diff --git a/common/server/default.nix b/common/server/default.nix
index 9c84c5b..9b3bd04 100644
--- a/common/server/default.nix
+++ b/common/server/default.nix
@@ -20,5 +20,6 @@
     ./searx.nix
     ./gitea-actions-runner.nix
     ./dashy.nix
+    ./librechat.nix
   ];
 }
diff --git a/common/server/librechat.nix b/common/server/librechat.nix
new file mode 100644
index 0000000..226c38a
--- /dev/null
+++ b/common/server/librechat.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.librechat;
+in
+{
+  options.services.librechat = {
+    enable = mkEnableOption "librechat";
+    port = mkOption {
+      type = types.int;
+      default = 3080;
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      example = "example.com";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers = {
+      librechat = {
+        image = "ghcr.io/danny-avila/librechat:v0.6.6";
+        environment = {
+          HOST = "0.0.0.0";
+          MONGO_URI = "mongodb://host.containers.internal:27017/LibreChat";
+          ENDPOINTS = "openAI,google,bingAI,gptPlugins";
+        };
+        environmentFiles = [
+          "/run/agenix/librechat-env-file"
+        ];
+        ports = [
+          "${toString cfg.port}:3080"
+        ];
+      };
+    };
+    age.secrets.librechat-env-file.file = ../../secrets/librechat-env-file.age;
+
+    services.mongodb.enable = true;
+    services.mongodb.bind_ip = "0.0.0.0";
+
+    # easier podman maintenance
+    virtualisation.oci-containers.backend = "podman";
+    virtualisation.podman.dockerSocket.enable = true;
+    virtualisation.podman.dockerCompat = true;
+
+    # For mongodb access
+    networking.firewall.trustedInterfaces = [
+      "podman0" # for librechat
+    ];
+
+    services.nginx.virtualHosts.${cfg.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString cfg.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
diff --git a/machines/ponyo/default.nix b/machines/ponyo/default.nix
index 4478083..9b340a6 100644
--- a/machines/ponyo/default.nix
+++ b/machines/ponyo/default.nix
@@ -151,4 +151,8 @@
   # owncast live streaming
   services.owncast.enable = true;
   services.owncast.hostname = "live.neet.dev";
+
+  # librechat
+  services.librechat.enable = true;
+  services.librechat.host = "chat.neet.dev";
 }
diff --git a/machines/ponyo/properties.nix b/machines/ponyo/properties.nix
index 23d47cb..1695957 100644
--- a/machines/ponyo/properties.nix
+++ b/machines/ponyo/properties.nix
@@ -15,6 +15,7 @@
     "nextcloud"
     "dailybot"
     "gitea"
+    "librechat"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
diff --git a/secrets/librechat-env-file.age b/secrets/librechat-env-file.age
new file mode 100644
index 0000000..b7877b6
Binary files /dev/null and b/secrets/librechat-env-file.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 700652c..2b67466 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -49,4 +49,7 @@ with roles;
 
   # gitea actions runner
   "gitea-actions-runner-token.age".publicKeys = gitea-actions-runner;
+
+  # Librechat
+  "librechat-env-file.age".publicKeys = librechat;
 }