From afb49c74073a597f9a98022068292826fed2ccb4 Mon Sep 17 00:00:00 2001 From: sid Date: Tue, 19 May 2026 20:59:18 +0200 Subject: [PATCH 1/3] new librechat api --- flake.lock | 8 +++---- hosts/rx4/secrets/secrets.yaml | 7 ++++-- hosts/rx4/services/librechat-oci.nix | 34 +++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b5376a3..8036d42 100644 --- a/flake.lock +++ b/flake.lock @@ -5199,11 +5199,11 @@ "stylix": "stylix_6" }, "locked": { - "lastModified": 1779211946, - "narHash": "sha256-PZsNGNnwgiFh8sm8POIEeDf/JVB0+lhGEApp/wS4XCk=", + "lastModified": 1779216861, + "narHash": "sha256-fmgvPXXlrVJhIRGNjuYbrr5sHNFxFdlU3kdkmmzPirY=", "ref": "release-25.11", - "rev": "fe6b0d6c47b29b95697c310997f19bf70a29e8a6", - "revCount": 89, + "rev": "a7daa3b9f33cf266218a04c41f4c45af1c7e5207", + "revCount": 92, "type": "git", "url": "https://git.sid.ovh/sid/synix.git" }, diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml index 0589c8a..2c01e49 100644 --- a/hosts/rx4/secrets/secrets.yaml +++ b/hosts/rx4/secrets/secrets.yaml @@ -20,6 +20,9 @@ hetzner-api-key: ENC[AES256_GCM,data:casjNOXzuQDWgnSFftbBMygA8kGpGiZDqup08faWO9k librechat: jwt-token: ENC[AES256_GCM,data:/NZfZsvg4mDCgB3prDbyPEXIOuN/WSWP3dmSYlvTn7TRSO6oKtnSz20zC0FLvwDAn5QvBYvBKF+LnYjXJeUNkw==,iv:vgESrSyy6IoCMNHG0eL05c9k7Z+tdNb88u5sz+4cYCI=,tag:/WPi7v3hrgKPgwdV0ZE2Bg==,type:str] jwt-refresh-token: ENC[AES256_GCM,data:w/gHj+dXgGk4BcT1ueIdVujjgYWzUGgY8TG/ci8WUDkU12aPcqi6Kuqe55Did0s2AH1Am+1cToy/Q8QiOnt7QQ==,iv:5LJ8ht5yZlql+TayLwU3CNhAd9DUjGw8sRamwbwm7JA=,tag:GJ9zaU7p36oZsOnXeifyyw==,type:str] + creds-key: ENC[AES256_GCM,data:EljwEqFByJaOjd8lRFGwo/FyXHUtl5an0xS1EjRe+kmpo5z4P33EUKbMeeIl69rEcziMHZQLiadzSEcS2cb2uA==,iv:sidBN6VTBeFhMUtN67HZuyofiXCeGFG4tuMRckLZv84=,tag:n7vI8LuPgER3J6r6Q6Jkjg==,type:str] + creds-iv: ENC[AES256_GCM,data:oc0sPm5RM/7AbH3vdDLJ2m0q6C7eAAME0GPbiojHZUspP8Cto5QX5WKnUjUVLLcvgK+t6pnu7BEmAuD3PLr11A==,iv:Z6XJmlqv0ULFiwqHyRO5v7lb/iyv4g9aSTV4xw9VTXU=,tag:7kptbQwc6lBZ70aXw7wOVA==,type:str] + meili-master-key: ENC[AES256_GCM,data:eugFl40a6Ks3ba8hcn83WS76AwA0TXkhu3K4gSrbNHtXRliLQCWhGTEvoaQSeb7whmpszh4zh8cKSxByBdhJiQ==,iv:rrWlcVyBlrE5dnBBFWjheIo6SgQTbkzqskGQvQczR+U=,tag:fjKOSVoPxomA3qUw+baV4w==,type:str] sops: age: - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy @@ -40,7 +43,7 @@ sops: NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-19T17:41:34Z" - mac: ENC[AES256_GCM,data:UPpz15iUrysYMovpNFLGyAnw1TZ8mmGUo4HDCPlyGI8ADo0v8RfhGjBL/0H0EIA4UX6D+EfRpp4wNacvTdgapQmKHd4H2Q4uDxRUJAHaAkBQVljiuTAEf+8aF/99/U5nEoYrUba15zV8WOONDD7CnzMm+fOosjJuZwKd+akt0KQ=,iv:+nzB0ffdB4PGsnaQ5x9WzWrhfcVQqv1WENUEJOAYbyE=,tag:VvEgvSyBUZixRK3MgCpFvQ==,type:str] + lastmodified: "2026-05-19T18:58:47Z" + mac: ENC[AES256_GCM,data:UMx1EdkZs4qcnSzGn5V4rbhRTaR8elLbN1nzvnhLOXjjhtLawuVNasJpBQonQi7vDw3X/XlZLgJSCVeCGT0YRjYDpxd00xle72BydH33uUXstJMCg/9atiXCAQhabPdhwhU/srWFh6rxasZFskTI/S+H3/uKIICOapne0TQz7E4=,iv:nxkpQX8ftZEx8gI39wyfJZtvjB4AVQNzmS40fZ/O05g=,tag:ksgNMNv0fzBDp2XhXXjhNQ==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/hosts/rx4/services/librechat-oci.nix b/hosts/rx4/services/librechat-oci.nix index 80db7a1..6213f50 100644 --- a/hosts/rx4/services/librechat-oci.nix +++ b/hosts/rx4/services/librechat-oci.nix @@ -18,7 +18,16 @@ in enable = true; inherit port; externalUrl = "https://${fqdn}"; - environmentFile = config.sops.templates.librechat-env-file.path; + + # environment = { + # ALLOW_REGISTRATION = "true"; + # }; + + environmentFiles = { + librechat = config.sops.templates.librechat-env.path; + meilisearch = config.sops.templates.meili-env.path; + ragApi = null; + }; }; services.nginx.virtualHosts."${fqdn}" = { @@ -43,11 +52,24 @@ in }; sops = { - secrets."librechat/jwt-token" = { }; # openssl rand -hex 32 - secrets."librechat/jwt-refresh-token" = { }; # openssl rand -hex 32 - templates.librechat-env-file.content = '' - JET_TOKEN=${config.sops.placeholder."librechat/jwt-token"} - JET_REFRESH_TOKEN=${config.sops.placeholder."librechat/jwt-refresh-token"} + # generate with: + # openssl rand -hex 32 + secrets."librechat/jwt-secret" = { }; + secrets."librechat/jwt-refresh-secret" = { }; + secrets."librechat/creds-key" = { }; + secrets."librechat/creds-iv" = { }; + secrets."librechat/meili-master-key" = { }; + + templates.librechat-env.content = '' + JWT_SECRET=${config.sops.placeholder."librechat/jwt-secret"} + JWT_REFRESH_SECRET=${config.sops.placeholder."librechat/jwt-refresh-secret"} + CREDS_KEY=${config.sops.placeholder."librechat/creds-key"} + CREDS_IV=${config.sops.placeholder."librechat/creds-iv"} + MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"} + ''; + + templates.meili-env.content = '' + MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"} ''; }; } -- 2.51.2 From e4a429ebe63baf54f689764d001c48eaa0ff4d0f Mon Sep 17 00:00:00 2001 From: sid Date: Tue, 19 May 2026 21:03:12 +0200 Subject: [PATCH 2/3] revert to old api --- hosts/rx4/services/librechat-oci.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/hosts/rx4/services/librechat-oci.nix b/hosts/rx4/services/librechat-oci.nix index 6213f50..e4b915b 100644 --- a/hosts/rx4/services/librechat-oci.nix +++ b/hosts/rx4/services/librechat-oci.nix @@ -18,16 +18,11 @@ in enable = true; inherit port; externalUrl = "https://${fqdn}"; + environmentFile = config.sops.templates.librechat-env-file.path; # environment = { # ALLOW_REGISTRATION = "true"; # }; - - environmentFiles = { - librechat = config.sops.templates.librechat-env.path; - meilisearch = config.sops.templates.meili-env.path; - ragApi = null; - }; }; services.nginx.virtualHosts."${fqdn}" = { @@ -60,16 +55,12 @@ in secrets."librechat/creds-iv" = { }; secrets."librechat/meili-master-key" = { }; - templates.librechat-env.content = '' + templates.librechat-env-file.content = '' JWT_SECRET=${config.sops.placeholder."librechat/jwt-secret"} JWT_REFRESH_SECRET=${config.sops.placeholder."librechat/jwt-refresh-secret"} CREDS_KEY=${config.sops.placeholder."librechat/creds-key"} CREDS_IV=${config.sops.placeholder."librechat/creds-iv"} MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"} ''; - - templates.meili-env.content = '' - MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"} - ''; }; } -- 2.51.2 From 47f63fba59eaf0dbde870acc30261dabc99d87f7 Mon Sep 17 00:00:00 2001 From: sid Date: Tue, 19 May 2026 21:06:31 +0200 Subject: [PATCH 3/3] librechat: fix secrets --- hosts/rx4/secrets/secrets.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml index 2c01e49..e78419f 100644 --- a/hosts/rx4/secrets/secrets.yaml +++ b/hosts/rx4/secrets/secrets.yaml @@ -18,8 +18,8 @@ vaultwarden: smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str] hetzner-api-key: ENC[AES256_GCM,data:casjNOXzuQDWgnSFftbBMygA8kGpGiZDqup08faWO9kfjvgOyWOXeqPd2VA1ND8yfM2LvoLYvPs6gUWtni2ldQ==,iv:p2W24uhJgBvpi3g4+cHw0/XbbTM5oYCPHreMBUR4CNs=,tag:lpwjZGoJe/91+CHX/hAkKA==,type:str] librechat: - jwt-token: ENC[AES256_GCM,data:/NZfZsvg4mDCgB3prDbyPEXIOuN/WSWP3dmSYlvTn7TRSO6oKtnSz20zC0FLvwDAn5QvBYvBKF+LnYjXJeUNkw==,iv:vgESrSyy6IoCMNHG0eL05c9k7Z+tdNb88u5sz+4cYCI=,tag:/WPi7v3hrgKPgwdV0ZE2Bg==,type:str] - jwt-refresh-token: ENC[AES256_GCM,data:w/gHj+dXgGk4BcT1ueIdVujjgYWzUGgY8TG/ci8WUDkU12aPcqi6Kuqe55Did0s2AH1Am+1cToy/Q8QiOnt7QQ==,iv:5LJ8ht5yZlql+TayLwU3CNhAd9DUjGw8sRamwbwm7JA=,tag:GJ9zaU7p36oZsOnXeifyyw==,type:str] + jwt-secret: ENC[AES256_GCM,data:/OJr23Sw975byjyHN6yqWxuk5FeRfLdQYYOPYJeDHTjzq9X78c3VHqdvnN2a9ZUEtzRi1sx6YLIjNkxBkGbvuQ==,iv:2D0iBj2U3iy3JPtKZBWP5nCfmXMA2/pBhBKUD2f5DoM=,tag:0ZYNxBhUdCBOne0otcG2iQ==,type:str] + jwt-refresh-secret: ENC[AES256_GCM,data:qIaunHUMTUFyp88whrxe65eM3Mfi3EX0ieWOUCmYYojSKQQRudh8d4Cb1zMqPbXJLG3zqTVCaZl9xwQn5K4Z/g==,iv:k5+oSCd0TzdOmIUe8BQBesofjvjuRiPXdLT6H9yQf18=,tag:4wcJjX7MvJNx19PCxgqyhw==,type:str] creds-key: ENC[AES256_GCM,data:EljwEqFByJaOjd8lRFGwo/FyXHUtl5an0xS1EjRe+kmpo5z4P33EUKbMeeIl69rEcziMHZQLiadzSEcS2cb2uA==,iv:sidBN6VTBeFhMUtN67HZuyofiXCeGFG4tuMRckLZv84=,tag:n7vI8LuPgER3J6r6Q6Jkjg==,type:str] creds-iv: ENC[AES256_GCM,data:oc0sPm5RM/7AbH3vdDLJ2m0q6C7eAAME0GPbiojHZUspP8Cto5QX5WKnUjUVLLcvgK+t6pnu7BEmAuD3PLr11A==,iv:Z6XJmlqv0ULFiwqHyRO5v7lb/iyv4g9aSTV4xw9VTXU=,tag:7kptbQwc6lBZ70aXw7wOVA==,type:str] meili-master-key: ENC[AES256_GCM,data:eugFl40a6Ks3ba8hcn83WS76AwA0TXkhu3K4gSrbNHtXRliLQCWhGTEvoaQSeb7whmpszh4zh8cKSxByBdhJiQ==,iv:rrWlcVyBlrE5dnBBFWjheIo6SgQTbkzqskGQvQczR+U=,tag:fjKOSVoPxomA3qUw+baV4w==,type:str] @@ -43,7 +43,7 @@ sops: NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-19T18:58:47Z" - mac: ENC[AES256_GCM,data:UMx1EdkZs4qcnSzGn5V4rbhRTaR8elLbN1nzvnhLOXjjhtLawuVNasJpBQonQi7vDw3X/XlZLgJSCVeCGT0YRjYDpxd00xle72BydH33uUXstJMCg/9atiXCAQhabPdhwhU/srWFh6rxasZFskTI/S+H3/uKIICOapne0TQz7E4=,iv:nxkpQX8ftZEx8gI39wyfJZtvjB4AVQNzmS40fZ/O05g=,tag:ksgNMNv0fzBDp2XhXXjhNQ==,type:str] + lastmodified: "2026-05-19T19:05:23Z" + mac: ENC[AES256_GCM,data:X2ELeFFUNEonCDZqJ5a9JCJ8U1EysxcIfbZM751NMK9PvJM8wbRC7MUg5cM/r25Gmua+voch9piTfmL77bJaCq8p6p9EwcBNxc1Weo5sWsHQ5J78MOAoO0wuDSBibOdI7CYEmFC8tRSoEdRQWRBoIOVCyP40fk5fEHhGYOAg9hE=,iv:8PGZRzEq2ezWvdKPi47cECvZD2wJpTDysgLZY3LYOcs=,tag:7TmaiYJ5MEj1+80i2jUgGw==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 -- 2.51.2