rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nixosModules/server): add librechat service

Browse source
This commit is contained in:
Mohammad Rafiq 2025-05-29 22:19:27 +08:00
parent 0b2192986f
commit a24d727134
No known key found for this signature in database
3 changed files with 78 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

68
modules/nixos/server/default.nix
View file

@ -1,11 +1,77 @@
{ lib, config, ... }: {
lib,
config,
pkgs,
...
}:
{ {
options.server = { options.server = {
mountHelios = lib.mkEnableOption ""; mountHelios = lib.mkEnableOption "";
enableDDNS = lib.mkEnableOption ""; enableDDNS = lib.mkEnableOption "";
librechat = {
enable = lib.mkEnableOption "";
mongodbURI = lib.mkOption { type = lib.types.str; };
creds_key_file = lib.mkOption { type = lib.types.str; };
creds_iv_file = lib.mkOption { type = lib.types.str; };
jwt_secret_file = lib.mkOption { type = lib.types.str; };
jwt_refresh_secret_file = lib.mkOption { type = lib.types.str; };
meili_master_key_file = lib.mkOption { type = lib.types.str; };
path = lib.mkOption {
type = lib.types.str;
default = "/var/lib/librechat";
};
user = lib.mkOption {
type = lib.types.str;
default = "librechat";
};
};
}; };
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf config.server.librechat.enable {
environment.persistence."/persist".directories = [
{
directory = config.server.librechat.path;
user = config.server.librechat.user;
group = "librechat";
}
];
systemd.services.librechat = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Open-source app for all your AI conversations, fully customizable and compatible with any AI provider";
serviceConfig = {
Type = "simple"; # FIXME
User = config.server.librechat.user;
LoadCredential = [
"CREDS_KEY_FILE:${config.server.librechat.creds_key_file}"
"CREDS_IV_FILE:${config.server.librechat.creds_iv_file}"
"JWT_SECRET_FILE:${config.server.librechat.jwt_secret_file}"
"JWT_REFRESH_SECRET_FILE:${config.server.librechat.jwt_refresh_secret_file}"
"MEILI_MASTER_KEY_FILE:${config.server.librechat.meili_master_key_file}"
];
};
script = # sh
''
export MONGO_URI="${config.server.librechat.mongodbURI}"
export CREDS_KEY=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_KEY_FILE)
export CREDS_IV=$(${pkgs.systemd}/bin/systemd-creds cat CREDS_IV_FILE)
export JWT_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_SECRET_FILE)
export JWT_REFRESH_SECRET=$(${pkgs.systemd}/bin/systemd-creds cat JWT_REFRESH_SECRET_FILE)
export MEILI_MASTER_KEY=$(${pkgs.systemd}/bin/systemd-creds cat MEILI_MASTER_KEY_FILE)
cd ${config.server.librechat.path}
${pkgs.librechat}/bin/librechat-server
'';
};
users.users.librechat = lib.mkIf (config.server.librechat.user == "librechat") {
name = "librechat";
isSystemUser = true;
group = "librechat";
description = "LibreChat server user";
};
users.groups.librechat = lib.mkIf (config.server.librechat.user == "librechat") { };
})
(lib.mkIf config.server.enableDDNS { (lib.mkIf config.server.enableDDNS {
services.godns = { services.godns = {
enable = true; enable = true;

5
modules/nixos/system/secrets.nix
View file

@ -23,10 +23,5 @@
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
export CVT_JIRA_KEY=$(sudo cat ${config.sops.secrets."keys/cvt-jira".path}) export CVT_JIRA_KEY=$(sudo cat ${config.sops.secrets."keys/cvt-jira".path})
export CVT_JIRA_LINK=$(sudo cat ${config.sops.secrets."misc/cvt-jira-link".path}) export CVT_JIRA_LINK=$(sudo cat ${config.sops.secrets."misc/cvt-jira-link".path})
export CREDS_KEY=$(sudo cat ${config.sops.secrets."librechat/creds_key".path})
export CREDS_IV=$(sudo cat ${config.sops.secrets."librechat/creds_iv".path})
export JWT_SECRET=$(sudo cat ${config.sops.secrets."librechat/jwt_secret".path})
export JWT_REFRESH_SECRET=$(sudo cat ${config.sops.secrets."librechat/jwt_refresh_secret".path})
export MEILI_MASTER_KEY=$(sudo cat ${config.sops.secrets."librechat/meili_master_key".path})
''; '';
} }

13
systems/x86_64-linux/nemesis/default.nix
View file

@ -1,6 +1,6 @@
{ lib, pkgs, ... }: { lib, config, ... }:
{ {
environment.systemPackages = [ pkgs.librechat ];
system = { system = {
hostname = "nemesis"; hostname = "nemesis";
mainUser.name = "rafiq"; mainUser.name = "rafiq";
@ -49,6 +49,15 @@
} }
]; ];
}; };
librechat = {
enable = true;
mongodbURI = "mongodb://apollo:27017";
creds_key_file = config.sops.secrets."librechat/creds_key".path;
creds_iv_file = config.sops.secrets."librechat/creds_iv".path;
jwt_secret_file = config.sops.secrets."librechat/jwt_secret".path;
jwt_refresh_secret_file = config.sops.secrets."librechat/jwt_refresh_secret".path;
meili_master_key_file = config.sops.secrets."librechat/meili_master_key".path;
};
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";