From 2825ea7df55cd55450ce434234de76080ee45176 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Thu, 29 May 2025 22:28:22 +0800 Subject: [PATCH] refactor(nixosModules/server): move librechat to its own module --- modules/nixos/server/default.nix | 61 -------------------- modules/nixos/server/librechat/default.nix | 67 ++++++++++++++++++++++ systems/x86_64-linux/nemesis/default.nix | 7 +++ 3 files changed, 74 insertions(+), 61 deletions(-) create mode 100644 modules/nixos/server/librechat/default.nix diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index ddf7a91..7db8461 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -8,70 +8,9 @@ options.server = { mountHelios = lib.mkEnableOption ""; enableDDNS = lib.mkEnableOption ""; - librechat = { - enable = lib.mkEnableOption ""; - mongodbURI = lib.mkOption { type = lib.types.str; }; - creds_key_file = lib.mkOption { type = lib.types.str; }; - creds_iv_file = lib.mkOption { type = lib.types.str; }; - jwt_secret_file = lib.mkOption { type = lib.types.str; }; - jwt_refresh_secret_file = lib.mkOption { type = lib.types.str; }; - meili_master_key_file = lib.mkOption { type = lib.types.str; }; - path = lib.mkOption { - type = lib.types.str; - default = "/var/lib/librechat"; - }; - user = lib.mkOption { - type = lib.types.str; - default = "librechat"; - }; - }; }; config = lib.mkMerge [ - (lib.mkIf config.server.librechat.enable { - environment.persistence."/persist".directories = [ - { - directory = config.server.librechat.path; - user = config.server.librechat.user; - group = "librechat"; - } - ]; - systemd.services.librechat = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - description = "Open-source app for all your AI conversations, fully customizable and compatible with any AI provider"; - serviceConfig = { - Type = "simple"; # FIXME - User = config.server.librechat.user; - LoadCredential = [ - "CREDS_KEY_FILE:${config.server.librechat.creds_key_file}" - "CREDS_IV_FILE:${config.server.librechat.creds_iv_file}" - "JWT_SECRET_FILE:${config.server.librechat.jwt_secret_file}" - "JWT_REFRESH_SECRET_FILE:${config.server.librechat.jwt_refresh_secret_file}" - "MEILI_MASTER_KEY_FILE:${config.server.librechat.meili_master_key_file}" - ]; - }; - script = # sh - '' - export MONGO_URI="${config.server.librechat.mongodbURI}" - export CREDS_KEY=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_KEY_FILE) - export CREDS_IV=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_IV_FILE) - export JWT_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_SECRET_FILE) - export JWT_REFRESH_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_REFRESH_SECRET_FILE) - export MEILI_MASTER_KEY=$(${pkgs.systemd}/bin/systemd-creds cat MEILI_MASTER_KEY_FILE) - cd ${config.server.librechat.path} - ${pkgs.librechat}/bin/librechat-server - ''; - }; - - users.users.librechat = lib.mkIf (config.server.librechat.user == "librechat") { - name = "librechat"; - isSystemUser = true; - group = "librechat"; - description = "LibreChat server user"; - }; - users.groups.librechat = lib.mkIf (config.server.librechat.user == "librechat") { }; - }) (lib.mkIf config.server.enableDDNS { services.godns = { enable = true; diff --git a/modules/nixos/server/librechat/default.nix b/modules/nixos/server/librechat/default.nix new file mode 100644 index 0000000..d0c250c --- /dev/null +++ b/modules/nixos/server/librechat/default.nix @@ -0,0 +1,67 @@ +#TODO: add settings option that generates librechat.yaml +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.server.librechat; +in +{ + options.server.librechat = { + enable = lib.mkEnableOption ""; + mongodbURI = lib.mkOption { type = lib.types.str; }; + creds_key_file = lib.mkOption { type = lib.types.str; }; + creds_iv_file = lib.mkOption { type = lib.types.str; }; + jwt_secret_file = lib.mkOption { type = lib.types.str; }; + jwt_refresh_secret_file = lib.mkOption { type = lib.types.str; }; + meili_master_key_file = lib.mkOption { type = lib.types.str; }; + path = lib.mkOption { + type = lib.types.str; + default = "/var/lib/librechat"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "librechat"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.librechat = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Open-source app for all your AI conversations, fully customizable and compatible with any AI provider"; + serviceConfig = { + Type = "simple"; # FIXME + User = cfg.user; + LoadCredential = [ + "CREDS_KEY_FILE:${cfg.creds_key_file}" + "CREDS_IV_FILE:${cfg.creds_iv_file}" + "JWT_SECRET_FILE:${cfg.jwt_secret_file}" + "JWT_REFRESH_SECRET_FILE:${cfg.jwt_refresh_secret_file}" + "MEILI_MASTER_KEY_FILE:${cfg.meili_master_key_file}" + ]; + }; + script = # sh + '' + export MONGO_URI="${cfg.mongodbURI}" + export CREDS_KEY=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_KEY_FILE) + export CREDS_IV=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_IV_FILE) + export JWT_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_SECRET_FILE) + export JWT_REFRESH_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_REFRESH_SECRET_FILE) + export MEILI_MASTER_KEY=$(${pkgs.systemd}/bin/systemd-creds cat MEILI_MASTER_KEY_FILE) + cd ${cfg.path} + ${pkgs.librechat}/bin/librechat-server + ''; + }; + + users.users.librechat = lib.mkIf (cfg.user == "librechat") { + name = "librechat"; + isSystemUser = true; + group = "librechat"; + description = "LibreChat server user"; + }; + users.groups.librechat = lib.mkIf (cfg.user == "librechat") { }; + }; +} diff --git a/systems/x86_64-linux/nemesis/default.nix b/systems/x86_64-linux/nemesis/default.nix index 1ec8da8..1d0de6c 100644 --- a/systems/x86_64-linux/nemesis/default.nix +++ b/systems/x86_64-linux/nemesis/default.nix @@ -60,5 +60,12 @@ }; }; + environment.persistence."/persist".directories = [ + { + directory = config.server.librechat.path; + user = config.server.librechat.user; + group = "librechat"; + } + ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }