From 9c4b668a49f2713ff54df47ef66ed1dfbc8671fe Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Tue, 10 Feb 2026 18:07:05 +0100 Subject: [PATCH] karakeep: Init module --- modules/system/web-services/karakeep.nix | 62 ++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 modules/system/web-services/karakeep.nix diff --git a/modules/system/web-services/karakeep.nix b/modules/system/web-services/karakeep.nix new file mode 100644 index 0000000..19d1449 --- /dev/null +++ b/modules/system/web-services/karakeep.nix @@ -0,0 +1,62 @@ +{ config, lib, ... }: +let + cfg = config.custom.web-services.karakeep; +in +{ + options.custom.web-services.karakeep = { + enable = lib.mkEnableOption ""; + domain = lib.mkOption { + type = lib.types.nonEmptyStr; + default = ""; + }; + port = lib.mkOption { + type = lib.types.port; + default = 18195; + }; + }; + + config = lib.mkIf cfg.enable { + sops = { + secrets."karakeep/openai-api-key" = { }; + templates."karakeep.env" = { + content = "OPENAI_API_KEY=${config.sops.placeholder."karakeep/openai-api-key"}"; + owner = config.users.users.karakeep.name; + restartUnits = [ "karakeep-web.service" ]; + }; + }; + + services.karakeep = { + enable = true; + environmentFile = config.sops.templates."karakeep.env".path; + extraEnvironment = { + PORT = toString cfg.port; + DISABLE_NEW_RELEASE_CHECK = "true"; + OCR_LANGS = "eng,deu"; + }; + }; + + users = { + users.meilisearch = { + isSystemUser = true; + group = config.users.groups.meilisearch.name; + }; + groups.meilisearch = { }; + }; + + systemd.services.meilisearch.serviceConfig = { + DynamicUser = lib.mkForce false; + User = config.users.users.meilisearch.name; + Group = config.users.groups.meilisearch.name; + ReadWritePaths = lib.mkForce [ ]; + }; + + custom = { + services.caddy.virtualHosts.${cfg.domain}.port = cfg.port; + + persistence.directories = [ + "/var/lib/karakeep" + "/var/lib/meilisearch" + ]; + }; + }; +}