pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Implemented KaraKeep service as NixOS container

Browse source
This commit is contained in:
pazpi 2026-03-30 10:04:45 +02:00
parent 8f0f6f5013
commit 8d9814db05
No known key found for this signature in database
9 changed files with 171 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/caddy/default.nix
View file

@ -104,6 +104,12 @@ in
host = p.hosts.actual; host = p.hosts.actual;
}; };
karakeep.proxy = {
enable = true;
domain = p.domains.public;
host = p.hosts.karakeep;
};
searx = { searx = {
enable = true; enable = true;
secretFile = config.age.secrets.searx-secret.path; secretFile = config.age.secrets.searx-secret.path;
@ -187,11 +193,6 @@ in
host = "http://${p.hosts.docker}:4080"; host = "http://${p.hosts.docker}:4080";
domain = p.domains.public; domain = p.domains.public;
} }
{
subdomain = "keep";
host = "http://${p.hosts.docker}:3000";
domain = p.domains.public;
}
{ {
subdomain = "maps"; subdomain = "maps";
host = "http://${p.hosts.docker}:5000"; host = "http://${p.hosts.docker}:5000";

26
hosts/hosts.nix
View file

@ -44,6 +44,7 @@
"firefly-iii" "firefly-iii"
"paperless" "paperless"
"actual" "actual"
"karakeep"
]; ];
}; };
@ -74,14 +75,14 @@
]; ];
}; };
firefly-iii = { # firefly-iii = {
module = ./firefly-iii; # module = ./firefly-iii;
tags = [ # tags = [
"lxc" # "lxc"
"bacco" # "bacco"
"firefly-iii" # "firefly-iii"
]; # ];
}; # };
forgejo = { forgejo = {
module = ./forgejo; module = ./forgejo;
@ -119,6 +120,15 @@
]; ];
}; };
karakeep = {
module = ./karakeep;
tags = [
"lxc"
"bacco"
"karakeep"
];
};
metrics = { metrics = {
module = ./metrics; module = ./metrics;
tags = [ tags = [

49
hosts/karakeep/default.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
...
}:
let
p = import ../parameters.nix;
in
{
age.secrets.karakeep-env = {
file = ../../secrets/karakeep-env.age;
owner = "karakeep";
group = "karakeep";
mode = "0400";
};
my = {
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.karakeep = {
enable = true;
port = 3000;
environmentFile = config.age.secrets.karakeep-env.path;
extraEnvironment = {
NEXTAUTH_URL = "https://keep.${p.domains.public}";
CRAWLER_FULL_PAGE_SCREENSHOT = "true";
OPENAI_BASE_URL = "https://litellm.ts.${p.domains.public}";
INFERENCE_IMAGE_MODEL = "GPT-4o Mini";
INFERENCE_TEXT_MODEL = "GPT-4.1 Mini";
EMBEDDING_TEXT_MODEL = "text-embedding-3-small";
DISABLE_PASSWORD_AUTH = "true";
OAUTH_PROVIDER_NAME = "Authentik";
OAUTH_WELLKNOWN_URL = "https://auth.${p.domains.public}/application/o/karakeep/.well-known/openid-configuration";
};
};
virtualisation.proxmox.enable = true;
};
networking.firewall.allowedTCPPorts = [ 3000 ];
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "25.11";
}

1
hosts/parameters.nix
View file

@ -36,6 +36,7 @@ in
librenms = "librenms.${private-domain}"; librenms = "librenms.${private-domain}";
collabora = "collabora.${private-domain}"; collabora = "collabora.${private-domain}";
actual = "actual-budget.${private-domain}"; actual = "actual-budget.${private-domain}";
karakeep = "karakeep.${private-domain}";
}; };
personal = { personal = {
username = "pazpi"; username = "pazpi";

1
modules/services/default.nix
View file

@ -9,6 +9,7 @@
./forgejo-runner.nix ./forgejo-runner.nix
./ilpost-addict.nix ./ilpost-addict.nix
./immich.nix ./immich.nix
./karakeep.nix
./media-mgr.nix ./media-mgr.nix
./n8n.nix ./n8n.nix
./nextcloud.nix ./nextcloud.nix

94
modules/services/karakeep.nix Normal file
View file

@ -0,0 +1,94 @@
{
lib,
config,
...
}:
let
cfg = config.my.services.karakeep;
in
{
options.my.services.karakeep = {
enable = lib.mkEnableOption "Karakeep (services.karakeep)";
port = lib.mkOption {
type = lib.types.port;
default = 3000;
description = ''
HTTP port for the web service. Used for Caddy reverse_proxy and
services.karakeep.extraEnvironment.PORT unless overridden there.
'';
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Optional environment file merged into Karakeep systemd units (e.g. agenix).
'';
};
extraEnvironment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = ''
Merged into services.karakeep.extraEnvironment. PORT defaults to
my.services.karakeep.port but can be overridden here.
'';
};
proxy = {
enable = lib.mkEnableOption "Set the Caddy reverse proxy entry for this service";
domain = lib.mkOption {
default = "example.com";
type = lib.types.str;
description = ''
The domain where Caddy is reachable
'';
};
subdomain = lib.mkOption {
default = "keep";
type = lib.types.str;
description = ''
Subdomain for Karakeep
'';
};
host = lib.mkOption {
default = "localhost";
type = lib.types.str;
description = ''
Hostname where Karakeep is listening
'';
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
services.karakeep = {
enable = true;
browser.enable = true;
meilisearch.enable = true;
environmentFile = cfg.environmentFile;
extraEnvironment = {
PORT = toString cfg.port;
DISABLE_NEW_RELEASE_CHECK = "true";
}
// cfg.extraEnvironment;
};
})
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."${subdomain}.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString cfg.port}
import cloudflare_${domain}
'';
};
})
];
}

1
secrets.nix
View file

@ -25,6 +25,7 @@ let
paperless-admin = [ machines.paperless ]; paperless-admin = [ machines.paperless ];
paperless-oauth2-client-secret = [ machines.paperless ]; paperless-oauth2-client-secret = [ machines.paperless ];
actual-openid-client-secret = [ machines.actual-budget ]; actual-openid-client-secret = [ machines.actual-budget ];
karakeep-env = [ machines.karakeep ];
zigbee2mqtt-password = [ machines.zigbee2mqtt ]; zigbee2mqtt-password = [ machines.zigbee2mqtt ];
mqtt-password = [ machines.zigbee2mqtt ]; mqtt-password = [ machines.zigbee2mqtt ];
scaleway-password = [ scaleway-password = [

BIN
secrets/karakeep-env.age Normal file
View file

Binary file not shown.

1
ssh-keys.nix
View file

@ -30,6 +30,7 @@ rec {
colmena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOVg0/MhkyTsZBITT0nZvH0hWskPJ7lyC5Mw70duczq"; colmena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOVg0/MhkyTsZBITT0nZvH0hWskPJ7lyC5Mw70duczq";
collabora = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSaXqZ+gqkbRJxsHRvCXw9U2Zip8YlPjbEIgPEzevO3"; collabora = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICSaXqZ+gqkbRJxsHRvCXw9U2Zip8YlPjbEIgPEzevO3";
actual-budget = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsvkaeZeTXtowXFcKmtx3ElzNXU4cW4Ti6pR2BBfPFk"; actual-budget = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsvkaeZeTXtowXFcKmtx3ElzNXU4cW4Ti6pR2BBfPFk";
karakeep = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdfWilvVln+IVIDKmizUja/6reiFqKvV30z+Mc/gaJn";
}; };
# Machines able to provisioning other machines # Machines able to provisioning other machines