From c5ac2a86fc30b8fc781f5928140ed6d5fbbdc996 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Sat, 31 May 2025 19:43:10 +0800 Subject: [PATCH] feat(librechat): allow setting arbitrary environment variables from text and file --- modules/nixos/server/librechat/default.nix | 16 +++++++++++----- systems/x86_64-linux/apollo/default.nix | 17 ++++++++--------- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/modules/nixos/server/librechat/default.nix b/modules/nixos/server/librechat/default.nix index cfcea43..2e95421 100644 --- a/modules/nixos/server/librechat/default.nix +++ b/modules/nixos/server/librechat/default.nix @@ -13,6 +13,10 @@ let # Thanks to https://github.com/nix-community/home-manager/blob/60e4624302d956fe94d3f7d96a560d14d70591b9/modules/lib/shell.nix :) export = n: v: ''export ${n}="${builtins.toString v}"''; exportAll = vars: lib.concatStringsSep "\n" (lib.mapAttrsToList export vars); + exportCredentials = n: _: ''export ${n}="$(${pkgs.systemd}/bin/systemd-creds cat ${n}_FILE)"''; + exportAllCredentials = vars: lib.concatStringsSep "\n" (lib.mapAttrsToList exportCredentials vars); + transformCredential = n: v: "${n}_FILE:${v}"; + getLoadCredentialList = lib.mapAttrsToList transformCredential cfg.credentials; environmentVariablesFile = pkgs.writeTextFile { name = "librechat-env-variables.sh"; text = # sh @@ -24,6 +28,7 @@ let export CONFIG_PATH=${configFile} ${exportAll cfg.env} + ${exportAllCredentials cfg.credentials} ''; }; allowedPorts = @@ -54,7 +59,7 @@ in example = { CREDS_KEY = /run/secrets/creds_key; }; - description = "Environment variables that will be loaded in from files at runtime. See https://www.librechat.ai/docs/configuration/dotenv for a full list."; + description = "Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets. See https://www.librechat.ai/docs/configuration/dotenv for a full list."; }; env = lib.mkOption { type = @@ -107,7 +112,7 @@ in }; } ''; - description = "A free-form attribute set that will be written to librechat.yaml."; + description = "A free-form attribute set that will be written to librechat.yaml. You can use environment variables by wrapping them in \${}. Take care to escape the \$ character."; }; }; @@ -118,20 +123,21 @@ in after = [ "network.target" ]; description = "Open-source app for all your AI conversations, fully customizable and compatible with any AI provider"; serviceConfig = { - Type = "simple"; # FIXME + Type = "simple"; User = cfg.user; Group = cfg.group; PermissionsStartOnly = "true"; # run mkdir as root ExecStartPre = [ "${pkgs.coreutils}/bin/mkdir -p ${cfg.path}" "${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.path}" + "${pkgs.coreutils}/bin/chmod 775 ${cfg.path}" ]; - LoadCredential = [ ]; + LoadCredential = getLoadCredentialList; }; script = # sh '' - source ${environmentVariablesFile} cd ${cfg.path} + source ${environmentVariablesFile} ${pkgs.librechat}/bin/librechat-server ''; }; diff --git a/systems/x86_64-linux/apollo/default.nix b/systems/x86_64-linux/apollo/default.nix index 59375f7..10a2988 100644 --- a/systems/x86_64-linux/apollo/default.nix +++ b/systems/x86_64-linux/apollo/default.nix @@ -29,7 +29,14 @@ enable = true; openFirewall = true; env = { - TEST_ENV_VAR = "hello"; + HOST = "0.0.0.0"; + MONGO_URI = "mongodb://apollo:27017"; + }; + credentials = { + CREDS_KEY = config.sops.secrets."librechat/creds_key".path; + CREDS_IV = config.sops.secrets."librechat/creds_iv".path; + JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path; + JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path; }; settings = { version = "1.0.8"; @@ -61,13 +68,5 @@ }; }; - environment.persistence."/persist".directories = [ - { - directory = config.server.librechat.path; - user = config.server.librechat.user; - group = config.server.librechat.group; - } - ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }