AZ-Intec-GmbH/AZ-NIX
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+librechat-dev +litellm

Browse Source
This commit is contained in:
sascha.koenig
2025-09-23 07:34:35 +02:00
parent 91d0d26c22
commit 40a194028f
26 changed files with 2006 additions and 1278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/AZ-CLD-1/configuration.nix
View File

@@ -98,7 +98,7 @@
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 587 ];
networking.firewall.allowedTCPPorts = [587];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

6
hosts/AZ-CLD-1/secrets.nix
View File

@@ -10,6 +10,12 @@
librechat-env = {
file = ../../secrets/librechat-env.age;
};
librechat-env-dev = {
file = ../../secrets/librechat-env-dev.age;
};
litellm-env = {
file = ../../secrets/litellm-env.age;
};
n8n-env = {
file = ../../secrets/n8n-env.age;
};

2
hosts/AZ-CLD-1/services/containers/default.nix
View File

@@ -2,6 +2,8 @@
imports = [
./baserow.nix
./librechat.nix
./litellm.nix
./librechat-dev.nix
./portainer.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''

119
hosts/AZ-CLD-1/services/containers/librechat-dev.nix Normal file
View File

@@ -0,0 +1,119 @@
{
config,
pkgs,
...
}: let
envFileDev = config.age.secrets.librechat-env-dev.path;
in {
virtualisation.oci-containers = {
containers.meilisearch-dev = {
image = "getmeili/meilisearch:v1.12.3";
autoStart = false;
volumes = ["librechat_dev_meili:/meili_data"];
environment = {
MEILI_HTTP_ADDR = "0.0.0.0:7700";
MEILI_NO_ANALYTICS = "true";
};
environmentFiles = [envFileDev];
extraOptions = ["--ip=10.89.1.20" "--network=web-dev"];
};
containers.rag_api-dev = {
image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest";
autoStart = false;
environment = {
RAG_PORT = "8000";
DB_HOST = "10.89.1.1";
DB_PORT = "5432";
};
environmentFiles = [envFileDev];
dependsOn = ["meilisearch-dev"];
extraOptions = ["--add-host=postgres:10.89.1.1" "--ip=10.89.1.21" "--network=web-dev"];
ports = ["127.0.0.1:8100:8000"];
};
containers.mongodb-dev = {
image = "mongo:7";
autoStart = false;
volumes = [
"librechat_dev_mongo:/data/db"
"/var/backup/mongodb-dev:/data/backups"
];
extraOptions = ["--ip=10.89.1.22" "--network=web-dev"];
};
containers.librechat-dev = {
image = "ghcr.io/danny-avila/librechat-dev-api:latest";
autoStart = false;
ports = ["127.0.0.1:3141:3080"];
dependsOn = ["mongodb-dev" "rag_api-dev" "meilisearch-dev"];
environment = {
HOST = "0.0.0.0";
NODE_ENV = "development";
MONGO_URI = "mongodb://mongodb-dev:27017/LibreChatDev";
MEILI_HOST = "http://meilisearch-dev:7700";
RAG_PORT = "8000";
RAG_API_URL = "http://rag_api-dev:8000";
};
environmentFiles = [envFileDev];
volumes = [
"/var/lib/librechat-dev/librechat.yaml:/app/librechat.yaml:ro"
"librechat_dev_images:/app/client/public/images"
"librechat_dev_uploads:/app/uploads"
"librechat_dev_logs:/app/api/logs"
];
extraOptions = ["--ip=10.89.1.23" "--network=web-dev"];
};
};
services.traefik.dynamicConfigOptions.http = {
services.librechat-dev.loadBalancer.servers = [{url = "http://localhost:3141/";}];
routers.librechat-dev = {
rule = "Host(`chat-dev.az-gruppe.com`)";
tls.certResolver = "ionos";
service = "librechat-dev";
entrypoints = "websecure";
};
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "librechat-dev" ''
#!/usr/bin/env bash
set -e
SERVICES=(
podman-meilisearch-dev
podman-mongodb-dev
podman-rag_api-dev
podman-librechat-dev
)
case "$1" in
up)
echo "🚀 Starte LibreChat-Dev-Umgebung..."
for svc in "''${SERVICES[@]}"; do
sudo systemctl start "$svc"
done
;;
down)
echo "🛑 Stoppe LibreChat-Dev-Umgebung..."
for svc in "''${SERVICES[@]}"; do
sudo systemctl stop "$svc"
done
;;
restart)
echo "🔄 Neustart der LibreChat-Dev-Umgebung..."
for svc in "''${SERVICES[@]}"; do
sudo systemctl restart "$svc"
done
;;
status)
systemctl status "''${SERVICES[@]}"
;;
*)
echo "Usage: librechat-dev {up|down|restart|status}"
exit 1
;;
esac
'')
];
}

6
hosts/AZ-CLD-1/services/containers/librechat.nix
View File

@@ -23,12 +23,8 @@ in {
autoStart = true;
environment = {
RAG_PORT = "8000";
# pgvector connection to host Postgres
DB_HOST = "10.89.0.1"; # your host on the 'web' network
DB_HOST = "10.89.0.1";
DB_PORT = "5432";
# embeddings: pick one (OpenAI default, or HF/Ollama per docs)
# EMBEDDINGS_PROVIDER = "openai";
# RAG_OPENAI_API_KEY is read by RAG API (can also use OPENAI_API_KEY).
};
environmentFiles = [envFile];
dependsOn = ["meilisearch"];

29
hosts/AZ-CLD-1/services/containers/litellm.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
pkgs,
...
}: {
virtualisation.oci-containers.containers.litellm = {
image = "ghcr.io/berriai/litellm:main-stable";
ports = ["127.0.0.1:4000:4000"];
environmentFiles = [config.age.secrets.litellm-env.path];
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
STORE_MODEL_IN_DB = "True";
};
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.30" "--network=web"];
};
# Traefik configuration
services.traefik.dynamicConfigOptions.http = {
services.litellm.loadBalancer.servers = [{url = "http://127.0.0.1:4000/";}];
routers.litellm = {
rule = "Host(`llm.az-gruppe.com`)";
tls.certResolver = "ionos";
service = "litellm";
entrypoints = "websecure";
};
};
}

49
hosts/AZ-CLD-1/services/postgres.nix
View File

@@ -26,6 +26,10 @@
CREATE DATABASE librechat_rag;
ALTER DATABASE librechat_rag OWNER to librechat_rag;
CREATE USER librechat_rag_dev WITH ENCRYPTED PASSWORD 'librechat_rag_dev';
CREATE DATABASE librechat_rag_dev;
ALTER DATABASE librechat_rag_dev OWNER to librechat_rag_dev;
CREATE USER n8n WITH ENCRYPTED PASSWORD 'n8n';
CREATE DATABASE n8n;
ALTER DATABASE n8n OWNER to n8n;
@@ -40,37 +44,39 @@
'';
authentication = pkgs.lib.mkOverride 10 ''
# Local connections (Unix socket)
local all postgres peer
local n8n n8n scram-sha-256
local outline outline scram-sha-256
local vaultwarden vaultwarden scram-sha-256
local zammad zammad scram-sha-256
local all postgres peer
local n8n n8n scram-sha-256
local outline outline scram-sha-256
local vaultwarden vaultwarden scram-sha-256
local zammad zammad scram-sha-256
# Localhost connections (IPv4 and IPv6)
host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256
host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256
host outline outline 127.0.0.1/32 scram-sha-256
host outline outline ::1/128 scram-sha-256
host outline outline 127.0.0.1/32 scram-sha-256
host outline outline ::1/128 scram-sha-256
host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256
host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256
host vaultwarden vaultwarden 127.0.0.1/32 scram-sha-256
host vaultwarden vaultwarden ::1/128 scram-sha-256
host vaultwarden vaultwarden 127.0.0.1/32 scram-sha-256
host vaultwarden vaultwarden ::1/128 scram-sha-256
host zammad zammad 127.0.0.1/32 scram-sha-256
host zammad zammad ::1/128 scram-sha-256
host zammad zammad 127.0.0.1/32 scram-sha-256
host zammad zammad ::1/128 scram-sha-256
# Podman network connections for Baserow
host baserow baserow 10.89.0.0/24 scram-sha-256
host kestra kestra 10.89.0.0/24 scram-sha-256
host librechat_rag librechat_rag 10.89.0.0/24 scram-sha-256
host baserow baserow 10.89.0.0/24 scram-sha-256
host kestra kestra 10.89.0.0/24 scram-sha-256
host librechat_rag librechat_rag 10.89.0.0/24 scram-sha-256
host librechat_rag_dev librechat_rag_dev 10.89.1.0/24 scram-sha-256
host litellm litellm 10.89.0.0/24 scram-sha-256
# Deny all other connections
local all all reject
host all all 0.0.0.0/0 reject
host all all ::/0 reject
local all all reject
host all all 0.0.0.0/0 reject
host all all ::/0 reject
'';
};
services.postgresqlBackup = {
@@ -98,6 +104,7 @@
extraCommands = ''
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.1.0/24 --dport 5432 -j ACCEPT
'';
};
}