feat(sgx): update OpenWebUI configuration for API settings

- Enable Ollama API by setting `ENABLE_OLLAMA_API` to true.
- Disable OpenAI API by setting `ENABLE_OPENAI_API` to false.
This improves control over API usage and ensures proper configuration.

systems/x86_64-linux/sgx/acme.nix

@@ -1,8 +1,5 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
+{ config
+, ...
 }:
 {
   sops.secrets.internetbs = {
@@ -17,8 +14,12 @@
       credentialsFile = config.sops.secrets.internetbs.path;
     };
     certs = {
-      "openwebui.hoyer.world" = { };
-      "syncthing.hoyer.world" = { };
+      "internal.hoyer.world" = {
+        extraDomainNames = [
+          "openwebui.hoyer.world"
+          "syncthing.hoyer.world"
+        ];
+      };
     };
   };
 }

systems/x86_64-linux/sgx/nginx.nix

@@ -1,8 +1,5 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
+{ config
+, ...
 }:
 {
   users.users.nginx.extraGroups = [ "acme" ];
@@ -23,7 +20,7 @@
     virtualHosts = {
       "openwebui.hoyer.world" = {
         enableACME = false;
-        useACMEHost = "openwebui.hoyer.world";
+        useACMEHost = "internal.hoyer.world";
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://127.0.0.1:${toString config.services.open-webui.port}";
@@ -32,7 +29,7 @@
       };
       "syncthing.hoyer.world" = {
         enableACME = false;
-        useACMEHost = "syncthing.hoyer.world";
+        useACMEHost = "internal.hoyer.world";
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://127.0.0.1:8384";

systems/x86_64-linux/sgx/openwebui.nix

@@ -3,12 +3,14 @@
   services.open-webui = {
     enable = true;
     port = 8080;
-    host = "0.0.0.0";
+    host = "127.0.0.1";
     environment = {
       ANONYMIZED_TELEMETRY = "False";
       DO_NOT_TRACK = "True";
       SCARF_NO_ANALYTICS = "True";
+      ENABLE_OLLAMA_API = "True";
       OLLAMA_API_BASE_URL = "http://m4.local:11434";
+      ENABLE_OPENAI_API = "False";
       # Disable authentication
       WEBUI_AUTH = "False";
     };