opensource-ai-agent

This repo contains a poc of an ai-agent alla chatgpt which is deployed just in a docker compose stack on a linux server and contains only opensource software: postgres, redis, caddy, , OLlamaIndex Serverpen WebUI

Plan

Database

Postgres

Cache

Redis

Reverse Proxy

Caddy

Domain

either I use one that I already have danielullrich.me eg.

• Cloudflare as its easier then

Backend

Connects to the Connectors eg. Sharepoint, Google Drive/Workspace, Just a folder Connects to the GUI, Chat Applications Eg. Open WebUI or Teams, Slack etc. Maybe Even Email

Additions Longterm

Auth

SSO via AD, Keycloak, LDAP

Connection to Teams or Slack

Bots etc.

Terraform .envrc

#hetzner server
export TF_VAR_hcloud_token=
export TF_VAR_ssh_public_key="$(cat ~/.ssh/id_ed25519_daniel.pub)"
export TF_VAR_username=ai_user
export TF_VAR_user_password=

#cloudflare
export TF_VAR_cloudflare_api_token=yR43ZxFXuDJLgUCa5MxxxKf_aTcZCg19si57O6EQ
export TF_VAR_cloudflare_zone_name=n8n-agent.site
export TF_VAR_n8n_subdomain=n8n
export TF_VAR_uptime_kuma_subdomain=status
export TF_VAR_yugabytedb_subdomain=yugabytedb

Uptime Kuma:

swag depends on uptime-kuma as its using a mod

but to create an admin account we need to access the user interface:

the way:

• remove the mod temporarily and make docker up -d
• add admin account to uptime-kuma
• reconfigure swag and add the mod and docker up -d again

Docker .envrc

Global Docker Settings

export TZ=Europe/Berlin # Time zone setting export PUID=1000 # User ID for container permissions export PGID=1000 # Group ID for container permissions

n8n db environment variables

export N8N_DB=n8n export N8N_DB_USER=n8n_user export N8N_DB_PASSWORD=

Vector DB environment variables

export VECTOR_DB=vector_db export VECTOR_DB_USER=vector_user export VECTOR_DB_PASSWORD=

#Network export N8N_NET_SUBNET=10.1.0.0/16 export N8N_NET_PREFIX=10.1.0

Yugabytedb

export YUGABYTEDB_HOST=yugabytedb export YUGABYTEDB_USER_PASSWORD=

Postgres

export POSTGRES_DB=postgres export POSTGRES_USER=postgres export POSTGRES_PASSWORD=

Domain configuration

export DOMAIN=n8n-agent.site export N8N_SUBDOMAIN=n8n export EMAIL=

Uptime Kuma Settings

export UPTIME_KUMA_USERNAME=admin export UPTIME_KUMA_PASSWORD=

Authentik Settings

export AUTHENTIK_DB=authentik export AUTHENTIK_DB_USER=authentik export AUTHENTIK_DB_PASSWORD= export AUTHENTIK_SECRET_KEY= export AUTHENTIK_REDIS_DB=1 export AUTHENTIK_REDIS_PREFIX=authentik: export AUTHENTIK_BOOTSTRAP_PASSWORD=

Superbase

############

Secrets

YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION

############

export SUPERBASE_POSTGRES_PASSWORD= export SUPERBASE_JWT_SECRET= export SUPERBASE_ANON_KEY= export SUPERBASE_SERVICE_ROLE_KEY= export SUPERBASE_DASHBOARD_USERNAME=supabase export SUPERBASE_DASHBOARD_PASSWORD= export SUPERBASE_SECRET_KEY_BASE= export SUPERBASE_VAULT_ENC_KEY=your-encryption-key-32-chars-min

############

Database - You can change these to any PostgreSQL database that has logical replication enabled.

############

export SUPERBASE_POSTGRES_HOST=db export SUPERBASE_POSTGRES_DB=postgres export SUPERBASE_POSTGRES_PORT=5432

default user is postgres

############

Supavisor -- Database pooler

############

Port Supavisor listens on for transaction pooling connections

export SUPERBASE_POOLER_PROXY_PORT_TRANSACTION=6543

Maximum number of PostgreSQL connections Supavisor opens per pool

export SUPERBASE_POOLER_DEFAULT_POOL_SIZE=20

Maximum number of client connections Supavisor accepts per pool

export SUPERBASE_POOLER_MAX_CLIENT_CONN=100

Unique tenant identifier

export SUPERBASE_POOLER_TENANT_ID=your-tenant-id

Pool size for internal metadata storage used by Supavisor

This is separate from client connections and used only by Supavisor itself

export SUPERBASE_POOLER_DB_POOL_SIZE=5

############

API Proxy - Configuration for the Kong Reverse proxy.

############

export SUPERBASE_KONG_HTTP_PORT=8000 export SUPERBASE_KONG_HTTPS_PORT=8443

############

API - Configuration for PostgREST.

############

export SUPERBASE_PGRST_DB_SCHEMAS=public,storage,graphql_public

############

Auth - Configuration for the GoTrue authentication server.

############

General

export SUPERBASE_SITE_URL=http://localhost:3000

ADDITIONAL_REDIRECT_URLS=

export SUPERBASE_JWT_EXPIRY=3600 export SUPERBASE_DISABLE_SIGNUP=true export SUPERBASE_API_EXTERNAL_URL=http://localhost:8000

Mailer Config

export SUPERBASE_MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" export SUPERBASE_MAILER_URLPATHS_INVITE="/auth/v1/verify" export SUPERBASE_MAILER_URLPATHS_RECOVERY="/auth/v1/verify" export SUPERBASE_MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify"

Email auth

export SUPERBASE_ENABLE_EMAIL_SIGNUP=true export SUPERBASE_ENABLE_EMAIL_AUTOCONFIRM=false export SUPERBASE_SMTP_ADMIN_EMAIL=admin@example.com export SUPERBASE_SMTP_HOST=supabase-mail export SUPERBASE_SMTP_PORT=2500 export SUPERBASE_SMTP_USER=fake_mail_user export SUPERBASE_SMTP_PASS=fake_mail_password export SUPERBASE_SMTP_SENDER_NAME=fake_sender export SUPERBASE_ENABLE_ANONYMOUS_USERS=false

## Phone auth

export SUPERBASE_ENABLE_PHONE_SIGNUP=true export SUPERBASE_ENABLE_PHONE_AUTOCONFIRM=true

############

Studio - Configuration for the Dashboard

############

export SUPERBASE_STUDIO_DEFAULT_ORGANIZATION=Default Organization export SUPERBASE_STUDIO_DEFAULT_PROJECT=Default Project

export SUPERBASE_STUDIO_PORT=3000

replace if you intend to use Studio outside of localhost

export SUPABASE_PUBLIC_URL=http://localhost:8000

Enable webp support

export SUPERBASE_IMGPROXY_ENABLE_WEBP_DETECTION=true

Add your OpenAI API key to enable SQL Editor Assistant

export SUPERBASE_OPENAI_API_KEY=

############

Functions - Configuration for Functions

############

NOTE: VERIFY_JWT applies to all functions. Per-function VERIFY_JWT is not supported yet.

export SUPERBASE_FUNCTIONS_VERIFY_JWT=false

############

Logs - Configuration for Analytics

Please refer to https://supabase.com/docs/reference/self-hosting-analytics/introduction

############

Change vector.toml sinks to reflect this change

these cannot be the same value

export SUPERBASE_LOGFLARE_PUBLIC_ACCESS_TOKEN= export SUPERBASE_LOGFLARE_PRIVATE_ACCESS_TOKEN=

Docker socket location - this value will differ depending on your OS

export SUPERBASE_DOCKER_SOCKET_LOCATION=/var/run/docker.sock

Google Cloud Project details

export SUPERBASE_GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID export SUPERBASE_GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER

# yugabyte uses its Ip not localhost nor its docker container name
so I need to define fixed IPs to make healthchecks and other stuff work


# terraform modules

if there is an default value in the modules vars defined I dont need to supply variables in the declaration of the module in the main.tf 

and these values are overwritten by a TF_VAR definition!

Nope they are not overwritten by TF_VAR instead it uses the default values...dumb!

I Really need to define variables two times one time in the projects vars.tf and then in the main.tf and then in the vars.tf of the modules...which is pretty dumb!

# Oracle cloud variables seems to be not working

``` .envrc
export TF_VAR_tenancy_ocid="your-tenancy-ocid"
export TF_VAR_user_ocid="your-user-ocid"
export TF_VAR_fingerprint="your-fingerprint"
export TF_VAR_private_key=$(cat ~/.oci/oci_api_key_decrypted.pem)

okay maybe that was not the problem

seems like the key was not anymore in oci...

Damnit...

But the exports work now

And also the variables should work in the terraform cloud!!

Oracle Cloud seems to only accept decrypted keys....

so:

Create .oci directory if it doesn't exist

mkdir -p ~/.oci chmod 700 ~/.oci

Decrypt the key - this will prompt for your passphrase

openssl rsa -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_decrypted.pem

Set proper permissions on decrypted key

chmod 600 ~/.oci/oci_api_key_decrypted.pem

server is not working on oci! so will switch to hetzner!

Authentik

https://authentikswag.blogspot.com/2023/10/setting-up-whoami-in-authentik.html

hmm weird. worked after I added the Docker Integration to the authentik embedded Outpost...

nope its the worker needed to make this run!!

Rename USER and change SuperUSER

CREATE ROLE authentik_new LOGIN PASSWORD ''; GRANT CONNECT ON DATABASE authentik TO authentik_new; GRANT USAGE ON SCHEMA public TO authentik_new; GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO authentik_new; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO authentik_new; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO authentik_new; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO authentik_new;

ALTER ROLE authentik_new SUPERUSER; -- Temporarily grant superuser permissions (revoke later with: ALTER ROLE authentik_new NOS

ALTER ROLE authentik RENAME TO postgres;

login as postgres:

psql -U postgres -d authentik

ALTER ROLE authentik_new NOSUPERUSER; ALTER ROLE authentik_new RENAME TO authentik;

pg_dumpall -U postgres -h localhost > /backup/backup.sql