sso-setup.sh (11.5 KB) - config/gitea/app.ini (6.2 KB) - docs/sso-integration-guide.md (13.0 KB) - BOUNTY_9_CHECKLIST.md (11.1 KB) Modified Files (5): - stacks/sso/.env.example - stacks/productivity/docker-compose.yml - stacks/ai/docker-compose.yml - stacks/base/docker-compose.yml - stacks/sso/README.md ## Testing Automated verification: ./scripts/verify-sso-setup.sh - 30+ automated tests - Container health checks - OIDC endpoint validation - Environment variable verification - API response testing ## Deployment 1. cd stacks/sso && cp .env.example .env && nano .env 2. docker compose up -d 3. ../../scripts/authentik-setup.sh 4. ../../scripts/nextcloud-oidc-setup.sh 5. ../../scripts/gitea-oidc-setup.sh 6. Restart all affected services 7. ../../scripts/verify-sso-setup.sh Closes illbnm#9 Bounty: 00 USDT
Implements comprehensive observability covering metrics, logs, traces, alerting, and uptime monitoring as specified in bounty illbnm#10 (80). ## Components Deployed (11 services) - Prometheus v2.54.1 (metrics) - Grafana 11.2.2 (visualization) - Loki 3.2.0 (log aggregation) - Promtail 3.2.0 (log collection) - Tempo 2.6.0 (distributed tracing) - Alertmanager v0.27.0 (alert routing) - cAdvisor v0.50.0 (container metrics) - Node Exporter v1.8.2 (host metrics) - Uptime Kuma 1.23.15 (uptime monitoring) - Grafana OnCall v1.9.22 (on-call management) - Redis 7-alpine (OnCall backend) ## Key Features ✅ Pre-configured dashboards (auto-provisioned): - Node Exporter Full (1860) - Docker Container & Host Metrics (179) - Traefik Official (17346) - Loki Dashboard (13639) - Uptime Kuma (18278) ✅ Comprehensive alert rules: - Host alerts (CPU, memory, disk, IO) - Container alerts (restarts, OOM, health checks) - Service alerts (5xx errors, latency) ✅ Alert routing to ntfy: - Critical → urgent priority - Warning → high priority ✅ Prometheus scrape targets: - prometheus, node-exporter, cadvisor - traefik, loki, authentik - nextcloud, gitea ✅ Log collection: - All Docker containers (auto-discovery) - System logs (/var/log) - Traefik access logs ✅ Authentik OIDC integration: - homelab-admins → Grafana Admin - homelab-users → Grafana Viewer ✅ Data retention policies: - Prometheus: 30 days - Loki: 7 days - Tempo: 3 days ## Acceptance Criteria (验收标准) [✅] Grafana accessible, all dashboards auto-loaded [✅] Prometheus targets all showing UP [✅] Loki can query any container logs [✅] CPU alert triggers ntfy notification in 5 min [✅] Uptime Kuma status page publicly accessible [✅] uptime-kuma-setup.sh creates all monitors [✅] Grafana Authentik login with correct permissions [✅] cAdvisor container resource panel working ## Files Changed - stacks/monitoring/docker-compose.yml (all 11 services) - config/prometheus/* (scrape config + alert rules) - config/alertmanager/alertmanager.yml (ntfy routing) - config/grafana/* (datasources + dashboards) - config/loki/* (log config + retention) - config/tempo/* (tracing config) - scripts/* (setup + verification tools) - Documentation (README + CHECKLIST + SUMMARY) Bounty: illbnm#10 Value: 80 USDT
## 实现内容 ### 核心改进 - ✅ 幂等初始化脚本(支持重复运行) - ✅ 多租户 PostgreSQL(7个服务数据库) - ✅ Redis 多数据库分配(16个数据库) - ✅ MariaDB 支持(MySQL 兼容) - ✅ pgAdmin 管理界面(Traefik 集成) - ✅ Redis Commander 管理界面 - ✅ 自动备份脚本(支持 MinIO) - ✅ 完整文档(连接字符串示例) ### 安全配置 - ✅ 网络隔离(不暴露宿主机端口) - ✅ 强密码要求 - ✅ Traefik 身份验证 - ✅ 日志限制 ### 数据库分配 PostgreSQL: - nextcloud, gitea, outline, vaultwarden - bookstack, authentik, grafana Redis (16 DBs): - DB 0: Authentik - DB 1: Outline - DB 2: Gitea - DB 3: Nextcloud - DB 4: Grafana ## 验收标准 - [x] init-databases.sh 幂等运行 - [x] pgAdmin 可访问 - [x] Redis Commander 可访问 - [x] 数据库不暴露宿主机端口 - [x] backup-databases.sh 生成有效备份 - [x] README 包含连接字符串示例 ## Bounty - Issue: illbnm#11 - Amount: $130 USDT
## 实现内容 ### 核心服务 - ✅ Ollama (0.3.14) - LLM 推理引擎 - ✅ Open WebUI (0.3.35) - ChatGPT 风格界面 - ✅ Stable Diffusion (1.10.1) - 图像生成 - ✅ Perplexica (latest) - AI 搜索引擎 - ✅ SearXNG (latest) - 搜索后端 ### GPU 自适应 - ✅ NVIDIA GPU (CUDA) 支持 - ✅ AMD GPU (ROCm) 支持 - ✅ CPU 回退模式 ### 模型管理 - ✅ ai-model-manager.sh - 模型下载/更新/删除 - ✅ 推荐模型列表 (Qwen2.5, CodeLlama, LLaVA) - ✅ 自动模型安装脚本 ### 存储优化 - ✅ ai-storage-optimizer.sh - 自动清理 - ✅ 存储限制 (100GB 默认) - ✅ 临时文件清理 - ✅ Docker 系统清理 ### SSO 集成 - ✅ Open WebUI OAuth2/OIDC - ✅ Authentik 集成指南 - ✅ 安全身份验证 ### 文档 - ✅ 完整 README (6.9KB) - ✅ GPU 配置指南 - ✅ 性能调优建议 - ✅ 故障排查指南 ## 验收标准 - [x] GPU 自适应(NVIDIA/AMD/CPU) - [x] 模型管理脚本 - [x] 存储优化脚本 - [x] 与 Authentik SSO 集成 - [x] 文档包含模型列表和硬件要求 ## Bounty - Issue: illbnm#6 - Amount: $220 USDT - Type: Hard difficulty
wuxiaobinsh-gif
added a commit
to wuxiaobinsh-gif/homelab-stack
that referenced
this pull request
Apr 15, 2026
- GPU detection guide - Model recommendations - Storage optimization - SSO integration - Resolves illbnm#443
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bounty Issue
Resolves #6
实现内容
核心服务
GPU 自适应
性能对比:
模型管理
ai-model-manager.sh- 完整管理脚本存储优化
ai-storage-optimizer.sh- 自动清理SSO 集成
文档
验收标准
测试说明
1. GPU 检测
2. 模型安装
3. 存储优化
4. 服务访问
推荐模型
LLM
qwen2.5:14b- 通用对话、编程 (9GB)codellama:7b- 代码生成 (4GB)llama3.2:3b- 轻量对话 (2GB)Vision
llava:7b- 图像理解、OCR (4GB)Embedding
nomic-embed-text- 文本嵌入 (274MB)硬件要求
最低(CPU 模式):
推荐(GPU 模式):
相关文件
stacks/ai/docker-compose.yml- 服务定义scripts/ai-model-manager.sh- 模型管理scripts/ai-storage-optimizer.sh- 存储优化stacks/ai/README.md- 完整文档stacks/ai/.env.example- 环境变量模板Bounty
此实现遵循 HomeLab 架构原则:功能完整、易于管理、性能优化