feat(nixosModules/secrets): add secrets for librechat:

modules/nixos/system/secrets.nix

@@ -11,6 +11,11 @@
       "keys/telegram_bot" = { };
       "misc/cvt-jira-link" = { };
       "rafiq/hashedPassword".neededForUsers = true;
+      "librechat/creds_key" = { };
+      "librechat/creds_iv" = { };
+      "librechat/jwt_secret" = { };
+      "librechat/jwt_refresh_secret" = { };
+      "librechat/meili_master_key" = { };
     };
   };
   environment.shellInit = # sh
@@ -18,5 +23,10 @@
       export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
       export CVT_JIRA_KEY=$(sudo cat ${config.sops.secrets."keys/cvt-jira".path})
       export CVT_JIRA_LINK=$(sudo cat ${config.sops.secrets."misc/cvt-jira-link".path})
+      export CREDS_KEY=$(sudo cat ${config.sops.secrets."librechat/creds_key".path})
+      export CREDS_IV=$(sudo cat ${config.sops.secrets."librechat/creds_iv".path})
+      export JWT_SECRET=$(sudo cat ${config.sops.secrets."librechat/jwt_secret".path})
+      export JWT_REFRESH_SECRET=$(sudo cat ${config.sops.secrets."librechat/jwt_refresh_secret".path})
+      export MEILI_MASTER_KEY=$(sudo cat ${config.sops.secrets."librechat/meili_master_key".path})
     '';
 }

secrets/secrets.yaml

@@ -8,6 +8,12 @@ keys:
     telegram_bot: ENC[AES256_GCM,data:qGJx1Bph94oU2USjZL4h2NqV5ueCiYIvEbx84Xg687F5//MItLAS58MZdUPSuQ==,iv:WmldN5Je4miamLXCK6Cv17TTGmaBq/lde2czsEgNBi4=,tag:aU27eDE5PbYAniKEXk+MRA==,type:str]
 misc:
     cvt-jira-link: ENC[AES256_GCM,data:J3XpDV2yjO5DMd5JF2stCBWZntTxenHuj+kXGAOs8oI=,iv:1YqJ6NF24CtA+E8ZB0M/7//xihFggyMMj0k0voaVPa0=,tag:XTZqC4gAy5ld0nFyAqL/Ww==,type:str]
+librechat:
+    creds_key: ENC[AES256_GCM,data:/fzPgZiDnyWZalJUBFpFQ2/anxvbX3XLp18n+x1xfzOMisq52ISB5VJOzi9xaNRNruQEoh/lva9gDbIgNyzduA==,iv:xGgufMc/tPOLCKEb2MnEkxmf0FPpENGW1FcCm15CW6k=,tag:9aR+DndXkCg1sboxTFuygQ==,type:str]
+    creds_iv: ENC[AES256_GCM,data:fbBD9RsuEHwDETwiYtAS9kBxgTy6zubrxHWpcuoEsR0=,iv:uZcwIfDPPn4XUf8IZkI29VH9CiKvEOlWuUaWgSjl1Kc=,tag:qbgiQU7bWSFjoGEwoptCpg==,type:str]
+    jwt_secret: ENC[AES256_GCM,data:ZhDNIXrCaRWWfrlPxpBfnmeUluW0z72KGpQv9mGyf1kCCnfx3V2lPMm6QS6biajC+4oPVfgwqcXc4Lvs8OqU9g==,iv:1Ecj8fh+M5kw8cmVD96U6QgE7fNy9cbQV9v2Q305puc=,tag:U1ZglGWdTH1TGfcIIORMHQ==,type:str]
+    jwt_refresh_secret: ENC[AES256_GCM,data:/4X6h51oRRaOg7UZ/zUcS1L8QyFnhsTYrz8D6R3ZP/tFAEMO/IfYJHHQQ8UtgKjAEwIVYcpIco8lUDhm06folw==,iv:02/LgoiMZ6MzBSd+JAi+iuF3dzqsVyqX6gQfWPY8sIc=,tag:5VrCh7ZKNJD3ynjcyQpVyg==,type:str]
+    meili_master_key: ENC[AES256_GCM,data:SFBALLqK1Gi5nvh5NyQF6Sr+BQdln4/SUSUGevK04eM=,iv:fElBxrcOCgi3ZO9Jtz2aA6q/S4liHjRpfxSg+LmSu+4=,tag:kx4k2DDm8Kt0KkQl63UMIQ==,type:str]
 sops:
     age:
         - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
@@ -19,7 +25,7 @@ sops:
             WXFKbjNMWDF0LzNyekJJMGFva2diemcKQTc8ODuK6IWqRhulHiCF92aU+3p23riY
             M94Nzh+VT6QTFOgb3J7bBJMLhRH/fkQb6L6ia2n9QrVXFyYYMJ0oBw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-29T08:03:55Z"
-    mac: ENC[AES256_GCM,data:MpX28rLk3L8W2iKETg/+T2ngQAJhipCTod2l7JhRO7eBcV9TskD6f8Cm/rfC7NtlwItTwO3oY8MC/oT31UbJw85nlk94puPqkynqckDp3QgmOhq4491rmhEuhjXJW0ukeFa/Bffiv20SHQKizAZ2MRbUXxdyX9uG9+5ibSVuGAI=,iv:XFYuG2KCl2nwEvjCRE6LqYghIcIWVvlgnS+6l89XvYQ=,tag:wT9MrEM8bsUu10ZHyCx7TA==,type:str]
+    lastmodified: "2025-05-29T12:08:02Z"
+    mac: ENC[AES256_GCM,data:stUFIwqeYA3DV+41Su9xnvee5AzzwT7A2XEBeIEtp+E/LW5UdBd9ZIABglMswezqdT3i4zttBHgampymUQM/J9knUdAsJzEusappH+qnX/XD4LbNWNga+hK5yMWngf79hlI8EVt2IXYKIPmkL3LI6uDJf/+Wd0u/LX6MD3hOgM0=,iv:5JuzuUkoGgm1rBhOvDd4iOWb0X+aJwJwGHh8BQ63wnk=,tag:WNiLCzjOYy5h2Yss4OM5Tw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

systems/x86_64-linux/nemesis/default.nix

@@ -1,5 +1,6 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 {
+  environment.systemPackages = [ pkgs.librechat ];
   system = {
     hostname = "nemesis";
     mainUser.name = "rafiq";