forked from nico/dots
Nico
8d96a11cb7
breaks ssl with arr sites This reverts commit 71d13e9b6cf97925af4cc631c1e7b67d79969ca3.
35 lines
1.1 KiB
Nix
35 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
virtualisation.oci-containers.containers.karakeep = {
|
|
image = "ghcr.io/karakeep-app/karakeep:release";
|
|
volumes = [ "/var/lib/karakeep/data:/data" ];
|
|
ports = [ "8023:3000" ];
|
|
environment = {
|
|
DATA_DIR = "/data"; # dont change
|
|
|
|
OAUTH_WELLKNOWN_URL = "https://auth.${config.homelab.domain}/.well-known/openid-configuration";
|
|
OAUTH_PROVIDER_NAME = "PocketID";
|
|
NEXTAUTH_URL = "https://karakeep.${config.homelab.domain}";
|
|
|
|
DISABLE_PASSWORD_AUTH = "true";
|
|
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true";
|
|
};
|
|
|
|
environmentFiles = [
|
|
# put the environment variable NEXTAUTH_SECRET in here
|
|
# with a randomly generated string. gen with `openssl rand -base64 36`
|
|
/var/lib/karakeep/nextauth-secret
|
|
|
|
# https://pocket-id.org/docs/client-examples/hoarder
|
|
/var/lib/karakeep/oidc
|
|
];
|
|
};
|
|
|
|
services.caddy.virtualHosts."karakeep.${config.homelab.domain}" = {
|
|
useACMEHost = config.homelab.domain;
|
|
extraConfig = ''
|
|
reverse_proxy http://localhost:8023
|
|
'';
|
|
};
|
|
}
|