Implemented KaraKeep service as NixOS container

hosts/karakeep/default.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  p = import ../parameters.nix;
+in
+{
+
+  age.secrets.karakeep-env = {
+    file = ../../secrets/karakeep-env.age;
+    owner = "karakeep";
+    group = "karakeep";
+    mode = "0400";
+  };
+
+  my = {
+    utils = {
+      commons.enable = true;
+      lxc-standard.enable = true;
+    };
+
+    services.karakeep = {
+      enable = true;
+      port = 3000;
+      environmentFile = config.age.secrets.karakeep-env.path;
+      extraEnvironment = {
+        NEXTAUTH_URL = "https://keep.${p.domains.public}";
+        CRAWLER_FULL_PAGE_SCREENSHOT = "true";
+        OPENAI_BASE_URL = "https://litellm.ts.${p.domains.public}";
+        INFERENCE_IMAGE_MODEL = "GPT-4o Mini";
+        INFERENCE_TEXT_MODEL = "GPT-4.1 Mini";
+        EMBEDDING_TEXT_MODEL = "text-embedding-3-small";
+        DISABLE_PASSWORD_AUTH = "true";
+        OAUTH_PROVIDER_NAME = "Authentik";
+        OAUTH_WELLKNOWN_URL = "https://auth.${p.domains.public}/application/o/karakeep/.well-known/openid-configuration";
+      };
+    };
+
+    virtualisation.proxmox.enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
+  environment.systemPackages = with pkgs; [ ];
+
+  system.stateVersion = "25.11";
+}