70 lines
1.8 KiB
Nix
70 lines
1.8 KiB
Nix
{
|
|
inputs,
|
|
constants,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (constants.hosts.rx4) ip;
|
|
inherit (constants.services.librechat-oci) fqdn port;
|
|
in
|
|
{
|
|
imports = [
|
|
inputs.synix.nixosModules.librechat-oci
|
|
];
|
|
|
|
services.librechat-oci = {
|
|
enable = true;
|
|
inherit port;
|
|
configFile = ./librechat.yaml;
|
|
externalUrl = "https://${fqdn}";
|
|
environmentFile = config.sops.templates.librechat-env-file.path;
|
|
|
|
environment = {
|
|
# ALLOW_REGISTRATION = "true";
|
|
SEARXNG_INSTANCE_URL = "https://searxng.website/";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${fqdn}" = {
|
|
useACMEHost = fqdn;
|
|
forceSSL = true;
|
|
listen = [
|
|
{
|
|
addr = "${ip}:443";
|
|
ssl = true;
|
|
}
|
|
];
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
security.acme.certs."${fqdn}" = {
|
|
domain = fqdn;
|
|
postRun = "systemctl restart podman-librechat.service";
|
|
group = "nginx";
|
|
};
|
|
|
|
sops = {
|
|
# generate with:
|
|
# openssl rand -hex 32
|
|
secrets."librechat/jwt-secret" = { };
|
|
secrets."librechat/jwt-refresh-secret" = { };
|
|
secrets."librechat/creds-key" = { };
|
|
secrets."librechat/creds-iv" = { };
|
|
secrets."librechat/meili-master-key" = { };
|
|
secrets."librechat/openrouter-key" = { };
|
|
|
|
templates.librechat-env-file.content = ''
|
|
JWT_SECRET=${config.sops.placeholder."librechat/jwt-secret"}
|
|
JWT_REFRESH_SECRET=${config.sops.placeholder."librechat/jwt-refresh-secret"}
|
|
CREDS_KEY=${config.sops.placeholder."librechat/creds-key"}
|
|
CREDS_IV=${config.sops.placeholder."librechat/creds-iv"}
|
|
MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"}
|
|
OPENROUTER_KEY=${config.sops.placeholder."librechat/openrouter-key"}
|
|
'';
|
|
};
|
|
}
|