Implemented KaraKeep service as NixOS container

2026-03-30 10:04:45 +02:00 · 2026-03-30 10:04:45 +02:00 · 8d9814db05
commit 8d9814db05
parent 8f0f6f5013
9 changed files with 171 additions and 13 deletions
--- a/hosts/caddy/default.nix
+++ b/hosts/caddy/default.nix
@ -104,6 +104,12 @@ in
        host = p.hosts.actual;
      };

+      karakeep.proxy = {
+        enable = true;
+        domain = p.domains.public;
+        host = p.hosts.karakeep;
+      };
+
      searx = {
        enable = true;
        secretFile = config.age.secrets.searx-secret.path;
@ -187,11 +193,6 @@ in
            host = "http://${p.hosts.docker}:4080";
            domain = p.domains.public;
          }
-          {
-            subdomain = "keep";
-            host = "http://${p.hosts.docker}:3000";
-            domain = p.domains.public;
-          }
          {
            subdomain = "maps";
            host = "http://${p.hosts.docker}:5000";
--- a/hosts/hosts.nix
+++ b/hosts/hosts.nix
@ -44,6 +44,7 @@
      "firefly-iii"
      "paperless"
      "actual"
+      "karakeep"
    ];
  };

@ -74,14 +75,14 @@
    ];
  };

-  firefly-iii = {
-    module = ./firefly-iii;
-    tags = [
-      "lxc"
-      "bacco"
-      "firefly-iii"
-    ];
-  };
+  # firefly-iii = {
+  #   module = ./firefly-iii;
+  #   tags = [
+  #     "lxc"
+  #     "bacco"
+  #     "firefly-iii"
+  #   ];
+  # };

  forgejo = {
    module = ./forgejo;
@ -119,6 +120,15 @@
    ];
  };

+  karakeep = {
+    module = ./karakeep;
+    tags = [
+      "lxc"
+      "bacco"
+      "karakeep"
+    ];
+  };
+
  metrics = {
    module = ./metrics;
    tags = [
--- a/hosts/karakeep/default.nix
+++ b/hosts/karakeep/default.nix
@ -0,0 +1,49 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  p = import ../parameters.nix;
+in
+{
+
+  age.secrets.karakeep-env = {
+    file = ../../secrets/karakeep-env.age;
+    owner = "karakeep";
+    group = "karakeep";
+    mode = "0400";
+  };
+
+  my = {
+    utils = {
+      commons.enable = true;
+      lxc-standard.enable = true;
+    };
+
+    services.karakeep = {
+      enable = true;
+      port = 3000;
+      environmentFile = config.age.secrets.karakeep-env.path;
+      extraEnvironment = {
+        NEXTAUTH_URL = "https://keep.${p.domains.public}";
+        CRAWLER_FULL_PAGE_SCREENSHOT = "true";
+        OPENAI_BASE_URL = "https://litellm.ts.${p.domains.public}";
+        INFERENCE_IMAGE_MODEL = "GPT-4o Mini";
+        INFERENCE_TEXT_MODEL = "GPT-4.1 Mini";
+        EMBEDDING_TEXT_MODEL = "text-embedding-3-small";
+        DISABLE_PASSWORD_AUTH = "true";
+        OAUTH_PROVIDER_NAME = "Authentik";
+        OAUTH_WELLKNOWN_URL = "https://auth.${p.domains.public}/application/o/karakeep/.well-known/openid-configuration";
+      };
+    };
+
+    virtualisation.proxmox.enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
+  environment.systemPackages = with pkgs; [ ];
+
+  system.stateVersion = "25.11";
+}
--- a/hosts/parameters.nix
+++ b/hosts/parameters.nix
@ -36,6 +36,7 @@ in
    librenms = "librenms.${private-domain}";
    collabora = "collabora.${private-domain}";
    actual = "actual-budget.${private-domain}";
+    karakeep = "karakeep.${private-domain}";
  };
  personal = {
    username = "pazpi";