galadriel stash
This commit is contained in:
@@ -38,16 +38,18 @@
|
||||
../../modules/miniflux.nix
|
||||
../../modules/ollama.nix
|
||||
../../modules/openwebui.nix
|
||||
../../modules/librechat.nix
|
||||
../../modules/immich.nix
|
||||
|
||||
];
|
||||
|
||||
networking.hostId = "1ccccd3a";
|
||||
|
||||
#Load zfs pool
|
||||
## Load zfs pool
|
||||
boot.zfs.extraPools = [
|
||||
"lorien"
|
||||
];
|
||||
boot.zfs.requestEncryptionCredentials = true;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
@@ -22,6 +22,8 @@
|
||||
"usbhid"
|
||||
"sd_mod"
|
||||
];
|
||||
boot.kernelPackages = pkgs.linuxPackages_6_18;
|
||||
boot.zfs.package = pkgs.zfs_2_4;
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"keep": {
|
||||
"days": true,
|
||||
"amount": 14
|
||||
},
|
||||
"auditLog": "/root/nix-dotfiles-v2/logs/.3b25ae2de0fbeb00e6dda3e0073fa9cb0e57638a-audit.json",
|
||||
"files": [
|
||||
{
|
||||
"date": 1770986611784,
|
||||
"name": "/root/nix-dotfiles-v2/logs/meiliSync-2026-02-13.log",
|
||||
"hash": "7de8e8f093ec0024291182935955d48e6faa12c30d1281c4c40975ae0cedab3b"
|
||||
}
|
||||
],
|
||||
"hashType": "sha256"
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"keep": {
|
||||
"days": true,
|
||||
"amount": 14
|
||||
},
|
||||
"auditLog": "/root/nix-dotfiles-v2/logs/.b5209f00e6380d23f0ed6df28f46a1a7ee75e7db-audit.json",
|
||||
"files": [
|
||||
{
|
||||
"date": 1770986611781,
|
||||
"name": "/root/nix-dotfiles-v2/logs/error-2026-02-13.log",
|
||||
"hash": "2533ea2611b1422793883fd7f9d44dd1322e7376a04debcfbed53c3a3196b26e"
|
||||
}
|
||||
],
|
||||
"hashType": "sha256"
|
||||
}
|
||||
@@ -12,7 +12,7 @@
|
||||
htop
|
||||
bottom
|
||||
nvtopPackages.full
|
||||
busybox
|
||||
uutils-coreutils
|
||||
nixfmt-rfc-style
|
||||
nixfmt-tree
|
||||
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
librechatPort = 3080;
|
||||
mongoUri = "mongodb://127.0.0.1:27017/LibreChat";
|
||||
in
|
||||
{
|
||||
|
||||
|
||||
sops.secrets."librechat/environmentFile" = {};
|
||||
|
||||
|
||||
# Enable MongoDB
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
package = pkgs.mongodb-ce;
|
||||
# Optional: enableAuth = true;
|
||||
# initialRootPasswordFile = "/path/to/mongo-root-password-file";
|
||||
};
|
||||
|
||||
# LibreChat systemd service
|
||||
systemd.services.librechat = {
|
||||
# Make enable flagged when built
|
||||
enable = true;
|
||||
|
||||
description = "LibreChat server";
|
||||
|
||||
# **Native systemd dependency declarations**
|
||||
requires = [ "mongodb.service" ];
|
||||
after = [ "network.target" "mongodb.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
EnvironmentFile = config.sops.secrets."librechat/environmentFile".path;
|
||||
Restart = "on-failure";
|
||||
User = "librechat";
|
||||
Group = "librechat";
|
||||
|
||||
# ExecStart binds to package binary
|
||||
ExecStart = ''
|
||||
${pkgs.librechat}/bin/librechat-server \
|
||||
--host 0.0.0.0 \
|
||||
--port ${toString librechatPort} \
|
||||
--config /var/lib/librechat/config.yaml
|
||||
'';
|
||||
WorkingDirectory = "/var/lib/librechat";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# Create user
|
||||
users.users.librechat = {
|
||||
isSystemUser = true;
|
||||
description = "LibreChat service user";
|
||||
home = "/var/lib/librechat";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.users.librechat.group = "librechat";
|
||||
users.groups.librechat = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/librechat 0755 librechat librechat -"
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
librechatPort
|
||||
27017
|
||||
];
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
{
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
boot.zfs.forceImportRoot = lib.mkDefault false;
|
||||
#boot.zfs.package = lib.mkDefault pkgs.zfs_unstable;
|
||||
services.zfs.trim.enable = true;
|
||||
services.zfs.autoScrub.enable = true;
|
||||
services.zfs.autoSnapshot.enable = true;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#ENC[AES256_GCM,data:iFOJJlRLRz2m7NyHzPhgUg==,iv:cx8HN12ClwwUZxn2/6mc1Q5Eh2XBIRsrhG/ETRf0cnw=,tag:ITcKcojB8Cpk5cICcxV/Hw==,type:comment]
|
||||
/open# run to encrypt: null
|
||||
#ENC[AES256_GCM,data:kvu25CX2iZURTBGQXYZTkwT00EqhPNF/ORglzJCsDRthR9hwLomlCzsdDCCwBmbEYbUSnyup0/yt6kj5gUA1iTpoGLVJK1EMoAUm7H7Vl4V0XheizUyTUJdfQUzQQXONzB2kTlE2DHuIWKN5Bz8+LKqoDrI=,iv:eBoUwZfMPhBnT2+jWqT/EGh/CVNK5qiYeaspFf1VJxY=,tag:yY+w4rJvDHLo93HgkcKahw==,type:comment]
|
||||
github:
|
||||
api: ENC[AES256_GCM,data:PcalL0rNd0nfNPMlWP05FWh3ff6rp5eQUmu3NzKmuSPcS5w6zSKCLsoCegltENjTWomGAJDoJF8rYfE3tTo4xQBAzFsK7v3GFXfefB+Ec7/FrUT6jjcHK4+c0e1u3cAgUkFpKq+IzS0yDBgMtXuC5oRzw0u0cEjXT4akiyO9Hg==,iv:GVPXrS9gwpw5JgsO6+YAMT96CsX7dz0NAcaq/IxXzec=,tag:Vxb4LOf0mm52W7Ege7mi6A==,type:str]
|
||||
@@ -20,6 +20,8 @@ ai:
|
||||
groq: ENC[AES256_GCM,data:63HBVYQEXCqG/xN7zluZl3yledOlqxou09Lvgh585LnZAvIFUN+eSDn44mT5mgpqMsRL8Wbqjq8=,iv:taiWwphOVhbLuO5ygf5iDIvhEoAxncTEQ8CFNKOObP4=,tag:1j7wCg9tFuP36mBr5yN0dA==,type:str]
|
||||
mistral: ENC[AES256_GCM,data:z7qUyaJBaLF+fe3DFMRjkUEXiXGZwtFeC189fuEGjEo=,iv:r9QSqstFiR9QrLehHrQu09iaF0PYroz/p1ENChch/I0=,tag:XN7jcXv6TftbXaFBsZYVmw==,type:str]
|
||||
zai: ENC[AES256_GCM,data:rVzqXuEFvdAR+GgETgRFvbDzVjvQ3hVD0s8jDxMCjZ2ri+Tob8Fsp55qA4ZKe85Uhw==,iv:YpaTe+3ZGONoAHCkQCVcvassQqr2ReSyBgiEcwxJOlA=,tag:HFE4af3gVrp6FJnBiwGClg==,type:str]
|
||||
librechat:
|
||||
environmentFile: ENC[AES256_GCM,data:oAEWPYxLdphwMvmRWpEgJnumpYxrlCbb2FQ2ugbVKqoA2TP3srof0eTwAFO/6jl7vzgfsP956BZ7lm6kwg4spEQ6EgfXWc7oa/zQrJKDofUpPLwyxLJhzyfDM3NbDcVKAQS7HdMinG3A5lSkVVHCfIuoaqml1W9DIExzjj+3cNKee8SfgQSpy3TOs2ngxkAVfycViw2cQv3MYeQ6CoaR4BQgraenm/sU9Vzjh+KWYdhD91Qx8UQRWKjhiZAQ+aspofTmFoUfct4Ds/Q+Z3KwWicSCZyvjm5GkP9oEmiK6ODEj2gLw/1bV/Pv/qH9D0ApN2m+mVMB3W7bnAE+4rb8oMb5SW6tgs2ttbefKE3jYl0jqNbu17xALBX3lqYEr9kAO4uF2+96uO0YFAAGgaWjAzhzgkCm/Gl2KML2OYX4uG/ynN5m8YkFB8qkfXg0Dv0IrvzbiE/YYRBmHzrlu5rD2SVTdc83GkePAn/ZMpB5HU6z6cSkjOn2RyixDTROIZeOMICdMYU/1dBvgUGZgLWD,iv:15NFJizf02389RnIFeezzFL2X9oz/CpmG/vmgDp1h2g=,tag:X+SBK584hJD/v+LeDSJd6A==,type:str]
|
||||
authelia:
|
||||
storageEncryptionKeyFile: ENC[AES256_GCM,data:zP2i8Ni6MqHpAJeVdcxr6V0eCXobcgbTyu6cDxsi4x4eG2HIFv7waxsCsa+erQgOf5g8+T5c7kIOa99Z5+Zq3kLAhGrIMqtZxn44oemw5Wl2U4ION2yZTdo/C8otpZMqu9rC9l+k4K3XiKN1Aqhyglx9TXNG6FgS8ygx5aBIBwUM,iv:spQdJ3otiZynCleiCG+u3mk/K3axKrfNtSOCzCGnnWQ=,tag:bMbjwOMCxi/+t+x0Xy0jnQ==,type:str]
|
||||
jwtSecretFile: ENC[AES256_GCM,data:gVRyazB5RZ0fVrZ5/8eUuvJjdPBxjQg0vOrhXvgnv07sawti5Wj350UPBlBKthlvya8V6gZdBSl+Aj1nllP1Fl1tC8hDYb93ZmJdHo6CTicsu9lkMvWWfLe112Dhuptbg5AQAlWLu5TpjSGMT4UfXpLlKYdrzaDnIcWBAVn8k9lN,iv:hcHrAK/squwRyXQCx8pJXxVpq+KtcRwCqJ1NQpHpnL0=,tag:eQdM0gzYNw3/TfDBJYrkdg==,type:str]
|
||||
@@ -53,7 +55,7 @@ sops:
|
||||
TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
|
||||
uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-03T11:56:50Z"
|
||||
mac: ENC[AES256_GCM,data:cQuN3XRdN34ZH0VJ6j5JtqgQGJq9r7WqcemaHCLx3tCFnaXU0tOjjDB5ICfJPS+K6E1+noydmEeJqeTrVInsxeK/8QQDibKTragiY9Awk6rz3lY/xmaBQJ0sz2O8YO9M7/eqekJ3Vc58eol/mknDXYfSSbfQBnMV3aLBSqXnL7g=,iv:gfrgZi0CU+M6xLHEAFPYE8yc4nyd33Yjo+xUDCYkhnQ=,tag:xu5jjIuVtYnMiR5ivEPigQ==,type:str]
|
||||
lastmodified: "2026-02-13T12:56:54Z"
|
||||
mac: ENC[AES256_GCM,data:9lOwVBwSeWr6q8SLcDUrQi42XaTEKe40a9MfCZZl3q8Dy+P6bbKAHsRv4GxYmodJvYvQxHGbojTejN3jmUTOF+N614ydJzPP4oeBC5Gto5NZ1SPJQV25X/dEk1wXC3LlC5ZsmRhUuZL9uoRuOiKV9+C7nRgVObUd2rKR/4QzHvg=,iv:iCmlAu6a9XQOlQ2/SPGA0Lo8HFwxweT6g5/qOiqUVIQ=,tag:mfEto5hA5ysPhN2rEBwQsg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user