53 lines
1.2 KiB
Nix
53 lines
1.2 KiB
Nix
{
|
|
inputs,
|
|
constants,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (constants.hosts.rx4) ip;
|
|
inherit (constants.services.librechat-oci) fqdn port;
|
|
in
|
|
{
|
|
imports = [
|
|
inputs.synix.nixosModules.librechat-oci
|
|
];
|
|
|
|
services.librechat-oci = {
|
|
enable = true;
|
|
inherit port;
|
|
externalUrl = "https://${fqdn}";
|
|
environmentFile = config.sops.templates.librechat-env-file.path;
|
|
};
|
|
|
|
services.nginx.virtualHosts."${fqdn}" = {
|
|
useACMEHost = fqdn;
|
|
forceSSL = true;
|
|
listen = [
|
|
{
|
|
addr = "${ip}:443";
|
|
ssl = true;
|
|
}
|
|
];
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
security.acme.certs."${fqdn}" = {
|
|
domain = fqdn;
|
|
postRun = "systemctl restart podman-librechat.service";
|
|
group = "nginx";
|
|
};
|
|
|
|
sops = {
|
|
secrets."librechat/jwt-token" = { }; # openssl rand -hex 32
|
|
secrets."librechat/jwt-refresh-token" = { }; # openssl rand -hex 32
|
|
templates.librechat-env-file.content = ''
|
|
JET_TOKEN=${config.sops.placeholder."librechat/jwt-token"}
|
|
JET_REFRESH_TOKEN=${config.sops.placeholder."librechat/jwt-refresh-token"}
|
|
'';
|
|
};
|
|
}
|