From 7e812001f084783323aad1998b5c42ad12f1e8be Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Fri, 9 Feb 2024 19:56:50 -0700
Subject: [PATCH] Add librechat

---
 common/server/default.nix      |   1 +
 common/server/librechat.nix    |  62 +++++++++++++++++++++++++++++++++
 machines/ponyo/default.nix     |   4 +++
 machines/ponyo/properties.nix  |   1 +
 secrets/librechat-env-file.age | Bin 0 -> 4034 bytes
 secrets/secrets.nix            |   3 ++
 6 files changed, 71 insertions(+)
 create mode 100644 common/server/librechat.nix
 create mode 100644 secrets/librechat-env-file.age

diff --git a/common/server/default.nix b/common/server/default.nix
index 9c84c5b..9b3bd04 100644
--- a/common/server/default.nix
+++ b/common/server/default.nix
@@ -20,5 +20,6 @@
     ./searx.nix
     ./gitea-actions-runner.nix
     ./dashy.nix
+    ./librechat.nix
   ];
 }
diff --git a/common/server/librechat.nix b/common/server/librechat.nix
new file mode 100644
index 0000000..226c38a
--- /dev/null
+++ b/common/server/librechat.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.librechat;
+in
+{
+  options.services.librechat = {
+    enable = mkEnableOption "librechat";
+    port = mkOption {
+      type = types.int;
+      default = 3080;
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      example = "example.com";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers = {
+      librechat = {
+        image = "ghcr.io/danny-avila/librechat:v0.6.6";
+        environment = {
+          HOST = "0.0.0.0";
+          MONGO_URI = "mongodb://host.containers.internal:27017/LibreChat";
+          ENDPOINTS = "openAI,google,bingAI,gptPlugins";
+        };
+        environmentFiles = [
+          "/run/agenix/librechat-env-file"
+        ];
+        ports = [
+          "${toString cfg.port}:3080"
+        ];
+      };
+    };
+    age.secrets.librechat-env-file.file = ../../secrets/librechat-env-file.age;
+
+    services.mongodb.enable = true;
+    services.mongodb.bind_ip = "0.0.0.0";
+
+    # easier podman maintenance
+    virtualisation.oci-containers.backend = "podman";
+    virtualisation.podman.dockerSocket.enable = true;
+    virtualisation.podman.dockerCompat = true;
+
+    # For mongodb access
+    networking.firewall.trustedInterfaces = [
+      "podman0" # for librechat
+    ];
+
+    services.nginx.virtualHosts.${cfg.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString cfg.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
diff --git a/machines/ponyo/default.nix b/machines/ponyo/default.nix
index 4478083..9b340a6 100644
--- a/machines/ponyo/default.nix
+++ b/machines/ponyo/default.nix
@@ -151,4 +151,8 @@
   # owncast live streaming
   services.owncast.enable = true;
   services.owncast.hostname = "live.neet.dev";
+
+  # librechat
+  services.librechat.enable = true;
+  services.librechat.host = "chat.neet.dev";
 }
diff --git a/machines/ponyo/properties.nix b/machines/ponyo/properties.nix
index 23d47cb..1695957 100644
--- a/machines/ponyo/properties.nix
+++ b/machines/ponyo/properties.nix
@@ -15,6 +15,7 @@
     "nextcloud"
     "dailybot"
     "gitea"
+    "librechat"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
diff --git a/secrets/librechat-env-file.age b/secrets/librechat-env-file.age
new file mode 100644
index 0000000000000000000000000000000000000000..b7877b6bcfbc7d74a2a9184a663acc3f77442879
GIT binary patch
literal 4034
zcmV;z4?XZ<XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LHbGP}FJ~Y_
zXE``(SVl;4T1`SncuzA<Yk5;-HhN5VT16{GSweU+F=$74bW&DmFmnn^Nn?35XGC*3
zWKnuFQ%qA*Z%t@ocQkf+T4zs3cR^!KNlq{~N@qrKQ*R0_J|J^*Xf0)AGBq_ZIUr<B
zQCV+iAaHb6Zb@!yPews(a4&aIVpCR8Yj<)%Sz$?3IeJ7?R$*sJZb4~6MP^7r3M)iL
zVNqx`MlWz;Y*b5VHeynBb~8wKcVRbIO-E`*RZU`VIbuXbVQyGe3N1b$CuS%uK20rW
za%Ew2Wgu2ZetSV$BnnblK{ruJHFr-}a&${>IcZjBLUc<vG&y)hLpV)vNkmjNHAGc+
zXk<!AbXhh{L0Dr`W-?-DFe`94W>!*FO)?5>YBg(ZW<)r0cV$%yEiEk|Oj%=gD|S&y
zIWI<bY<D>{MpS5bF>qOOXmL49H*{roPIGT{H*;rEHg|UldM$0(Vo`cTuA_DC^u5n7
z6Z};VCjdA~SBfc0?{h?m7~ftVkvXwtV6lrXmgq3K5ia<^7fTVhsJ;}-RWmQoyaXGA
z`OpVNt9MMWPlhv{2!#;_QcA>__eqI^rHuTMLJkxgKf}2O_Pi!3B)F}UISm-$2Gtl7
zn0d?`QD}bpEu!|&|0|JjK81#SW*-MXcFtFQ0)HR03>OmOt&sGoA$YlCJsT+)kdpGF
zV&QfPf{9?sc14dI+4fFStt^rPr*Y{Z37lH29Dqn0uZuE?FSu94vZmhoz*bt!bi?5r
zB%4*IXaU{cBy9!T7T!XFYWf930F4JXY%<`1L2o9hpVl7DQ&fpXyo-D0%rPX;ybGoW
zk_^CYe4^kHJcNAwJRt3W+N8hGzi#)KDGY_x=Z5M&&=IV_KQ#%GcRX8Aai%)7i}WFT
z8<G6q9tU!&DF2s0AqbDi1*?G;eMIwkJkQW4jlC_@l*$FE)|onhI%51{!3Y`FfmXzl
zLVjnbYdV=B=qs2!NMY&HP6+plaokO`kYhXA%Eq9*LJpge*+{r^x>BUeNXmXg_FYQ6
zvr5j{md`*wX98%cx#Q?W*mQC0)GC71HGvJ>sWWo--`$8;o}z`bs6|>mD8DH~wZd8;
z>C3@?UXF<GQxx$(pib-p@~ch9?7A`kmTx)egnb77o}z_+a~Si04QmRRskyWwZyeaw
zvKpmc=T*x4?&dKOIw;&<@r>wsxl<oOu#VjzDUg^pvC)Yg2QD5Oo?xM)A9U=c&T%hK
zK#1~|^UK+RH70m~{xURf6*dze!LL}-%Wri4S|8MO$e=OiTs1Qu^>{Vtzs<Gs(uQoO
zy@7i@FKu1W3+m91b^+c45R~60^j@LUnhpe`NN1P$(A0NW<i3$uRYrfL%7{FDK7aQc
z|ILJ#9L^@Lquc*`L_=GxMdsk4^;H}bRtc+<;&~pWVCkiY9qw_Av&e!~Z2>5%GNr?B
zUm7HBeTLJPoL*rmXSFH~bxKjK;V1`t=^+oPb)z3;=Pruz4z%)G1aGCc{Reh_$ah!M
zV>H&mL7MUoZ;zqNVaC6uU!j+nl@fo-4y4q8BO}u#<Fc`S`!m6E)usX82-7RGi}=#o
zPdoD5R=NQ4e6M#L_gt!j5dtcTP{=c}MUT#!h`#9i916*~i?14vDYCXpUZUG+(p_ax
zSm)MoxGx=P(lLTc+UyP5Bz%?6=Y4hvpA|_DG0!-q*q=rQ$7V-C)FhxA;jN|{cC^Vc
z(r}NC1}k&~nD4kCr2Q)ZAUN#q!ZN}secmSxm+Mb@tb*M92FeSxdw-Umv(myoqv|ni
z&aC4W6SjZM8p)-j1YeO4V;XpOYaM0V!3s%GvD&8rs-@i~%4@+zGxa6WgfPF`I^#%I
z<EXOiBOTS9k^{u_2UPsjZ}xTl$<AB$c5Ned!}VP{9b$jbY?_@pE5dU9HOA+?NRf(o
ziZr80hR=GyKahip;&?w?>!(|FicNtfivpG?*ZJoI5zI!?N{1|_bD}8#w=i9&zqz@1
zYMf0l=|oWGHx^|_lM^CUU2mRZYIT1X1l2bXKek?j6*J-7LMvt)HhszB3}GsQ21dpw
zbY}UsX=zGfNttxG{fwQYefR@UuByUpxdmd2v+T@pjk>@vG))vRjNjhbiCc@GLN(@a
z38Q&D1h;ynunM93^qro}eObGE%rrB*nb8%Oo0h*DcQL0T<AeS!OqH`;k9)I#vbG|i
zSkXPnvPG{1f@XKi%dzZ`M=tAt_N?+Ud@Ca!OY?n;xRKTa)3W6o(Xt$>?p+PGe)@&n
z=lItBo2yVFWXdQVe>c^4^p-`0rC2`ZoeZ+5S*6|TW+h{beqs6v=ixZ|9b<y^XZWOr
zjnnBWk=!>co#D`gSJ;{snET^hx7^#rw0u^SL@BA=A0M0jgSb8r)ITmBF7SH^+DG~O
zcOIzADYUk8pWX(?(APaq$gs=J)sCBlBFh7dCo}oM@wNo7xxB3VLh>}&MYMnu*-oqM
z`HULfhV_f;ps%+{X_-juLi_$oYOZ2@(g%Q8Gglj?DO(w5j<hq~mj}In@Y$aY+t9e@
zN?`$j{}?5In1NPR{mbGG{T1Ht`kjxVq$`>;G5%?G9;r91S!w`PHqsi~icUjH$-K{i
zJ^j51e|r*!i3$G18uG(;{-bn?7{Tg>I-wJh07(pSSU%@xs6V!_E}@H?eA|dO9V$gz
zmDjJOt^cjr!trWW;1IM!cguG&pt~U&Y&O<o_bJpT43X$1m{ya&xQhl*34sh80IT)Q
zvKK)aL4#4XP?3}gJ}t!2F5$QR1ij8OQOYiz&vqfE8f8AXieqbBC~3$p?yZ9awV!A>
zeIpq+Y#jkJ8w#pH%OYdhn{+3&vc<;Hr@eV%ckL9ZC$A?^-&85fW1*MThiZz{lKLEc
zbZg+i?s`fTv#VqM4dKf1_lFdvcH82FFN)#KX<>f5!a2*!ta4P@Q;bVL{K~ko)p{Lq
zo@FRUdD{@WAq2c2!t#X`#q=nN2#ay{r}W?S)LK4!;#YNIVB?eBaSCeZv_cz$7ECoO
z>lhR(6fg6~Qg4SK++eE0M?Q2nvcq0ijXs4^tPTvAM~*fTB)NmQFGKpDmcb!eg;3>t
zK>fjpY5{zQLhXVSDA$15qLFwkczTjmO?8xNG5qyt#|}oHD{z(YVH>$DLzJ;%TI-q0
zLA2XO5<%M!#gv=CulW^y*Vd@Eq>M(f>}smw6j*HVR|IDr8T$)_5<ypDlx>fJA~WO9
z`olzoq}}Ti4p9ST^fh)tLL{O><CL)iwv#p@dtep_0e<RUoqwG(@k1ZyHIG=rRyn&z
z^``3vKMjafiH+_O1FF2j;tdR3QTt^4gaygeGM0S%+wr>LHE~4?{pc)A?~yRHl_KTZ
z7LsWw0o1eH1Kndo@KDl+^Ul*I$GXvmdJd=B)R$rdY)es@H|*dgHG#kSV;$b*2|j;c
zEKluaq}iMc%`7O)%9G2_QPXCri+?9iTJ}L3{sUX=ty+CG-0n-{bmEn~R!3K(-#wf0
z$C$9CZi74YG+!{?`=C4a{Az=3>`B35o|rta2-`^(0lmrOxql=eS%_nO54wFuESL{C
zhf5d5YU|nBympn*ptM=Ih7>vHt6q5Sd`!N}<cPNXxptIw!=8zV__GNsBqln}*QNMd
zWc3^Y3#UxJr#U13roF^}k{-LEk(mEe2&D4&oo(>F@8v)!pQ{dY=RM({%rFysEoQVB
zQdIps<oL9de#?~?@wfYB?LF`|NIOPQvIte$`$%OFtQKlYsEp!#%y~UnH)azLc@Xj0
zTgnNpyLn0)hoZHA=y!LscL~e!_pMJ3C1fdWB6=L<m(PPrD_+159G)N;ziD;}+8_(q
z2?gQvX?mf!V|DsIi)6m04;m8nuQiwT-Yi~noHhem=NsKC7ALdQ&%M5RI~TdoWFV>5
znY_>>YQm<Q88g!LVbmR(XDZPa7=pdgM=s=bVfLa+&Rt}}vQd2ODh<n_Fw}7y#?<8g
zYt$zF@B(D4Es42Gde3->5y^6)i%~*OrGM@NSSIc2B%>007tvNBv7~5E(-Fn(fY!T|
z1Fg3X*4XQ}o`zMxv`q--3Je>+mJZ80-z1CaxYob`k;17hJb;v8h1Zg1?8=i)%1AUo
zqrI1vCziWTW;wGzW-;Y^8?}Wd;m0g>pv+MXUgh0plaSL*>Nw0Ml<^V#r?$_+U(;Uy
zA@0Qi&1pPG4FWK4p%UO2PVT2N1zU}HO_cC&Q=B%MW~QeDzm_R7_4e~wtxPDeji8&W
zZb8h{zxySh=^H5axFcaLP+A#Kz<L^Is)#tV78srqXFrOkC1L@ZG-eUBurOdRP>7x|
zeTrmH$R$$(G@D|~*X%3(KatvO{nT$+Q`R({yT)4=OTYU(7Yq?ex7*$jZJ+V?N$Mf;
z4bPAGX~!=m4tB*%)&S-5K4z<DTd%crgsDjtHD@31cI}I{4L4V!7I=8_7)j#`>(jY8
zMAR|pneJBcIwhO$qC~U*g!w)*a3$k8^#fx^QZmwtN~_Y$VhVrGt?M5v6M;^>9o*&{
zi;aQo0BuH2iku@)T>uVc7$XVn3CBb-`(}SlfG~6jzedd946gJItyK`_6MqFI{}3+b
zqsYES7t)9bo|_O#Bu%H)ST~T9X@;?kO=*=px~&%6P`6>(+(t?IY2A~<PwpqouC-u_
zM~KnWSt|R_*;T5lC71`FXaS{vIhn@n7zRrGGCE)-dek=AVZj<~H_+|3ta^88!cG`&
zO|qhy3+Pw&i-mHb<8C*wzvi-B!|F=#!_(#Lxf?&83!P_S_5KgKp3=fIGz6%Rf}?K(
zftO`$u?er3&S;@}slFTxo3G%X%AQGsi#3}$Tx546>R9rOr%wb!AZ>ChmKDtdYifXX
z8RY~g>?!-sB*}QBTQa2ALYexHKRz*~iB~Ds$%`-=jd&ar67gKBHWadad=_lCYZcX*
zh%+}iw00nb`*(-8LeyG95|FVD&!(KUjxTnE6+50Ps7AO>AYfuZg&k?Ow#`=A*M>&4
zBW@)Pb#gddV~&xIi1+Kjg2JO^Poo9HDbhf*Qb<MK^Q$p=lPI*p1)8A3iBR}Ma>~;3
zCPLSKWl91u-9$>&*U5t(Cn`$^`h%z{I)-4<0KtL?an<blUFZ4}bh)(HB+WbGv~NF;
zubuTo?z0k-jBm=%!@`aI|LLOqcE&I1j5d4j7C_0wlR^EwV?Jewlg|W%3z~s#CK3ip
ow0D^;W?5ayEgSVXva08b?r@-ZD*I-VHi_)9zJn)g9yx{Sa2V8@8~^|S

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 700652c..2b67466 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -49,4 +49,7 @@ with roles;
 
   # gitea actions runner
   "gitea-actions-runner-token.age".publicKeys = gitea-actions-runner;
+
+  # Librechat
+  "librechat-env-file.age".publicKeys = librechat;
 }