feat(nixos): move smb credentials to server module and add librechat secrets

modules/nixos/default.nix

@@ -1,8 +1,7 @@
 {
-  inputs,
   lib,
   config,
-  pkgs,
+  system,
   ...
 }:
 let
@@ -56,22 +55,21 @@ in
       "/var/lib/systemd"
       "/var/lib/nixos"
     ];
-    stylix = {
-      enable = true;
-      base16Scheme = "${pkgs.base16-schemes}/share/themes/atelier-cave.yaml";
-    };
-    nixpkgs.config.allowUnfree = true;
-    nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
 
+    stylix.enable = true;
+    nixpkgs = {
+      hostPlatform = system;
+      config.allowUnfree = true;
+    };
     nix.settings = {
       experimental-features = [
         "nix-command"
         "flakes"
         "pipe-operators"
       ];
-
       trusted-users = [ "@wheel" ];
     };
+    system.stateVersion = "25.05"; # Did you read the comment?
     time.timeZone = "Asia/Singapore";
     i18n.defaultLocale = "en_US.UTF-8";
     users = {
@@ -106,18 +104,6 @@ in
         "rafiq/hashedPassword".neededForUsers = true;
         "rafiq/personalEmailPassword" = { };
         "rafiq/workEmailPassword" = { };
-        "rafiq/oldSMBCredentials" = { };
-        "librechat/creds_key" = { };
-        "librechat/creds_iv" = { };
-        "librechat/jwt_secret" = { };
-        "librechat/jwt_refresh_secret" = { };
-        "librechat/meili_master_key" = { };
-      };
-      templates = {
-        "smb-credentials".content = ''
-          username=rafiq
-          password=${config.sops.placeholder."rafiq/oldSMBCredentials"}
-        '';
       };
     };
     environment.shellInit = # sh
@@ -126,6 +112,5 @@ in
         export CVT_JIRA_KEY=$(sudo cat ${config.sops.secrets."keys/cvt-jira".path})
         export CVT_JIRA_LINK=$(sudo cat ${config.sops.secrets."misc/cvt-jira-link".path})
       '';
-    system.stateVersion = "25.05"; # Did you read the comment?
   };
 }