diff --git a/ansible/app-configs/librechat/librechat.env.j2 b/ansible/app-configs/librechat/librechat.env.j2 deleted file mode 100644 index 456f9bbc..00000000 --- a/ansible/app-configs/librechat/librechat.env.j2 +++ /dev/null @@ -1,550 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -#=====================================================================# -# LibreChat Configuration # -#=====================================================================# -# Please refer to the reference documentation for assistance # -# with configuring your LibreChat environment. # -# # -# https://www.librechat.ai/docs/configuration/dotenv # -#=====================================================================# - -#==================================================# -# Server Configuration # -#==================================================# - -HOST=localhost -PORT=3080 - -MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa - -DOMAIN_CLIENT=https://ai.trez.wtf -DOMAIN_SERVER=https://ai.trez.wtf - -NO_INDEX=true -# Use the address that is at most n number of hops away from the Express application. -# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left. -# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy. -# Defaulted to 1. -TRUST_PROXY=1 - -#===============# -# JSON Logging # -#===============# - -# Use when process console logs in cloud deployment like GCP/AWS -CONSOLE_JSON=true - -#===============# -# Debug Logging # -#===============# - -DEBUG_LOGGING=true -DEBUG_CONSOLE=false - -#=============# -# Permissions # -#=============# - -# UID=1000 -# GID=1000 - -#===============# -# Configuration # -#===============# -# Use an absolute path, a relative path, or a URL - -# CONFIG_PATH="/alternative/path/to/librechat.yaml" - -#===================================================# -# Endpoints # -#===================================================# - -# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic - -PROXY= - -#===================================# -# Known Endpoints - librechat.yaml # -#===================================# -# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints - -# ANYSCALE_API_KEY= -# APIPIE_API_KEY= -# COHERE_API_KEY= -DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }} -# DATABRICKS_API_KEY= -# FIREWORKS_API_KEY= -# GROQ_API_KEY= -# HUGGINGFACE_TOKEN= -MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }} -# OPENROUTER_KEY= -# PERPLEXITY_API_KEY= -# SHUTTLEAI_API_KEY= -# TOGETHERAI_API_KEY= -# UNIFY_API_KEY= -# XAI_API_KEY= - -#============# -# Anthropic # -#============# - -ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }} -ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k -# ANTHROPIC_REVERSE_PROXY= - -#============# -# Azure # -#============# - -# Note: these variables are DEPRECATED -# Use the `librechat.yaml` configuration for `azureOpenAI` instead -# You may also continue to use them if you opt out of using the `librechat.yaml` configuration - -# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated -# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated -# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated -# AZURE_API_KEY= # Deprecated -# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated -# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated -# AZURE_OPENAI_API_VERSION= # Deprecated -# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated -# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated -# PLUGINS_USE_AZURE="true" # Deprecated - -#=================# -# AWS Bedrock # -#=================# - -# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided -# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey -# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey -# BEDROCK_AWS_SESSION_TOKEN=someSessionToken - -# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you. -# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0 - -# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns - -# Notes on specific models: -# The following models are not support due to not supporting streaming: -# ai21.j2-mid-v1 - -# The following models are not support due to not supporting conversation history: -# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14 - -#============# -# Google # -#============# - -{# GOOGLE_KEY=user_provided #} - -# GOOGLE_REVERSE_PROXY= -# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead. -# GOOGLE_AUTH_HEADER=true - -# Gemini API (AI Studio) -# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision - -# Vertex AI -# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro - -# GOOGLE_TITLE_MODEL=gemini-pro - -# GOOGLE_LOC=us-central1 - -# Google Safety Settings -# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio) -# -# For Vertex AI: -# To use the BLOCK_NONE setting, you need either: -# (a) Access through an allowlist via your Google account team, or -# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing -# -# For Gemini API (AI Studio): -# BLOCK_NONE is available by default, no special account requirements. -# -# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE -# -# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH -# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH -# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH -# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH -# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH - -#============# -# OpenAI # -#============# - -OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }} -OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k - -DEBUG_OPENAI=false - -# TITLE_CONVO=false -# OPENAI_TITLE_MODEL=gpt-4o-mini - -# OPENAI_SUMMARIZE=true -# OPENAI_SUMMARY_MODEL=gpt-4o-mini - -# OPENAI_FORCE_PROMPT=true - -# OPENAI_REVERSE_PROXY= - -# OPENAI_ORGANIZATION= - -#====================# -# Assistants API # -#====================# - -# ASSISTANTS_API_KEY=user_provided -# ASSISTANTS_BASE_URL= -# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview - -#==========================# -# Azure Assistants API # -#==========================# - -# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration -# The models for Azure Assistants are also determined by your Azure OpenAI configuration. - -# More info, including how to enable use of Assistants with Azure here: -# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure - -#============# -# OpenRouter # -#============# -# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint -# OPENROUTER_API_KEY= - -#============# -# Plugins # -#============# - -# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613 - -# DEBUG_PLUGINS= - -CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }} -CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }} - -# Azure AI Search -#----------------- -# AZURE_AI_SEARCH_SERVICE_ENDPOINT= -# AZURE_AI_SEARCH_INDEX_NAME= -# AZURE_AI_SEARCH_API_KEY= - -# AZURE_AI_SEARCH_API_VERSION= -# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE= -# AZURE_AI_SEARCH_SEARCH_OPTION_TOP= -# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT= - -# DALL·E -#---------------- -# DALLE_API_KEY= -# DALLE3_API_KEY= -# DALLE2_API_KEY= -# DALLE3_SYSTEM_PROMPT= -# DALLE2_SYSTEM_PROMPT= -# DALLE_REVERSE_PROXY= -# DALLE3_BASEURL= -# DALLE2_BASEURL= - -# DALL·E (via Azure OpenAI) -# Note: requires some of the variables above to be set -#---------------- -# DALLE3_AZURE_API_VERSION= -# DALLE2_AZURE_API_VERSION= - - -# Google -#----------------- -GOOGLE_SEARCH_API_KEY= -GOOGLE_CSE_ID= - -# YOUTUBE -#----------------- -YOUTUBE_API_KEY= - -# SerpAPI -#----------------- -SERPAPI_API_KEY= - -# Stable Diffusion -#----------------- -SD_WEBUI_URL=http://stable-diffusion-webui:7860 - -# Tavily -#----------------- -TAVILY_API_KEY= - -# Traversaal -#----------------- -TRAVERSAAL_API_KEY= - -# WolframAlpha -#----------------- -WOLFRAM_APP_ID= - -# Zapier -#----------------- -ZAPIER_NLA_API_KEY= - -#==================================================# -# Search # -#==================================================# - -SEARCH=true -MEILI_NO_ANALYTICS=true -MEILI_HOST=http://meilisearch:7700 -MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }} - -# Optional: Disable indexing, useful in a multi-node setup -# where only one instance should perform an index sync. -# MEILI_NO_SYNC=true - -#==================================================# -# Speech to Text & Text to Speech # -#==================================================# - -STT_API_KEY= -TTS_API_KEY= - -#==================================================# -# RAG # -#==================================================# -# More info: https://www.librechat.ai/docs/configuration/rag_api - -# RAG_OPENAI_BASEURL= -# RAG_OPENAI_API_KEY= -# RAG_USE_FULL_CONTEXT= -# EMBEDDINGS_PROVIDER=openai -# EMBEDDINGS_MODEL=text-embedding-3-small - -#===================================================# -# User System # -#===================================================# - -#========================# -# Moderation # -#========================# - -OPENAI_MODERATION=false -OPENAI_MODERATION_API_KEY= -# OPENAI_MODERATION_REVERSE_PROXY= - -BAN_VIOLATIONS=true -BAN_DURATION=1000 * 60 * 60 * 2 -BAN_INTERVAL=20 - -LOGIN_VIOLATION_SCORE=1 -REGISTRATION_VIOLATION_SCORE=1 -CONCURRENT_VIOLATION_SCORE=1 -MESSAGE_VIOLATION_SCORE=1 -NON_BROWSER_VIOLATION_SCORE=20 - -LOGIN_MAX=7 -LOGIN_WINDOW=5 -REGISTER_MAX=5 -REGISTER_WINDOW=60 - -LIMIT_CONCURRENT_MESSAGES=true -CONCURRENT_MESSAGE_MAX=2 - -LIMIT_MESSAGE_IP=true -MESSAGE_IP_MAX=40 -MESSAGE_IP_WINDOW=1 - -LIMIT_MESSAGE_USER=false -MESSAGE_USER_MAX=40 -MESSAGE_USER_WINDOW=1 - -ILLEGAL_MODEL_REQ_SCORE=5 - -#========================# -# Balance # -#========================# - -CHECK_BALANCE=false -# START_BALANCE=20000 # note: the number of tokens that will be credited after registration. - -#========================# -# Registration and Login # -#========================# - -ALLOW_EMAIL_LOGIN=true -ALLOW_REGISTRATION=true -ALLOW_SOCIAL_LOGIN=false -ALLOW_SOCIAL_REGISTRATION=false -ALLOW_PASSWORD_RESET=false -# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out -ALLOW_UNVERIFIED_EMAIL_LOGIN=true - -SESSION_EXPIRY=1000 * 60 * 15 -REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7 - -JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }} -JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }} - - -# Discord -DISCORD_CLIENT_ID= -DISCORD_CLIENT_SECRET= -DISCORD_CALLBACK_URL=/oauth/discord/callback - -# Facebook -FACEBOOK_CLIENT_ID= -FACEBOOK_CLIENT_SECRET= -FACEBOOK_CALLBACK_URL=/oauth/facebook/callback - -# GitHub -GITHUB_CLIENT_ID= -GITHUB_CLIENT_SECRET= -GITHUB_CALLBACK_URL=/oauth/github/callback -# GitHub Enterprise -# GITHUB_ENTERPRISE_BASE_URL= -# GITHUB_ENTERPRISE_USER_AGENT= - -# Google -GOOGLE_CLIENT_ID= -GOOGLE_CLIENT_SECRET= -GOOGLE_CALLBACK_URL=/oauth/google/callback - -# Apple -APPLE_CLIENT_ID= -APPLE_TEAM_ID= -APPLE_KEY_ID= -APPLE_PRIVATE_KEY_PATH= -APPLE_CALLBACK_URL=/oauth/apple/callback - -# OpenID -OPENID_CLIENT_ID= -OPENID_CLIENT_SECRET= -OPENID_ISSUER= -OPENID_SESSION_SECRET= -OPENID_SCOPE="openid profile email" -OPENID_CALLBACK_URL=/oauth/openid/callback -OPENID_REQUIRED_ROLE= -OPENID_REQUIRED_ROLE_TOKEN_KIND= -OPENID_REQUIRED_ROLE_PARAMETER_PATH= -# Set to determine which user info property returned from OpenID Provider to store as the User's username -OPENID_USERNAME_CLAIM= -# Set to determine which user info property returned from OpenID Provider to store as the User's name -OPENID_NAME_CLAIM= - -OPENID_BUTTON_LABEL= -OPENID_IMAGE_URL= - -# LDAP -# LDAP_URL= -# LDAP_BIND_DN= -# LDAP_BIND_CREDENTIALS= -# LDAP_USER_SEARCH_BASE= -# LDAP_SEARCH_FILTER=mail= -# LDAP_CA_CERT_PATH= -# LDAP_TLS_REJECT_UNAUTHORIZED= -# LDAP_LOGIN_USES_USERNAME=true -# LDAP_ID= -# LDAP_USERNAME= -# LDAP_EMAIL= -# LDAP_FULL_NAME= - -#========================# -# Email Password Reset # -#========================# - -EMAIL_SERVICE= -EMAIL_HOST=postal-smtp -EMAIL_PORT=25 -EMAIL_ENCRYPTION= -EMAIL_ENCRYPTION_HOSTNAME= -EMAIL_ALLOW_SELFSIGNED= -EMAIL_USERNAME= -EMAIL_PASSWORD= -EMAIL_FROM_NAME= -EMAIL_FROM=noreply@librechat.ai - -#========================# -# Firebase CDN # -#========================# - -# FIREBASE_API_KEY= -# FIREBASE_AUTH_DOMAIN= -# FIREBASE_PROJECT_ID= -# FIREBASE_STORAGE_BUCKET= -# FIREBASE_MESSAGING_SENDER_ID= -# FIREBASE_APP_ID= - -#========================# -# Shared Links # -#========================# - -ALLOW_SHARED_LINKS=true -ALLOW_SHARED_LINKS_PUBLIC=true - -#==============================# -# Static File Cache Control # -#==============================# - -# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age -# NODE_ENV must be set to production for these to take effect -# STATIC_CACHE_MAX_AGE=172800 -# STATIC_CACHE_S_MAX_AGE=86400 - -# If you have another service in front of your LibreChat doing compression, disable express based compression here -# DISABLE_COMPRESSION=true - -#===================================================# -# UI # -#===================================================# - -APP_TITLE=LibreChat -# CUSTOM_FOOTER="My custom footer" -HELP_AND_FAQ_URL=https://librechat.ai - -# SHOW_BIRTHDAY_ICON=true - -# Google tag manager id -#ANALYTICS_GTM_ID=user provided google tag manager id - -#===============# -# REDIS Options # -#===============# - -REDIS_URI=redis:6379 -USE_REDIS=true - -# USE_REDIS_CLUSTER=true -# REDIS_CA=/path/to/ca.crt - -#==================================================# -# Others # -#==================================================# -# You should leave the following commented out # - -# NODE_ENV= - -# E2E_USER_EMAIL= -# E2E_USER_PASSWORD= - -#=====================================================# -# Cache Headers # -#=====================================================# -# Headers that control caching of the index.html # -# Default configuration prevents caching to ensure # -# users always get the latest version. Customize # -# only if you understand caching implications. # - -# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate -# INDEX_HTML_PRAGMA=no-cache -# INDEX_HTML_EXPIRES=0 - -# no-cache: Forces validation with server before using cached version -# no-store: Prevents storing the response entirely -# must-revalidate: Prevents using stale content when offline - -#=====================================================# -# OpenWeather # -#=====================================================# -OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }} \ No newline at end of file