From 174202b36e51229c01b9282389c15e5efba6f047 Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sat, 3 May 2025 16:16:03 +1000
Subject: [PATCH] karakeep: init

---
 flake.nix                     |  1 +
 modules/services/glance.nix   |  4 ++++
 modules/services/karakeep.nix | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 modules/services/karakeep.nix

diff --git a/flake.nix b/flake.nix
index 7a6e4a8..187fef3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,6 +23,7 @@
         ./modules/nix/linux.nix
         ./modules/shell.nix
 
+        ./modules/services/karakeep.nix
         ./modules/services/pocketid.nix
         ./modules/services/caddy.nix
         ./modules/services/miniflux.nix
diff --git a/modules/services/glance.nix b/modules/services/glance.nix
index 2211097..136402a 100644
--- a/modules/services/glance.nix
+++ b/modules/services/glance.nix
@@ -97,6 +97,10 @@
                           title = "Miniflux";
                           url = "https://rss.${config.homelab.domain}";
                         }
+                        {
+                          title = "Karakeep";
+                          url = "https://karakeep.${config.homelab.domain}";
+                        }
                       ];
                     }
                     {
diff --git a/modules/services/karakeep.nix b/modules/services/karakeep.nix
new file mode 100644
index 0000000..aefd116
--- /dev/null
+++ b/modules/services/karakeep.nix
@@ -0,0 +1,35 @@
+{ config, ... }:
+
+{
+  virtualisation.oci-containers.containers.karakeep = {
+    image = "ghcr.io/karakeep-app/karakeep:release";
+    volumes = [ "/var/lib/karakeep/data:/data" ];
+    ports = [ "8023:3000" ];
+    environment = {
+      DATA_DIR = "/data"; # dont change
+
+      OAUTH_WELLKNOWN_URL = "https://auth.${config.homelab.domain}/.well-known/openid-configuration";
+      OAUTH_PROVIDER_NAME = "PocketID";
+      NEXTAUTH_URL = "https://karakeep.${config.homelab.domain}";
+
+      DISABLE_PASSWORD_AUTH	= "true";
+      OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true";
+    };
+
+    environmentFiles = [
+      # put the environment variable NEXTAUTH_SECRET in here
+      # with a randomly generated string. gen with `openssl rand -base64 36`
+      /var/lib/karakeep/nextauth-secret
+
+      # https://pocket-id.org/docs/client-examples/hoarder
+      /var/lib/karakeep/oidc
+    ];
+  };
+  
+  services.caddy.virtualHosts."karakeep.${config.homelab.domain}" = {
+    useACMEHost = config.homelab.domain;
+    extraConfig = ''
+      reverse_proxy http://localhost:8023
+    '';
+  };
+}