From 528e669ff3e8db2dd28c65e996603678367b3b67 Mon Sep 17 00:00:00 2001
From: codgician <15964984+codgician@users.noreply.github.com>
Date: Sun, 25 May 2025 00:30:44 +0800
Subject: [PATCH] nixos/open-webui: allow service to access gpu

---
 nixos/modules/services/misc/open-webui.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nixos/modules/services/misc/open-webui.nix b/nixos/modules/services/misc/open-webui.nix
index a31c6b42d696..521aacd39939 100644
--- a/nixos/modules/services/misc/open-webui.nix
+++ b/nixos/modules/services/misc/open-webui.nix
@@ -132,6 +132,21 @@ in
           "@system-service"
           "~@privileged"
         ];
+        SupplementaryGroups = [ "render" ]; # for rocm to access /dev/dri/renderD* devices
+        DeviceAllow = [
+          # CUDA
+          # https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
+          "char-nvidiactl"
+          "char-nvidia-caps"
+          "char-nvidia-frontend"
+          "char-nvidia-uvm"
+          # ROCm
+          "char-drm"
+          "char-fb"
+          "char-kfd"
+          # WSL (Windows Subsystem for Linux)
+          "/dev/dxg"
+        ];
       };
     };