diff --git a/modules/system/librechat.nix b/modules/system/librechat.nix
index c3d1fac..9149568 100644
--- a/modules/system/librechat.nix
+++ b/modules/system/librechat.nix
@@ -30,6 +30,12 @@ in
 				ensureDBOwnership = true;
 				name = "rag_api";
 			}];
+			#extensions = ps: with ps; [ pgvecto-rs ];
+			extensions = ps: with ps; [ pgvector ];
+			settings = {
+				shared_preload_libraries = [ "vector.so" ];
+				search_path = "\"$user\", public, vector";
+			};
 		};
 		sops.secrets.librechat-env = {
 			format = "dotenv";
@@ -98,6 +104,18 @@ in
 			};
 			wantedBy = ["multi-user.target"];
 		};
+		systemd.services.postgresql.serviceConfig.ExecStartPost =
+			let sqlFile = pkgs.writeText "librechat-pgvectors-setup.sql" ''
+				CREATE EXTENSION IF NOT EXISTS vector;
+
+				ALTER SCHEMA public OWNER TO rag_api;
+				ALTER SCHEMA vector OWNER TO rag_api;
+
+				ALTER EXTENSION vector UPDATE;
+			'';
+			in [''
+				${lib.getExe' config.services.postgresql.package "psql"} -d "rag_api" -f "${sqlFile}"
+			''];
 		systemd.tmpfiles.rules = [
 			"d /opt/librechat 0755 librechat librechat"
 			"d /opt/meilisearch 0755 meilisearch meilisearch"
@@ -126,6 +144,7 @@ in
 			ports = [ "127.0.0.1:10051:8000" ];
 			volumes = [
 				"/opt/rag-api:/app/uploads"
+				"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
 				"/var/run/secrets/rag-api-credentials.json:/var/run/secrets/rag-api-credentials.json"
 			];
 		};
diff --git a/secrets/rag-api.env b/secrets/rag-api.env
index b5147f7..0d80bc4 100644
--- a/secrets/rag-api.env
+++ b/secrets/rag-api.env
@@ -1,9 +1,10 @@
-DB_HOST=ENC[AES256_GCM,data:fT+lhE74V8VDi+ExD8/3eS1Y0Jqec2uIr/wOK+Gks6hmbReU/s8YESBphLWfdqoTakmxi6Dn1EWCBT4PrJ/huUQoOQS7vL/JgHievhqAgBc=,iv:z+2/xg3yixFGSLtcFdJVcIk2VomAKJkeIFPZXu7xTWA=,tag:+WA+CVGERF6qeOWEYL/N2A==,type:str]
-DB_PORT=ENC[AES256_GCM,data:HmH1MFg=,iv:mozmG50pM7w7Ufio2tjop/qFtpx1rwyDldozdrijxLo=,tag:j9IRcu44GpYUfiRMs63/sA==,type:str]
+DB_HOST=ENC[AES256_GCM,data:10uOKkk0ZLYi1vcFcA2z,iv:Jij+gSjhc2yvn8CDbQfCul+S93M8VDzwJtGPyWxjH48=,tag:jME/j60Z7xp22R7gFiSICw==,type:str]
+DB_PORT=ENC[AES256_GCM,data:tfdgFw==,iv:tjf8hLckiCnJCAu6Z8zkDECBq/wNRF++Wm1Xi7LTLgc=,tag:WOipYrsbiTM6IT2ttZfxEA==,type:str]
 GOOGLE_APPLICATION_CREDENTIALS=ENC[AES256_GCM,data:KdGrxMlwrTMImGP0IK2wzTpVjCl7hHu2kBudEO9iBVyMgt7lUtBSXZI=,iv:AEGqPlFDIPj9FwL+k8vhPS4ZTLYs41213Hpfbn9kCYw=,tag:RvRnDd6AoTYyottOaYYKvg==,type:str]
 POSTGRES_DB=ENC[AES256_GCM,data:prdJiRvRcQ==,iv:T5ptZPzrgBAUigEjbaMnOeI0z3LJRwX1D/bbb0tsw14=,tag:tXlEeDvTf9TwedmpmSFNQA==,type:str]
-POSTGRES_USER=ENC[AES256_GCM,data:VYdF,iv:UPVY2eftrUaR7/Oj3RzE+vOrpCH2ZltQLFgIHmYtZCM=,tag:Q8Mx7deJcazYCjow6uqIiA==,type:str]
+POSTGRES_USER=ENC[AES256_GCM,data:SeURVnIF0w==,iv:0K8MxEQOxV4+4b3XsxenelFnzT7Jz6J+Wl0eYEUYsr8=,tag:D85yAy9si1YfdYv0v4rzmg==,type:str]
 POSTGRES_PASSWORD=ENC[AES256_GCM,data:mHPQYm/2JBznZTS2ikkV,iv:e9h8EBROGxOQMeNLZc2RMGBMR53MXQg4cs0zFH9DxQE=,tag:RxS+OOMVRyuwY5u/mKCxFQ==,type:str]
+POSTGRES_USE_UNIX_SOCKET=ENC[AES256_GCM,data:/YB/6g==,iv:yc+Wq95u1Ee0k4gh+BhvRlympvXtR3FEi9a9j2kERmw=,tag:+JFEcfrLi3oGZNJstrBHPg==,type:str]
 RAG_OPENAI_API_KEY=ENC[AES256_GCM,data:qBEHzCDKdLZS2tW3Xkg/4Byryep+G2DSwOitKQaNVR7PD19JUsZEf8ovpYMrTYzGzV5SUfNJZy/OaCrkI37sS0zUfVg3lR2dnyljc6q1gYbP1CwSRSrnvW62vPUE1XKcm0+i6w8c4+89S8l9pQKorqoQN7gI+MF93kVXuMwSuOkmDFwTbT8xsYB1F45OLeFnlq5nj5F462N6Ib4gPdwJzMiHiko=,iv:ypMe2mZQRqiw9mwWpHG0qGr++YwYD6bpKqBpC2NkjUs=,tag:tkfbXdsnxTgoJsM0iCdOJA==,type:str]
 VECTOR_DB_TYPE=ENC[AES256_GCM,data:8degwgWmBsM=,iv:TW+a4yyp/d6FQqx033aufH8Fq2mOG486EXYljR+F8MA=,tag:CV3ggjD4CEXMRH4tDwyjLg==,type:str]
 sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUDdiRXFsQW1VN2Zud0I4\ndmlHUitYSUhMcUdwVjN5Z3FUWGpFL21hSVM0CjhYdDZvNWxDQWxwbGwwTWRPY2pi\nYmJLbStDSHZ4MDR5ams3Z0x1c25KWkEKLS0tICtPOElGWitLTnhFSXVrTlFWQys1\nMDM4bnovVEpJUkhSLzNjaU8zRXNESGMKjprCWFkxg+liUpLFsSTkW0kGKLF86Ik3\nw8vkS5Acsc0JSPwns7x0NPKNI5mwHwN+s1U/dkbB5CaS60UwNX4vvw==\n-----END AGE ENCRYPTED FILE-----\n
@@ -18,7 +19,7 @@ sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2
 sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
 sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmSTU4TVJBNDBhQlJDd28w\nZVA0a28rNEd6N2FxQjlhZm90S2lZS3hiczA0Ck9lQzd4bFgwRDZsNUt5ZlZXRFZH\nc1FZWTFVVzNzT2tjdmtJdk1vZFc2RjAKLS0tIHJjZEdTdm1RVytMTHJTOGQ0eUhq\nZmYydC9ENmF2V3IxWU1uVHBkZ3Rja2sKNYzKQ03KtYyjELUK2LGnyig/2RixYxSl\nXidI8l5mfAR19fTa9uWAHoLsgAiQ9l6X9xq+ohXLcKoURrwCMGlImQ==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7
-sops_lastmodified=2025-07-23T00:09:14Z
-sops_mac=ENC[AES256_GCM,data:NX5i7QSkfp9SR2xJKbmLKRKUZwKANlaZBUr65bfBX6/EERw++QWk1dPirEJ6FULXAooN4md1cYUl+i2vNYgzOYXZTgWJyQOMAR0/6IBFHi6l/G3IqP2xTMpSjPKkVlk9VHD4rOOsmD//MLSDDUABMCj+LaAEPMy6+dccnBquETs=,iv:126H+OBc+PI5SeMdXkO8Gt2CN1qmisOQGeXr785drTk=,tag:zaqzL2e7wjSZQHVYZJJPYQ==,type:str]
+sops_lastmodified=2025-10-03T14:29:58Z
+sops_mac=ENC[AES256_GCM,data:2IAz46I9guefG3ru8/+uT0ouSTQal8I0RqyX88UOFOMyqJnBq/jNcuP8c54sAib5dyyx6ospTKyf6k5M/P8xHLnrPw3Ocxvqc8tP/i4szuQwdFEHkn1e2UnrlTvtSPx7DWUHLTghRxQLJWTbeG1o7/Tp2XQYKbmp+Bm2wG5MJOg=,iv:mBZKpzC3FJmpNkvl4FsLNI2wliGFxKVLDy+vhSqcXnI=,tag:41ioVZiI0B5bSbm0jyaJpg==,type:str]
 sops_unencrypted_suffix=_unencrypted
 sops_version=3.10.2