- Configure WebUI with both LiteLLM and direct orchestrator API base URLs
- This bypasses LiteLLM's streaming issues for the qwen-2.5-7b model
- WebUI will now show models from both endpoints
- Allows testing if LiteLLM is the bottleneck for streaming
Related to streaming fix in RunPod models/vllm/server.py
Reduce database logging overhead and enable prompt caching:
- Disabled verbose logging (set_verbose: false)
- Disabled spend tracking logs to reduce DB writes
- Disabled tag tracking and daily spend logs
- Removed success/failure callbacks
- Enabled prompt caching for claude-sonnet-4.5
- Set log level to ERROR only
- Removed --detailed_debug flag from command
This should significantly improve response times by eliminating
unnecessary database writes for every request.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace HTTP Basic Auth with Authelia ForwardAuth for consistent
authentication across infrastructure:
- Asciinema Admin (admin.asciinema.dev.pivoine.art): Removed Basic Auth,
added Authelia protection
- FaceFusion (facefusion.ai.pivoine.art): Removed Basic Auth, added
Authelia protection
Updated Authelia access control to include both services with one_factor
policy.
All services now use Authelia for authentication, eliminating the need
to manage separate Basic Auth credentials.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Mailpit service to NET stack with web UI at mailpit.pivoine.art
- Configure Mailpit to relay all emails through IONOS SMTP
- Migrate all 11+ services to use Mailpit instead of direct IONOS SMTP:
* SEXY: Directus API
* UTIL: Joplin, Mattermost, Vaultwarden, Tandoor, Linkwarden
* DEV: Gitea, n8n, Asciinema
* AI: Open WebUI
* NET: Netdata (via msmtp)
- Centralize SMTP credentials in mailpit-relay.yaml
- Simplify service configs (no auth/TLS for internal SMTP)
- Enable email monitoring via Mailpit web UI with Basic Auth
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace DISABLE_SWAGGER_UI with NO_DOCS and NO_REDOC
- Following official LiteLLM documentation for disabling API docs
- Disables both Swagger UI and Redoc documentation interfaces
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add --disable_swagger flag to LiteLLM command
- Improves security by hiding API documentation interface
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Watchtower was trying to pull updates from Docker Hub for facefusion-patched:3.5.0-cpu
which only exists locally, causing spam errors. Disabled Watchtower monitoring for this
container since it's a custom-built image with NSFW filter patches.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Facefusion face swapping service to the AI stack:
**Configuration:**
- URL: https://facefusion.ai.pivoine.art
- Image: facefusion/facefusion:3.5.0-cpu
- Port: 7865
- Container: ai_facefusion
- Volume: ai_facefusion_data
- HTTP Basic Auth protection
- CPU execution mode (GPU when available)
**Changes:**
- Added facefusion service to ai/compose.yaml
- Added AI_FACEFUSION_* env vars to arty.yml
- Created ai_facefusion_data volume
- Removed old standalone facefusion stack
- Removed ai/README-export.md and ai/webui-export.py
Facefusion will run on CPU until GPU server is available.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created database initialization script following the core stack pattern.
The script automatically creates required databases on first initialization:
- openwebui: Open WebUI application database
- litellm: LiteLLM proxy database for API key management and tracking
Changes:
- Created ai/postgres/init/01-init-databases.sh
- Mounted init directory in ai_postgres service
- Added automatic privilege grants to AI_DB_USER
Note: Init script only runs on first database creation when volume is empty.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
LiteLLM now uses the ai_postgres database instance with a dedicated
'litellm' database for API key management, usage tracking, and rate limiting.
Changes:
- Set DATABASE_URL to postgresql://ai:password@ai_postgres:5432/litellm
- Added depends_on ai_postgres to ensure DB starts first
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed authentication middleware to simplify access. LiteLLM now relies
solely on Bearer token authentication via LITELLM_MASTER_KEY.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Re-enabled LITELLM_MASTER_KEY for proper API key authentication.
LiteLLM supports master key without database for simple auth scenarios.
- LiteLLM validates Bearer token against master key
- Open WebUI uses same key for internal communication
- External access requires both HTTP Basic Auth + API key
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed LITELLM_MASTER_KEY as it requires a database for virtual key
management. Security is already provided by HTTP Basic Auth on the
public Traefik endpoint. Internal Open WebUI communication doesn't
need additional API key auth.
Security layers:
- Public access: HTTP Basic Auth via Traefik
- Internal LiteLLM: Network isolation (no auth needed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added AI_LITELLM_API_KEY environment variable to .env
- Configured LiteLLM MASTER_KEY for authentication
- Updated Open WebUI to use secure API key from environment
- Generated secure 64-character hex key: sk-77b42236...
This replaces the insecure hardcoded sk-1234 key with proper
secret management via environment variables.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Healthcheck was failing because curl is not installed in the LiteLLM
container, causing Traefik to mark it as unhealthy and not route traffic.
Disabled healthcheck as Traefik doesn't require it for routing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
LiteLLM was binding to localhost by default, making it unreachable
from Traefik reverse proxy. Added --host 0.0.0.0 parameter to allow
connections from the Docker network.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik configuration to make LiteLLM accessible at llm.ai.pivoine.art
for use with @openai/codex CLI tool.
Changes:
- Added AI_LITELLM_TRAEFIK_HOST to arty.yml (llm.ai.pivoine.art)
- Updated ai/compose.yaml litellm service with full Traefik labels
- HTTP to HTTPS redirect
- SSL termination via Let's Encrypt
- Compression and security headers
This allows external tools like Codex to use Claude models via
OpenAI-compatible API endpoint.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed custom Dockerfile and SFTP function integration in favor of
the simpler REST API approach (webui-export.py).
Changes:
- Restored webui service to use official Open WebUI image
- Removed custom Dockerfile.webui (paramiko build)
- Removed ai/functions/save_to_disk.py SFTP function
- Removed SSH key and functions volume mounts
The REST API export script (webui-export.py) is a simpler and more
flexible solution that doesn't require Docker modifications.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added custom Open WebUI function for SSH/SFTP file operations:
**New Function: save_to_disk.py**
- save_file(): Write generated code to local filesystem via SFTP
- read_file(): Read files from local disk
- list_files(): List directory contents
- Configurable via Valves (host, port, username, paths)
**Custom Dockerfile (Dockerfile.webui)**
- Based on ghcr.io/open-webui/open-webui:main
- Installs paramiko library for SSH/SFTP support
- Creates .ssh directory for key storage
**Configuration Updates**
- Mount SSH private key from host (/root/.ssh/id_rsa)
- Mount functions directory for custom tools
- Build custom image with SFTP capabilities
**Usage in Open WebUI**
Claude can now use these tools to:
- Generate code and save it directly to your local disk
- Read existing files for context
- List project directories
- Create new files in any project
Default base path: /home/valknar/Projects
Authentication: SSH key-based (passwordless)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added LiteLLM as an OpenAI-compatible proxy for Anthropic's API to
enable Claude models in Open WebUI.
**New Service: litellm**
- Image: ghcr.io/berriai/litellm:main-latest
- Internal proxy on port 4000
- Converts Anthropic API to OpenAI-compatible format
- Health check with 30s intervals
- Not exposed via Traefik (internal only)
**LiteLLM Configuration (litellm-config.yaml)**
- Claude Sonnet 4 (claude-sonnet-4-20250514)
- Claude Sonnet 4.5 (claude-sonnet-4-5-20250929)
- Claude 3.5 Sonnet (claude-3-5-sonnet-20241022)
- Claude 3 Opus (claude-3-opus-20240229)
- Claude 3 Haiku (claude-3-haiku-20240307)
**Open WebUI Configuration Updates**
- Changed OPENAI_API_BASE_URLS to point to LiteLLM proxy
- URL: http://litellm:4000/v1
- Added litellm as dependency for webui service
- Dummy API key for proxy authentication
**Why LiteLLM?**
Anthropic's API uses different endpoint structure and authentication
headers compared to OpenAI. LiteLLM acts as a translation layer,
allowing Open WebUI to use Claude models through its OpenAI-compatible
interface.
**Available Models in Open WebUI**
- claude-sonnet-4 (latest Claude Sonnet 4)
- claude-sonnet-4.5 (Claude Sonnet 4.5)
- claude-3-5-sonnet
- claude-3-opus
- claude-3-haiku
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed service name from 'postgres' to 'ai_postgres' to avoid naming
conflict with the core PostgreSQL service in Docker Compose include.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created complete AI infrastructure stack at ai.pivoine.art:
**New Services:**
- **Open WebUI** (ai.pivoine.art)
- ChatGPT-like interface for AI models
- Multi-user chat with authentication
- RAG (Retrieval-Augmented Generation) support
- Document upload and processing
- Claude API integration via Anthropic
- **PostgreSQL with pgvector** (dedicated AI database)
- Vector similarity search for RAG
- Separate from production databases
- Stores embeddings and documents
- **Crawl4AI** (internal API service)
- Web scraping optimized for LLMs
- Converts websites to clean Markdown
- Called by n8n workflows
- No public exposure (internal only)
**Configuration:**
- Added 18 AI environment variables to arty.yml
- Configured email notifications via IONOS SMTP
- OpenAI API compatibility for Claude integration
- Traefik SSL termination and compression
**Backup:**
- Added 3 AI volumes to Restic backup
- Daily backup at 3 AM
- Retention: 7 daily, 4 weekly, 6 monthly, 2 yearly
**Integration:**
- Shares falcon_network with existing services
- Ready for n8n workflow automation
- Mattermost notifications support
- Watchtower auto-updates enabled
Ready for Phase 2: GPU server integration with Ollama, Whisper, and
Stable Diffusion when IONOS A10 server is provisioned.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
