karakeep: use native nix module

2026-01-11 21:59:44 +11:00 · 2026-01-11 21:59:44 +11:00 · 0d346e5ae6
commit 0d346e5ae6
parent bd91e9a659
2 changed files with 8 additions and 14 deletions
--- a/flake.nix
+++ b/flake.nix
@ -33,6 +33,7 @@
        ./modules/services/caddy.nix
        ./modules/services/forgejo.nix
        ./modules/services/miniflux.nix
        ./modules/services/karakeep.nix
        ./modules/services/media/arr.nix
        ./modules/services/media/jellyfin.nix
        ./modules/services/archiveteam-warrior.nix
--- a/modules/services/karakeep.nix
+++ b/modules/services/karakeep.nix
@ -1,12 +1,10 @@
 { config, ... }:
 {
-  virtualisation.oci-containers.containers.karakeep = {
+  services.karakeep = {
-    image = "ghcr.io/karakeep-app/karakeep:release";
+    enable = true;
-    volumes = [ "/var/lib/karakeep/data:/data" ];
+    extraEnvironment = {
-    ports = [ "8023:3000" ];
+      PORT = "8023";
    environment = {
      DATA_DIR = "/data"; # dont change
      OAUTH_WELLKNOWN_URL = "https://${config.homelab.authDomain}/oauth2/openid/karakeep/.well-known/openid-configuration";
      OAUTH_PROVIDER_NAME = "${config.homelab.domain}";
@ -16,14 +14,9 @@
      OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true";
    };
-    environmentFiles = [
+    # put OAUTH_CLIENT_SECRET and OAUTH_CLIENT_ID in file
-      # put the environment variable NEXTAUTH_SECRET in here
+    # https://docs.karakeep.app/configuration/environment-variables#authentication--signup
-      # with a randomly generated string. gen with `openssl rand -base64 36`
+    environmentFile = "/var/lib/karakeep/oidc";
      /var/lib/karakeep/nextauth-secret
      # https://pocket-id.org/docs/client-examples/hoarder
      /var/lib/karakeep/oidc
    ];
  };
  services.caddy.virtualHosts."karakeep.${config.homelab.domain}" = {