rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(librechat): allow setting arbitrary environment variables from text and file

Browse source
This commit is contained in:
Mohammad Rafiq 2025-05-31 19:43:10 +08:00
parent ff368be300
commit c5ac2a86fc
No known key found for this signature in database
2 changed files with 19 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/nixos/server/librechat/default.nix
View file

@ -13,6 +13,10 @@ let
# Thanks to https://github.com/nix-community/home-manager/blob/60e4624302d956fe94d3f7d96a560d14d70591b9/modules/lib/shell.nix :)
export = n: v: ''export ${n}="${builtins.toString v}"'';
exportAll = vars: lib.concatStringsSep "\n" (lib.mapAttrsToList export vars);
exportCredentials = n: _: ''export ${n}="$(${pkgs.systemd}/bin/systemd-creds cat ${n}_FILE)"'';
exportAllCredentials = vars: lib.concatStringsSep "\n" (lib.mapAttrsToList exportCredentials vars);
transformCredential = n: v: "${n}_FILE:${v}";
getLoadCredentialList = lib.mapAttrsToList transformCredential cfg.credentials;
environmentVariablesFile = pkgs.writeTextFile {
name = "librechat-env-variables.sh";
text = # sh
@ -24,6 +28,7 @@ let
export CONFIG_PATH=${configFile}
${exportAll cfg.env}
${exportAllCredentials cfg.credentials}
'';
};
allowedPorts =
@ -54,7 +59,7 @@ in
example = {
CREDS_KEY = /run/secrets/creds_key;
};
description = "Environment variables that will be loaded in from files at runtime. See https://www.librechat.ai/docs/configuration/dotenv for a full list.";
description = "Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets. See https://www.librechat.ai/docs/configuration/dotenv for a full list.";
};
env = lib.mkOption {
type =
@ -107,7 +112,7 @@ in
};
}
'';
description = "A free-form attribute set that will be written to librechat.yaml.";
description = "A free-form attribute set that will be written to librechat.yaml. You can use environment variables by wrapping them in \${}. Take care to escape the \$ character.";
};
};
@ -118,20 +123,21 @@ in
after = [ "network.target" ];
description = "Open-source app for all your AI conversations, fully customizable and compatible with any AI provider";
serviceConfig = {
Type = "simple"; # FIXME
Type = "simple";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true"; # run mkdir as root
ExecStartPre = [
"${pkgs.coreutils}/bin/mkdir -p ${cfg.path}"
"${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.path}"
"${pkgs.coreutils}/bin/chmod 775 ${cfg.path}"
];
LoadCredential = [ ];
LoadCredential = getLoadCredentialList;
};
script = # sh
''
source ${environmentVariablesFile}
cd ${cfg.path}
source ${environmentVariablesFile}
${pkgs.librechat}/bin/librechat-server
'';
};

17
systems/x86_64-linux/apollo/default.nix
View file

@ -29,7 +29,14 @@
enable = true;
openFirewall = true;
env = {
TEST_ENV_VAR = "hello";
HOST = "0.0.0.0";
MONGO_URI = "mongodb://apollo:27017";
};
credentials = {
CREDS_KEY = config.sops.secrets."librechat/creds_key".path;
CREDS_IV = config.sops.secrets."librechat/creds_iv".path;
JWT_SECRET = config.sops.secrets."librechat/jwt_secret".path;
JWT_REFRESH_SECRET = config.sops.secrets."librechat/jwt_refresh_secret".path;
};
settings = {
version = "1.0.8";
@ -61,13 +68,5 @@
};
};
environment.persistence."/persist".directories = [
{
directory = config.server.librechat.path;
user = config.server.librechat.user;
group = config.server.librechat.group;
}
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}