From 0f8a850b4a68b4d7b82cc403cecce83b91ae0974 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Mon, 12 Jan 2026 13:42:35 +0100 Subject: [PATCH] karakeep nobuild --- karakeep/CHANGELOG.md | 237 +++++++++++++++++- karakeep/DOCS.md | 42 ++++ karakeep/Dockerfile | 219 ++++++---------- karakeep/README.md | 105 +------- karakeep/addon_info.yaml | 16 ++ karakeep/apparmor.txt | 66 ----- karakeep/build.yaml | 1 - karakeep/config.yaml | 93 +++---- karakeep/icon.png | Bin 2140 -> 2112 bytes karakeep/logo.png | Bin 2140 -> 30742 bytes karakeep/rootfs/etc/cont-init.d/90-folders.sh | 15 -- karakeep/rootfs/etc/cont-init.d/91-secrets.sh | 50 ---- .../etc/cont-init.d/92-chrome-extensions.sh | 46 ---- karakeep/rootfs/etc/fonts/local.conf | 31 +++ karakeep/rootfs/etc/nginx/includes/mime.types | 96 +++++++ .../etc/nginx/includes/proxy_params.conf | 15 ++ .../rootfs/etc/nginx/includes/resolver.conf | 1 + .../etc/nginx/includes/server_params.conf | 6 + .../rootfs/etc/nginx/includes/ssl_params.conf | 8 + karakeep/rootfs/etc/nginx/nginx.conf | 52 ++++ .../svc-chrome => nginx/servers/.gitkeep} | 0 .../rootfs/etc/nginx/templates/direct.gtpl | 31 +++ .../rootfs/etc/nginx/templates/upstream.gtpl | 3 + .../dependencies.d/base} | 0 .../s6-overlay/s6-rc.d/init-addon-config/run | 59 +++++ .../s6-overlay/s6-rc.d/init-addon-config/type | 1 + .../s6-overlay/s6-rc.d/init-addon-config/up | 1 + .../dependencies.d/init-folders} | 0 .../dependencies.d/svc-chrome} | 0 .../dependencies.d/svc-meilisearch | 0 .../dependencies.d/init-addon-config | 0 .../etc/s6-overlay/s6-rc.d/init-folders/run | 8 + .../etc/s6-overlay/s6-rc.d/init-folders/type | 1 + .../etc/s6-overlay/s6-rc.d/init-folders/up | 1 + .../dependencies.d/init-addon-config | 0 .../etc/s6-overlay/s6-rc.d/init-nginx/run | 49 ++++ .../etc/s6-overlay/s6-rc.d/init-nginx/type | 1 + .../etc/s6-overlay/s6-rc.d/init-nginx/up | 1 + .../svc-chrome/dependencies.d/init-folders | 0 .../etc/s6-overlay/s6-rc.d/svc-chrome/run | 153 ++++++++++- .../etc/s6-overlay/s6-rc.d/svc-chrome/type | 2 +- .../etc/s6-overlay/s6-rc.d/svc-chrome/up | 1 + .../dependencies.d/init-folders | 0 .../s6-overlay/s6-rc.d/svc-meilisearch/run | 11 +- .../s6-overlay/s6-rc.d/svc-meilisearch/type | 2 +- .../etc/s6-overlay/s6-rc.d/svc-meilisearch/up | 1 + .../svc-nginx/dependencies.d/init-nginx | 0 .../etc/s6-overlay/s6-rc.d/svc-nginx/run | 9 + .../etc/s6-overlay/s6-rc.d/svc-nginx/type | 1 + .../etc/s6-overlay/s6-rc.d/svc-nginx/up | 1 + .../s6-rc.d/user/contents.d/init-addon-config | 0 .../s6-rc.d/user/contents.d/init-nginx | 0 .../s6-rc.d/user/contents.d/svc-nginx | 0 .../usr/local/bin/ssl-check-generate.sh | 47 ++++ karakeep/rootfs/usr/local/bin/ssl-keygen.sh | 57 +++++ karakeep/rootfs/var/log/nginx/.gitkeep | 0 karakeep/updater.json | 8 - 57 files changed, 1041 insertions(+), 507 deletions(-) create mode 100644 karakeep/DOCS.md create mode 100644 karakeep/addon_info.yaml delete mode 100644 karakeep/apparmor.txt delete mode 100755 karakeep/rootfs/etc/cont-init.d/90-folders.sh delete mode 100755 karakeep/rootfs/etc/cont-init.d/91-secrets.sh delete mode 100755 karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh create mode 100644 karakeep/rootfs/etc/fonts/local.conf create mode 100644 karakeep/rootfs/etc/nginx/includes/mime.types create mode 100644 karakeep/rootfs/etc/nginx/includes/proxy_params.conf create mode 100644 karakeep/rootfs/etc/nginx/includes/resolver.conf create mode 100644 karakeep/rootfs/etc/nginx/includes/server_params.conf create mode 100644 karakeep/rootfs/etc/nginx/includes/ssl_params.conf create mode 100644 karakeep/rootfs/etc/nginx/nginx.conf rename karakeep/rootfs/etc/{s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome => nginx/servers/.gitkeep} (100%) create mode 100644 karakeep/rootfs/etc/nginx/templates/direct.gtpl create mode 100644 karakeep/rootfs/etc/nginx/templates/upstream.gtpl rename karakeep/rootfs/etc/s6-overlay/s6-rc.d/{svc-web/dependencies.d/svc-meilisearch => init-addon-config/dependencies.d/base} (100%) create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/up rename karakeep/rootfs/etc/s6-overlay/s6-rc.d/{svc-workers/dependencies.d/svc-chrome => init-db-migration/dependencies.d/init-folders} (100%) rename karakeep/rootfs/etc/s6-overlay/s6-rc.d/{svc-workers/dependencies.d/svc-meilisearch => init-db-migration/dependencies.d/svc-chrome} (100%) create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/svc-meilisearch create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/dependencies.d/init-addon-config create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/up create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-addon-config create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/dependencies.d/init-folders create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/up create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/dependencies.d/init-folders create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/up create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/init-nginx create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/up create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-addon-config create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-nginx create mode 100644 karakeep/rootfs/usr/local/bin/ssl-check-generate.sh create mode 100644 karakeep/rootfs/usr/local/bin/ssl-keygen.sh create mode 100644 karakeep/rootfs/var/log/nginx/.gitkeep delete mode 100644 karakeep/updater.json diff --git a/karakeep/CHANGELOG.md b/karakeep/CHANGELOG.md index fd44f8638..f88f2e8a3 100644 --- a/karakeep/CHANGELOG.md +++ b/karakeep/CHANGELOG.md @@ -1,11 +1,226 @@ - -## 1.8.5 (2026-01-12) -- Update to latest version from karakeep-app/karakeep (changelog : https://github.com/karakeep-app/karakeep/releases) -## 0.30.0-4 (11-01-2026) -- Minor bugs fixed -## 0.30.0-3 (11-01-2026) -- Minor bugs fixed -## 0.30.0-2 (11-01-2026) -- Minor bugs fixed -## 0.30.0 (2026-01-11) -- Initial add-on release +# 0.30.0 (New year release 🎁) + +Welcome to the 0.30.0 release of Karakeep and happy new year! This release comes with "2025 wrapped" (a bit late), PDF archives, new reader settings, avatars, reddit crawling improvements, and more! Huge thanks to our contributors for this release @esimkowitz, @Moondragon85, @rzxczxc, @colado, @Yeraze, @eriktews and everyone who shipped code, triaged bugs, or shared feedback for this release. + +> If you enjoy using Karakeep, consider supporting the project [here ☕️](https://buymeacoffee.com/mbassem) or via GitHub [here](https://github.com/sponsors/MohamedBassem). + +Buy Me A Coffee + +And in case you missed it, we now have a ☁️ managed offering ☁️ for those who don't want to self-host. We're in public beta now and you can signup [here](https://cloud.karakeep.app) 🎉. + +# New Features 🚀 + +- 2025 Wrapped is here to celebrate your year in Karakeep (#2322). +- PDF archives + - Archive bookmarks as PDFs, generated automatically during crawling or on-demand (#2309). + - Set `CRAWLER_STORE_PDF=true` to enable auto PDF archiving. +- Unified reader settings (font, size, etc) across all devices with per-device overrides (#2230). By @esimkowitz! +- Better metadata extraction: + - Reddit posts should now be crawled correctly, and banners should be fetched more reliably. + - Fixed YouTube thumbnail and author extraction. + - Fixed Amazon product image extraction (where it was sometimes showing the prime logo) (#2204, #2108). By @Yeraze +- Upload custom user avatars for more personal profiles (#2296). +- AI Setting customization: + - Customize tag styling (case, separators, language) per user. It's highly recommended to set the tag style for more consistent tags (#2312). + - Per-user toggles to disable auto-tagging and/or auto-summarization (#2275). +- Others: + - Import libraries from Matter with full export support (#2245). By @Moondragon85 + - Bulk remove bookmarks from lists (#2279). + - Add a new rule condition to rule engine: "URL Does Not Contain" (#2280). + - Configure an OpenAI proxy via `OPENAI_PROXY_URL` (#2231). By @rzxczxc + - Added `is:broken` search qualifier to show links that failed crawling (#2225). + - Edit list now in the mobile app (#2310). By @colado + +# UX Improvements ✨ + +- Our docs got a facelift! The docs got some styling, the pages got re-organized and we now have a "Using Karakeep" section that explains some of the core concepts of Karakeep. +- Replace bookmark banners and download attachments directly from the drop down menu (#2328). +- Sidebar scrollbar looks cleaner, and pending list invites show as a badge in the sidebar. +- Bookmark edit dialog now includes notes. +- Bookmark owner avatars now show up in collaborative lists. +- Mobile UI/UX improvements: + - Fixed title on mobile to be at most 2 lines long. + - Mobile settings screens should now feel more native (#2307). + - OLED-friendly colors in the Android app matching the colors of the ios app (#1958). + - Toasts on iOS now appear correctly above the open modals (#2320). By @colado + - Shared lists now appear in a dedicated subsection on mobile. + - Adding a bookmark to a list now shows a spinner during loading (#2283). + - Server version now appears in mobile settings (#2276). + - Fixed the confusing "tick button" beside the server address during login. + +# Fixes 🔧 + +- Fixed missing db indicies that was causing slow bookmark queries (#2246, #2287). +- Improved Ollama summaries by using the generate endpoint (#2324). By @eriktews +- Fixed HTML bookmark imports failing on empty folder names (#2300). +- Fixed non-link bookmarks stuck in pending summarization (#1605). +- Improved tagging prompts and error-page detection. +- Reject spoofed content types on file uploads. +- Preserve failure counts when rescheduling rate-limited domains (#2303). +- Fixed duplicate backdrop buttons in reader view (#2234). By @colado +- RSS feed fetching is now spread over the hour (#2227). +- Asset preprocessing worker timeout is now configurable (91784cd2). +- Fixed bypassing email verification in apiKey.exchange. +- Added limits on number of rss feeds and webhooks per user configurable by admins. +- Fixed a bug where failed crawling leave bookmarks as pending tagging in the admin dashboard. + +# For Developers 🛠️ + +- OpenTelemetry integration with OTLP exporter (#2318, #2321). +- CLI can list users for admins. +- We're now defaulting to Node.js 24 (the current LTS). +- Breaking: In bookmark APIs `includeContent` now defaults to `false`. This change was announced a couple months ago, and is taking effect in this release. + +# Community Projects 💡 + +- Karakeep integration for Home Assistant (#2196) by @sli-cka. Get it from [here](https://github.com/sli-cka/karakeep-homeassistant). + +# Screenshots 📸 + +## Wrapped 2025 + +![karakeep-wrapped-2025](https://github.com/user-attachments/assets/0e1e3d25-c827-4974-8f0a-9b7b4a75f859) + +## Reader Settings + +![https://github.com/user-attachments/assets/4d81cb80-f9b8-43f2-998a-736f18e33038](https://github.com/user-attachments/assets/4d81cb80-f9b8-43f2-998a-736f18e33038). + + +### AI Settings + +![https://github.com/user-attachments/assets/48032bf6-5413-44ee-9c3b-ac7b385aeccf](https://github.com/user-attachments/assets/48032bf6-5413-44ee-9c3b-ac7b385aeccf) + + + +# Upgrading 📦 + +To upgrade: +* If you're using `KARAKEEP_VERSION=release`, run `docker compose pull && docker compose up -d`. +* If you're pinning it to a specific version, bump the version and then run `docker compose pull && docker compose up -d`. + +# All Commits + +* i18n: fix en_US translation - @MohamedBassem in d472a3a1 +* fix: fix wrapped feature to only show bookmarks in 2025 - @MohamedBassem in 4077e286 +* i18n: Sync weblate translations - Weblate in 401ea6a9 +* chore: drop the experimental tag from the rule engine - @MohamedBassem in bf9d6105 +* fix: show a toast during banner upload - @MohamedBassem in 9555f409 +* fix: don't switch the bookmark back to pending on recrawl - @MohamedBassem in 79400d04 +* fix: use the Ollama generate endpoint instead of chat (#2324) - @eriktews in e8c79f29 +* feat: add replace banner and attachment download (#2328) - @MohamedBassem in 3d652eee +* feat: Add bulk remove from list (#2279) - @MohamedBassem in 7a76216e +* feat: add "URL Does Not Contain" condition to rule engine (#2280) - @MohamedBassem in b20ba9cf +* feat: 2025 wrapped (#2322) - @MohamedBassem in a0b4a26a +* chore: worker tracing (#2321) - @MohamedBassem in 7ab7db8e +* feat(landing): add corporate pricing - @MohamedBassem in d852ee1a +* fix(mobile): mobile modal UI issues (#2320) - @colado in a43d375f +* ci: fix tests - @MohamedBassem in 9d6b1282 +* feat: change default for tag style to be title case with spaces - @MohamedBassem in 9098a5a6 +* fix: more tagging tweaks - @MohamedBassem in c1cbaa8a +* build: fix broken CI - @MohamedBassem in a5ce977d +* fix: change prompt to better recognize error pages - @MohamedBassem in f5a5c14e +* refactor: reduce duplication in compare-models tool - @MohamedBassem in f00287ed +* chore: add tracing for email functions - @MohamedBassem in ba8d84a5 +* feat(mobile): create new list edit screen (#2310) - @colado in 30fa06fe +* feat: Add open telemetry (#2318) - @MohamedBassem in 5537fe85 +* fix: reset tagging status on crawl failure (#2316) - @MohamedBassem in f7920bdc +* feat: add the ability to specify a different changelog version - @MohamedBassem in 10820761 +* fix: remove duplicate mobile backdrop button in reader view (#2234) - @esimkowitz in 3f44e319 +* fix(landing): fix cloud banner on mobile - @MohamedBassem in 23f28530 +* refactor: add suspense boundary in sidebar layout - @MohamedBassem in 3c3d8685 +* feat(mobile): make the settings menu look more native (#2307) - @MohamedBassem in 6ee48ffb +* feat(web): better looking scrollbar in the sidebar - @MohamedBassem in f7523a21 +* feat(mobile): use oled friendly colors for android app. fixes #1958 - @MohamedBassem in e800d744 +* refactor: migrate toasts to sonner - @MohamedBassem in 173fb99a +* feat: add customizable tag styles (#2312) - @MohamedBassem in af3010ab +* feat: add Matter import support (#2245) - @Moondragon85 in 93630ce8 +* feat: support archiving as pdf (#2309) - @MohamedBassem in 267db791 +* feat: add OPENAI_PROXY_URL configuration and support for proxy in OpenAI client (#2231) - @rzxczxc in bb6b742a +* fix(tests): fix the asset upload tests - @MohamedBassem in e82694de +* fix: reject spoofed content types on uploads - @MohamedBassem in 2dbdf76c +* deps: upgrade tesseract to v7 - @MohamedBassem in 347793ad +* feat(landing): announce cloud public beta in landing page - @MohamedBassem in c3b2326c +* chore: add a tool for comparing perf of different models - @MohamedBassem in 1dfa5d12 +* feat: add notes to the bookmark edit dialog - @MohamedBassem in ecb7a710 +* fix(restate): change journal retention for services to 3d - @MohamedBassem in 0efffdcc +* fix(cli): migrate bookmark source in migration command - @MohamedBassem in 65cfa871 +* fix: preserve failure count when rescheduling rate limited domains (#2303) - @MohamedBassem in ddd4b578 +* feat: show bookmark owner icon in shared lists (#2277) - @MohamedBassem in ef27670f +* fix: make avatars public - @MohamedBassem in f7d34627 +* refactor: move assets to their own model (#2301) - @MohamedBassem in 013ca67c +* feat: add support for user avatars (#2296) - @MohamedBassem in 314c363e +* fix: handle empty folder names in HTML bookmark imports (#2300) - @MohamedBassem in 3408e6e4 +* feat: add a warning about viewing archives inline. fixes #2286 - @MohamedBassem in e336513f +* fix(tests): fix the user setting tests - @MohamedBassem in 258bebe0 +* feat: Add user settings to disable auto tagging/summarization (#2275) - @MohamedBassem in 0bdba54b +* feat(mobile): Convert server address editing to modal in mobile app (#2290) - @MohamedBassem in ece68ed0 +* fix: check quota usage instead bookmark transaction - @MohamedBassem in ca4bfa4c +* fix: optimize tagging db queries (#2287) - @MohamedBassem in e18dc4c9 +* docs: shuffle some docs around - @MohamedBassem in 4762da12 +* docs: add RSS feeds integration documentation (#2288) - @MohamedBassem in 903aa5e9 +* feat(restate): Add a var to control whether to expose core services or not - @MohamedBassem in dc8ab862 +* feat: add more restate semaphore controls - @MohamedBassem in 58eb6c00 +* feat(mobile): Show shared lists under a subsection - @MohamedBassem in 837dea5e +* fix(mobile): Fix title line clamp to 2 lines - @MohamedBassem in 15cfa137 +* fix(mobile): Add loading spinner to mobile list button (#2283) - @MohamedBassem in 7b98c52a +* feat: add server version display to mobile app settings (#2276) - @MohamedBassem in bd969b34 +* fix: add authentication checks to settings layout (#2274) - @MohamedBassem in e53f3ae5 +* fix: only trigger search autocomplete on first search char - @MohamedBassem in 92e352f3 +* feat(landing): remove waitlist link. fixes #2270 - @MohamedBassem in e842c5a7 +* fix: don't fail the script if the user karakeep already exists. fixes #2242 - @MohamedBassem in e78e5129 +* fix: collapse reader settings by default - @MohamedBassem in 3955f91a +* docs: Add icons beside category names - @MohamedBassem in 9021822a +* Revert "fix: fix restate service to return control to restate service on timeout" - @MohamedBassem in 510174db +* feat: Add unified reader settings with local overrides (#2230) - @esimkowitz in 7f4202af +* fix: fix restate service to return control to restate service on timeout - @MohamedBassem in 6db14ac4 +* fix: non-link bookmarks where stuck in pending summarization. Fixes #1605 - @MohamedBassem in d7357118 +* fix: move trpc error logging inside the dev check - @MohamedBassem in 0b65e5a4 +* fix: Fix Amazon product image extraction on amazon.com URLs (#2108) - @Yeraze in b3196354 +* feat: use reddit API for metadata extraction. Fixes #1853 #1883 - @MohamedBassem in f5c32d94 +* fix: use GET requests for the content type request - @MohamedBassem in d6dd8ebd +* docs: fix sidebar on mobile - @MohamedBassem in f111cba9 +* feat: Add limits on number of rss feeds and webhooks per user - @MohamedBassem in 74df8bd7 +* release(cli): Bump CLI version to 0.29.1 - @MohamedBassem in 697c853a +* readme: some readme updates - @MohamedBassem in 1ebc721c +* docs: Update screenshots in docs - @MohamedBassem in c6cf4188 +* docs: Adding user guides - @MohamedBassem in 04b9c291 +* docs: drop docs for old versions - @MohamedBassem in fecb0079 +* docs: restructure the docs - @MohamedBassem in af69f637 +* docs: restyle the docs - @MohamedBassem in b4344401 +* ci: run CI with node 24 - @MohamedBassem in 2bdba536 +* deps: Upgrade to nodejs 24 - @MohamedBassem in 480abce4 +* fix!: changing default for includeContent to be false in the API - @MohamedBassem in 1369ad01 +* deps: Upgrade nextjs to 15.3.8 - @MohamedBassem in 80278ecf +* deps: Upgrade nextjs to 15.3.7 - @MohamedBassem in 74bdc186 +* fix: add more indicies for faster bookmark queries (#2246) - @MohamedBassem in 683083f4 +* feat: make asset preprocessing worker timeout configurable - @Claude in 91784cd2 +* fix: Add cache control header on asset endpoints - @MohamedBassem in 3e8cc745 +* chore: Allowing multi user benchmarks and adding more coverage - @MohamedBassem in 265b6773 +* feat(cli): Add ability to list users for the admin in the CLI - @MohamedBassem in 69a756aa +* fix: fix correctly accounting for text bookmark in import sessions. #2208 - @MohamedBassem in 6886385c +* fix: check import quota before importing bookmarks (#2232) - @MohamedBassem in 20d3761c +* build: fix typecheck error in query explainer - @MohamedBassem in b6c2dadd +* fix: migrate to metascraper-x from metascraper-twitter - @MohamedBassem in c6f93b3b +* feat: add is:broken search qualifier for broken links (#2225) - @MohamedBassem in 1f43f232 +* feat: spread feed fetch scheduling deterministically over the hour (#2227) - @MohamedBassem in 13a090c4 +* fix: better extraction for youtube thumbnails. #2204 - @MohamedBassem in e3cc5463 +* fix: remove queue triggers outside of updateTags transaction - @MohamedBassem in cf2a12c8 +* chore: add benchmarks (#2229) - @MohamedBassem in 6180c662 +* build: dont update latest tags on release - @MohamedBassem in de98873a +* deps: Upgrade nextjs to 15.3.6 - @MohamedBassem in 20081a3a +* feat: add a notification badge for list invitations - @MohamedBassem in 3c6b8e97 +* docs: add karakeep integration for Home Assistant (#2196) - @sli-cka in 9a339385 +* fix: regen turnstile token on signup resubmission - @MohamedBassem in 9257b534 +* feat(landing): Add more features to the homepage - @MohamedBassem in 9a6d36f2 +* ci: run arm docker image builds on arm machines - @MohamedBassem in 3421246d +* ci: parallelize the docker workflow for platforms - @MohamedBassem in 2e889617 +* fix: reenable idempotency key for search indexing - @MohamedBassem in 2ef751ef +* fix: fix bypass email verification in apiKey.exchange - @MohamedBassem in e4f434e7 +* readme: add collaborative lists to the list of features - @MohamedBassem in d6d319d3 +* fix: Add restate queued idempotency (#2169) - @MohamedBassem in a71b9505 +* feat: add support for turnstile on signup - @MohamedBassem in b12c1c3a +* build: fix npm trusted publishing - @MohamedBassem in 4898b6be +* release: cli, mcp and sdk - @MohamedBassem in 28d6750e +* release(extension): Release version 1.2.8 - @MohamedBassem in fdea0861 +* release(mobile): Bump mobile version to 1.8.3 - @MohamedBassem in 8da5b598 +* release(docs): release the 0.29 docs - @MohamedBassem in 97c386a4 diff --git a/karakeep/DOCS.md b/karakeep/DOCS.md new file mode 100644 index 000000000..f1ab2789a --- /dev/null +++ b/karakeep/DOCS.md @@ -0,0 +1,42 @@ +# Home Assistant add-on: Karakeep (all-in-one) 💾 by Fabio Garavini + +The Karakeep Addon is a bookmark-everything app with a touch of AI, designed specifically for data hoarders. This addon allows you to save and organize your favorite bookmarks, with features like AI-powered search and recommendation. + +## Configuration + +- `NEXTAUTH_URL`: The URL of the Karakeep instance. Example `http://:3011`. +- `TZ`: The timezone to use for the addon. Example `Europe/Rome`. +- `DISABLE_SIGNUPS`: Whether to disable signups for new users. Defaults to `false`. +- `NEXTAUTH_SECRET`: A secret key used for authentication. Defaults to a random value. +- `MAX_ASSET_SIZE_MB`: The maximum size of assets (e.g. images) that can be uploaded. Defaults to `4`. +- `OCR_LANGS`: A comma-separated list of languages to use for optical character recognition (OCR). Defaults to `eng`. +- `OCR_CONFIDENCE_THRESHOLD`: The minimum confidence threshold for OCR results. Defaults to `50`. +- `OPENAI_API_KEY`: An API key for OpenAI. Optional. +- `OPENAI_BASE_URL`: The base URL of the OpenAI API. Optional. +- `OLLAMA_BASE_URL`: The base URL of the OLLAMA API. Optional. +- `INFERENCE_TEXT_MODEL`: The text model to use for inference. Defaults to `gpt-4o-mini`. +- `INFERENCE_IMAGE_MODEL`: The image model to use for inference. Defaults to `gpt-4o-mini`. +- `EMBEDDING_TEXT_MODEL`: The text model to use for embedding. Defaults to `text-embedding-3-small`. +- `INFERENCE_CONTEXT_LENGTH`: The length of the context to use for inference. Defaults to `2048`. +- `INFERENCE_LANG`: The language to use for inference. Defaults to `english`. +- `INFERENCE_JOB_TIMEOUT_SEC`: The timeout for inference jobs in seconds. Defaults to `30`. + +More informations about other configs can be found in the [official documentation](https://docs.karakeep.app/configuration) + +## Ports + +The Karakeep Addon exposes the following ports: + +- `3000/tcp`: The web UI port. + +## Installation + +To install the Karakeep Addon, follow these steps: + +1. Open the Home Assistant UI and navigate to the Add-ons page. +1. Click the "Karakeep" addon. +1. Click the "Install" button. +1. (Optional) under `Configuration` set `NEXTAUTH_URL` as specified above +1. Click the "Open Web UI" button. +1. Create a new user. +1. Happy hoarding! diff --git a/karakeep/Dockerfile b/karakeep/Dockerfile index f59dad295..60cadba20 100644 --- a/karakeep/Dockerfile +++ b/karakeep/Dockerfile @@ -1,42 +1,20 @@ -#============================# -# ALEXBELGIUM'S DOCKERFILE # -#============================# -# _.------. -# _.-` ('>.-`"""-. -# '.--'` _'` _ .--.) -# -' '-.-';` ` -# ' - _.' ``'--. -# '---` .-'""` -# /` -#=== Home Assistant Addon ===# +# check=skip=SecretsUsedInArgOrEnv +ARG BUILD_FROM=ghcr.io/karakeep-app/karakeep:0.30.0 -################# -# 1 Build Image # -################# - -ARG BUILD_FROM -ARG BUILD_VERSION ARG MEILI_VERSION="v1.13.3" + FROM getmeili/meilisearch:${MEILI_VERSION} AS meilisearch FROM ${BUILD_FROM} -################## -# 2 Modify Image # -################## - -# Set S6 wait time -ENV S6_CMD_WAIT_FOR_SERVICES=1 \ - S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ - S6_SERVICES_GRACETIME=0 - +# Environment variables ENV \ - DATA_DIR="/data" \ + DATA_DIR="/share/karakeep" \ MEILI_DIR="/config/meili" \ DISABLE_NEW_RELEASE_CHECK=true \ BROWSER_WEB_URL="http://127.0.0.1:9222" \ MEILI_ADDR="http://127.0.0.1:7700" \ - MEILI_MASTER_KEY="" \ + MEILI_MASTER_KEY="0uIHQXWthY2L2yqCWGVGu2axN+l4qcDEc+Of/7e8X7bEyZ8k" \ MEILI_NO_ANALYTICS=true \ XDG_CACHE_HOME="/data/cache" @@ -48,147 +26,96 @@ ENV \ MEILI_SERVER_PROVIDER=docker \ MEILI_ENV=production -# Image specific modifications +ENV \ + SERVICE_PORT=3000 \ + NGINX_PORT=8080 + +# NGINX Install +RUN \ + apk add --no-cache \ + bash \ + openssl \ + nginx \ + && rm -rf /etc/nginx + +# Set shell +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Addon base configuration +ARG BUILD_ARCH=amd64 +# renovate: datasource=github-releases packageName=hassio-addons/bashio +ARG BASHIO_VERSION="v0.17.5" +# renovate: datasource=github-releases packageName=home-assistant/tempio +ARG TEMPIO_VERSION="2024.11.2" +RUN \ + set -o pipefail \ + && apk add --no-cache --virtual .build-dependencies \ + tar \ + xz \ + && apk add --no-cache \ + libcrypto3 \ + libssl3 \ + musl-utils \ + musl \ + curl \ + jq \ + tzdata \ + \ + && curl -J -L "https://github.com/hassio-addons/bashio/archive/${BASHIO_VERSION}.tar.gz" -o /tmp/bashio.tar.gz \ + && mkdir /tmp/bashio \ + && tar zxvf /tmp/bashio.tar.gz --strip 1 -C /tmp/bashio \ + \ + && mv /tmp/bashio/lib /usr/lib/bashio \ + && ln -s /usr/lib/bashio/bashio /usr/bin/bashio \ + \ + && curl -L -s "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${BUILD_ARCH}" -o /usr/bin/tempio \ + && chmod a+x /usr/bin/tempio \ + \ + && apk del --no-cache --purge .build-dependencies \ + && rm -rf /tmp/* + +# Installs latest Chromium package. RUN \ apk upgrade --no-cache --available \ && apk add --no-cache \ - chromium \ - chromium-swiftshader \ - ttf-freefont \ - font-noto-emoji \ - font-wqy-zenhei \ - unzip \ + chromium \ + chromium-swiftshader \ + ttf-freefont \ + font-noto-emoji \ + font-wqy-zenhei \ && mkdir -p /usr/src/chrome \ && adduser -D chrome \ && chown -R chrome:chrome /usr/src/chrome COPY --from=meilisearch /bin/meilisearch /bin/meilitool /bin/ -################## -# 3 Install apps # -################## +COPY .common/addon-config / +COPY .common/nginx / -# Add rootfs COPY rootfs/ / -RUN chmod +x /etc/s6-overlay/s6-rc.d/*/run +ARG BUILD_VERSION \ + BUILD_DATE \ + BUILD_DESCRIPTION \ + BUILD_NAME \ + BUILD_REF \ + BUILD_REPOSITORY -# Uses /bin for compatibility purposes -# hadolint ignore=DL4005 -RUN if [ ! -f /bin/sh ] && [ -f /usr/bin/sh ]; then ln -s /usr/bin/sh /bin/sh; fi && \ - if [ ! -f /bin/bash ] && [ -f /usr/bin/bash ]; then ln -s /usr/bin/bash /bin/bash; fi - -# Modules -ARG MODULES="00-banner.sh 01-custom_script.sh 00-global_var.sh" - -# Automatic modules download -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automodules.sh" "/ha_automodules.sh" -RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh - -# Manual apps -ENV PACKAGES="" - -# Automatic apps & bashio -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh" -RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.sh - -################ -# 4 Entrypoint # -################ - -# Add entrypoint -ENV S6_STAGE2_HOOK=/ha_entrypoint.sh -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint.sh" "/ha_entrypoint.sh" - -# Entrypoint modifications -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint_modif.sh" "/ha_entrypoint_modif.sh" -RUN chmod 777 /ha_entrypoint.sh /ha_entrypoint_modif.sh && /ha_entrypoint_modif.sh && rm /ha_entrypoint_modif.sh - -# Standalone bashio command -ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/bashio-standalone.sh" "/.bashio-standalone.sh" -RUN chmod 777 /.bashio-standalone.sh - -RUN set -e; \ - extensions_dir="/usr/src/chrome/extensions"; \ - mkdir -p "${extensions_dir}"; \ - for entry in \ - "i-dont-care-about-cookies:fllaojicojecljbmefodhfapmkghcbnh" \ - "ublock-origin:cjpalhdlnbpafiamejdnhcphjbkeiagm"; do \ - name="${entry%%:*}"; \ - ext_id="${entry##*:}"; \ - curl -fsSL "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0&acceptformat=crx2,crx3&x=id%3D${ext_id}%26installsource%3Dondemand%26uc" \ - -o "/tmp/${name}.crx"; \ - rm -rf "${extensions_dir:?}/${name}"; \ - mkdir -p "${extensions_dir}/${name}"; \ - rc=0; \ - unzip -q "/tmp/${name}.crx" -d "${extensions_dir}/${name}" || rc=$$?; \ - if [ "$$rc" -ne 0 ] && [ "$$rc" -ne 1 ]; then \ - echo "ERROR: unzip failed for ${name} (rc=$$rc)"; \ - exit "$$rc"; \ - fi; \ - rm -f "/tmp/${name}.crx"; \ - done; \ - chown -R chrome:chrome "${extensions_dir}" - -ENTRYPOINT [ "/usr/bin/env" ] -CMD [ "/ha_entrypoint.sh" ] - -############ -# 5 Labels # -############ - -ARG BUILD_ARCH -ARG BUILD_DATE -ARG BUILD_DESCRIPTION -ARG BUILD_NAME -ARG BUILD_REF -ARG BUILD_REPOSITORY -ARG BUILD_VERSION -ENV BUILD_VERSION="${BUILD_VERSION}" LABEL \ io.hass.name="${BUILD_NAME}" \ io.hass.description="${BUILD_DESCRIPTION}" \ io.hass.arch="${BUILD_ARCH}" \ io.hass.type="addon" \ - io.hass.version=${BUILD_VERSION} \ - maintainer="alexbelgium (https://github.com/alexbelgium)" \ + io.hass.version="${BUILD_VERSION}" \ + maintainer="Fabio Garavini " \ org.opencontainers.image.title="${BUILD_NAME}" \ org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ - org.opencontainers.image.vendor="Home Assistant Add-ons" \ - org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.vendor="Fabio Garavini Hassio Add-ons" \ + org.opencontainers.image.authors="Fabio Garavini " \ org.opencontainers.image.licenses="MIT" \ - org.opencontainers.image.url="https://github.com/alexbelgium" \ + org.opencontainers.image.url="https://github.com/fabio-garavini" \ org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ org.opencontainers.image.created=${BUILD_DATE} \ org.opencontainers.image.revision=${BUILD_REF} \ org.opencontainers.image.version=${BUILD_VERSION} - -################# -# 6 Healthcheck # -################# - -# Avoid spamming logs -# hadolint ignore=SC2016 -RUN \ - # Handle Apache configuration - if [ -d /etc/apache2/sites-available ]; then \ - for file in /etc/apache2/sites-*/*.conf; do \ - sed -i '/ /etc/nginx/nginx.conf.new && \ - mv /etc/nginx/nginx.conf.new /etc/nginx/nginx.conf; \ - fi - -ENV HEALTH_PORT="3000" \ - HEALTH_URL="/api/health" -HEALTHCHECK \ - --interval=5s \ - --retries=5 \ - --start-period=30s \ - --timeout=25s \ - CMD curl -A "HealthCheck: Docker/1.0" -s -f "http://127.0.0.1:${HEALTH_PORT}${HEALTH_URL}" &>/dev/null || exit 1 diff --git a/karakeep/README.md b/karakeep/README.md index eb54c9177..2c67d8988 100644 --- a/karakeep/README.md +++ b/karakeep/README.md @@ -1,104 +1 @@ -# Home assistant add-on: Karakeep - -I maintain this and other Home Assistant add-ons in my free time: keeping up with upstream changes, Home Assistant changes, and testing on real hardware takes a lot of time (and some money). I use around 5–10 of my >110 addons so regularly I install test machines (and purchase some test services such as VPNs) that I do not use myself, in order to troubleshoot and improve the addons. - -If this add-on saves you time or makes your setup easier, I would be very grateful for your support. - -[![Buy me a coffee][donation-badge]](https://www.buymeacoffee.com/alexbelgium) -[![Donate via PayPal][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) - -## Addon informations - -![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fkarakeep%2Fconfig.yaml) -![Arch](https://img.shields.io/badge/dynamic/yaml?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fkarakeep%2Fconfig.yaml) - -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard) -[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml) -[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml) - -[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white -[paypal-badge]: https://img.shields.io/badge/Donate%20via%20PayPal-0070BA?logo=paypal&style=flat&logoColor=white - -_Thanks to everyone who has starred my repo!_ - -[![Stargazers repo roster](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers) - ---- - -## About - -[Karakeep](https://karakeep.app/) is a bookmark-everything app with a touch of AI for data hoarders. -It stores pages, screenshots, files, and metadata with fast full-text and semantic search powered by **Meilisearch**. - -This add-on is based on the official Karakeep Docker image. - -This Home Assistant add-on integrates Karakeep in a **Supervisor-native way**: -- Internal services (Meilisearch, Chromium, cache, paths) are pre-wired and hidden from the UI -- Secrets are **auto-generated and persisted** -- Only meaningful user settings are exposed - -Add additional environment variables with [env_vars](https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2) - ---- - -## Secrets & Security - -Two secrets are required for Karakeep to work securely: - -- `NEXTAUTH_SECRET` -- `MEILI_MASTER_KEY` - -If you leave them empty, the add-on will: -- Generate strong cryptographic secrets automatically -- Store them permanently in the add-on options -- Reuse them across restarts and upgrades - -You do **not** need to manage them manually. - ---- - -## Configuration - -Only **safe, meaningful options** are exposed. -All infrastructure (Meilisearch, Chromium, cache, paths, analytics, etc.) is managed automatically by the add-on. - -### Options - -| Option | Type | Default | Description | -|--------|------|---------|-------------| -| `NEXTAUTH_SECRET` | password | *(auto)* | Authentication secret (auto-generated if empty). | -| `NEXTAUTH_URL` | str | | Public URL used by NextAuth (optional). | -| `DISABLE_SIGNUPS` | bool | `false` | Disable new user signups. | -| `MAX_ASSET_SIZE_MB` | int | `4` | Maximum asset upload size. | -| `OPENAI_API_KEY` | password | | OpenAI API key for AI features. | -| `OCR_LANGS` | str | | OCR languages (comma separated). | -| `INFERENCE_LANG` | str | | Language used for AI inference. | -| `CRAWLER_DOWNLOAD_BANNER_IMAGE` | bool | `true` | Download banner image. | -| `CRAWLER_STORE_SCREENSHOT` | bool | `true` | Store page screenshots. | -| `CRAWLER_FULL_PAGE_SCREENSHOT` | bool | `true` | Capture full-page screenshots. | -| `CRAWLER_FULL_PAGE_ARCHIVE` | bool | `true` | Store full-page archive. | -| `CRAWLER_ENABLE_ADBLOCKER` | bool | `true` | Enable ad blocking. | -| `CRAWLER_VIDEO_DOWNLOAD` | bool | `false` | Enable video downloads. | -| `TZ` | str | `Etc/UTC` | Timezone. | - ---- - -## Installation - -1. Add my Home Assistant add-ons repository - [![Add repository][repository-badge]][repository-url] - -2. Install **Karakeep** -3. Click **Save** -4. Start the add-on (secrets are auto-generated) -5. Open the Web UI and complete onboarding - ---- - -## Support - -Create an issue on GitHub if you need help. - -[repository]: https://github.com/alexbelgium/hassio-addons -[repository-badge]: https://img.shields.io/badge/Add%20repository%20to%20my-Home%20Assistant-41BDF5?logo=home-assistant&style=for-the-badge -[repository-url]: https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons +Borrowed from Fabio Garavini \ No newline at end of file diff --git a/karakeep/addon_info.yaml b/karakeep/addon_info.yaml new file mode 100644 index 000000000..fe068df2b --- /dev/null +++ b/karakeep/addon_info.yaml @@ -0,0 +1,16 @@ +source: + type: docker + repo: ghcr.io/karakeep-app/karakeep + current_version: 0.30.0 + version_template: regex:^(?\d+)\.(?\d+)\.(?\d+)$ +config: + version_template: "{{major}}.{{minor}}.{{patch}}" + patch: 0 + image: fabioogaravini/hassio-karakeep +build: + image: ghcr.io/karakeep-app/karakeep + version_template: "{{major}}.{{minor}}.{{patch}}" +changelog: + source: github-releases + repo: karakeep-app/karakeep + version_template: v{{major}}.{{minor}}.{{patch}} diff --git a/karakeep/apparmor.txt b/karakeep/apparmor.txt deleted file mode 100644 index 68f11001b..000000000 --- a/karakeep/apparmor.txt +++ /dev/null @@ -1,66 +0,0 @@ -#include - -profile karakeep_addon flags=(attach_disconnected,mediate_deleted) { - #include - - capability, - file, - signal, - mount, - umount, - remount, - network udp, - network tcp, - network dgram, - network stream, - network inet, - network inet6, - network netlink raw, - network unix dgram, - - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, - -# S6-Overlay - /init ix, - /run/{s6,s6-rc*,service}/** ix, - /package/** ix, - /command/** ix, - /run/{,**} rwk, - /dev/tty rw, - /bin/** ix, - /usr/bin/** ix, - /usr/lib/bashio/** ix, - /etc/s6/** rix, - /run/s6/** rix, - /etc/services.d/** rwix, - /etc/cont-init.d/** rwix, - /etc/cont-finish.d/** rwix, - /init rix, - /var/run/** mrwkl, - /var/run/ mrwkl, - /dev/i2c-1 mrwkl, - # Files required - /dev/fuse mrwkl, - /dev/sda1 mrwkl, - /dev/sdb1 mrwkl, - /dev/nvme0 mrwkl, - /dev/nvme1 mrwkl, - /dev/mmcblk0p1 mrwkl, - /dev/* mrwkl, - /tmp/** mrkwl, - - # Data access - /data/** rw, - - # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container - ptrace (trace,read) peer=docker-default, - - # docker daemon confinement requires explict allow rule for signal - signal (receive) set=(kill,term) peer=/usr/bin/docker, - -} diff --git a/karakeep/build.yaml b/karakeep/build.yaml index ca94365f9..63b14388d 100644 --- a/karakeep/build.yaml +++ b/karakeep/build.yaml @@ -1,4 +1,3 @@ ---- build_from: aarch64: ghcr.io/karakeep-app/karakeep:0.30.0 amd64: ghcr.io/karakeep-app/karakeep:0.30.0 diff --git a/karakeep/config.yaml b/karakeep/config.yaml index eb8817ab9..6705a2a2d 100644 --- a/karakeep/config.yaml +++ b/karakeep/config.yaml @@ -1,58 +1,67 @@ +name: Karakeep +version: 0.30.0-4 +slug: karakeep +description: bookmark-everything app with a touch of AI for the data hoarders out there +url: https://karakeep.app/ +webui: "[PROTO:ssl]://[HOST]:[PORT:8080]" arch: - aarch64 - amd64 -name: Karakeep -slug: karakeep -description: A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search -version: "1.8.5" -url: https://github.com/alexbelgium/hassio-addons/tree/master/karakeep -image: ghcr.io/alexbelgium/karakeep-{arch} init: false -ports: - 3000/tcp: 3000 -ports_description: - 3000/tcp: Web UI -webui: "[PROTO:ssl]://[HOST]:[PORT:3000]" +hassio_api: true map: - - addon_config:rw - - share:rw -environment: - DATA_DIR: /data - XDG_CACHE_HOME: /data/cache - BROWSER_WEB_URL: http://127.0.0.1:9222 - CHROME_EXTENSIONS_DIR: /usr/src/chrome/extensions - MEILI_ADDR: http://127.0.0.1:7700 - MEILI_NO_ANALYTICS: "true" - DISABLE_NEW_RELEASE_CHECK: "true" -options: - TZ: Etc/UTC - DISABLE_SIGNUPS: false - NEXTAUTH_SECRET: "" - NEXTAUTH_URL: "" - MAX_ASSET_SIZE_MB: 4 - OPENAI_API_KEY: "" - OCR_LANGS: "" - INFERENCE_LANG: "" - MEILI_MASTER_KEY: "" # <-- add this - CRAWLER_DOWNLOAD_BANNER_IMAGE: true - CRAWLER_STORE_SCREENSHOT: true - CRAWLER_FULL_PAGE_SCREENSHOT: true - CRAWLER_FULL_PAGE_ARCHIVE: true - CRAWLER_ENABLE_ADBLOCKER: true - CRAWLER_VIDEO_DOWNLOAD: false + - type: addon_config + read_only: false + - type: share + read_only: false + - type: ssl +backup: cold +backup_exclude: + - "**/logs" schema: TZ: str? + ssl: bool + certfile: str? + keyfile: str? DISABLE_SIGNUPS: bool - NEXTAUTH_SECRET: password? - NEXTAUTH_URL: str? + NEXTAUTH_SECRET: password MAX_ASSET_SIZE_MB: int? - OPENAI_API_KEY: password? + NEXTAUTH_URL: str? OCR_LANGS: str? + OCR_CONFIDENCE_THRESHOLD: int(0,100)? + OPENAI_BASE_URL: str? + OPENAI_API_KEY: password? + OLLAMA_BASE_URL: str? + INFERENCE_TEXT_MODEL: str? + INFERENCE_IMAGE_MODEL: str? + EMBEDDING_TEXT_MODEL: str? + INFERENCE_CONTEXT_LENGTH: int(0,)? INFERENCE_LANG: str? - MEILI_MASTER_KEY: password? # <-- change to password? + INFERENCE_JOB_TIMEOUT_SEC: int(0,)? CRAWLER_DOWNLOAD_BANNER_IMAGE: bool CRAWLER_STORE_SCREENSHOT: bool CRAWLER_FULL_PAGE_SCREENSHOT: bool CRAWLER_FULL_PAGE_ARCHIVE: bool - CRAWLER_ENABLE_ADBLOCKER: bool + CRAWLER_JOB_TIMEOUT_SEC: int(0,)? + CRAWLER_NAVIGATE_TIMEOUT_SEC: int(0,)? CRAWLER_VIDEO_DOWNLOAD: bool? + CRAWLER_VIDEO_DOWNLOAD_MAX_SIZE: int? + CRAWLER_VIDEO_DOWNLOAD_TIMEOUT_SEC: int(0,)? + CRAWLER_ENABLE_ADBLOCKER: bool +options: + TZ: Etc/UTC + ssl: true + certfile: fullchain.pem + keyfile: privkey.pem + DISABLE_SIGNUPS: false + NEXTAUTH_SECRET: jnE2An0WyIKZvO+WgKJrn8WPW+c3DzV+c9ntBp8CdobTOmpJ + MAX_ASSET_SIZE_MB: 4 + CRAWLER_DOWNLOAD_BANNER_IMAGE: true + CRAWLER_STORE_SCREENSHOT: false + CRAWLER_FULL_PAGE_SCREENSHOT: false + CRAWLER_FULL_PAGE_ARCHIVE: false + CRAWLER_ENABLE_ADBLOCKER: true +ports: + 8080/tcp: 3011 +ports_description: + 8080/tcp: Web UI diff --git a/karakeep/icon.png b/karakeep/icon.png index 59e8dc950253263e3b83bd490e1969057e2ba818..11f17c6b8029bdcd25e86ab6f79a18f9b9092496 100644 GIT binary patch literal 2112 zcmY*a2{e@JAO0kbC3lphjAd-eQW%wzJ5e+}%G<2#qB~MfNOXnHK7nEn@6a zsTu2pMuswBGBL(n(=xt6?$`gG|GDSB+iyANea~~=_kDiP%`>(bX-Nf1005+MSPOf| zl73C`EzrtFNPU8gNQ6D+xCoQ4xS$t&(3!(bAJw2sYA`slE z(0fU27_gEwu|#K8@HFGJ=Fj6aOG){DZX>kZ`25K8BTQL5l8IF)@Cm35Ifm7_(HwnM zeZElE?5gJc>1Cbv*4&etaW-;E;u{6u*f%oz_r!@Q;ZMGa2BdaiP@fXKib2!dpStt# z9t0Y?B;Nyw3QNX|oju8#d$Y*7Cv}-lUR$mIqF^uIDkfa-*|o@5za4FU-wge$11wRN z=>MEaD%OEgQ&aP>tIG`pLEWh|Uze&swgzQ@UUF|rjKd;1WBWKWuhYk;4JLeEDLkE- z@iKy%e}+Weea36~)$-zEiNgH+r%w7p^801q_w295i;IhqkK8;N3`SsZum-(irbyq& zD58m^R6lbmWBf&m`rNq`0L&HxW#HNHZ2iyA%FQ7(EbnR#l?tO`#za{sOj+Iy zB0lH_WxhxY7HzekFM?E={rwkgtQSg=5FB;-&?z-xXlSTYOiU}E&(AL@sVXfkbuXdJ z+974$t_pZ^;+qc~JzCYZ?V3`k{(!+41+JcdwiBi zB#!j-q`aX}=uBpvu5;~~sIv|xn9gc%mjdW)2Pdb8M4|#dDr(_#e_>nPDw%**;pcE? ztUW#NJ$dpZk~?wG=G3V#bAu&1+S=ymH1Ay1Ny`&Uca}TT2TD=4v1+ z2aamF)j4CblG9Q|uXuKgmEY#DMe<37ST^zh|F zi(5dwG*|IGQ>f61MqFoSCzWkKcjwdR3+-2UQ6DBFsPd#>V_phsYJB`pSuI;6DQMt4 z>*4GnY0XoOzNSV-XZ?pt4Q-1Pk?z&7QqodU*lW-24b|&0oo-EyjY!ffEm-eLM}hj? zrl9xxlL`A3#@rvLFl;F}I zH|wgZjHob)oYtpLvj^DQae6Qt3q4$4fBy+|q4<{;9?c7sIo8g5_w_-l8%+mikxC$#FP%Asf7K ztl%WtpX%?Wch?-vda$NO3hE0T$#-X2cMxg^)fA@_2y|gIy(zE%(nLSrkJmO(ARUhW(I)W@u{h)jbThQJ~C2I*g|8E zPQOa486F<47)+wF4K`g%-0#{}(bs1s4To!{RqU&6Ve@4!Zf&(fbC^miR z+?Aydb`VJ+K+f-I-Q9`g(2s!-ih$VIiM65E2KpC6AJ3Y1y;D`}HMmEWAgzWlN{B?1 zKds!+(eaL-pP$o57i;VEA3SE5w6yfTZ_ATE2ZQ zKy-F+ak*G_EMY2k^#?a8QEJdIFVCWnJ%R8{SX(h9tPAmu4i4v%lamcOk7{acuKrlW zJx|z(7d~2`1v`6tduPhO zU$2`wOdc7rj}R<y|h;o zkX1C~svYjq}G8nETneII3dOYt!dRo1Fh_LviJHH-`SzD^f)XSeyHMCQ45pw47@ezC1sY&~-W!x|72? zqpev%=x%GFa)R4wA@TrFt@ak|iW^=PlueK%Vddf(}S6upe64$jvWF|X>T6j0mmSP$W?nOZGHfhi0^ zq$3U2|2?B(_M>m7R{F(|I6AS(?U+J#FQzK#aBC3ouw>ccxaJFO$?RRe^h+CK)Xf%2 zO+1ndo}mZBxupaNskjZ2f7Te$S_1rM!=2U>Ey-O^eUWDYx3g`qq~Jv8sX1cgxsADU z#le}Nr6dNb$RpOOa{p#>5vN<9Rykg5qIK^aO)^svVb@JNW3TL`*~ z5DHQ}o=Sq#qUds(E=}cjPS;DE)$Gm=0&jpXI<2kHA*WIjz}d3UGy-?P0Ye#92m;+w zP_&Y58Z`vuQlUp}=~62^3sE(xTuwECccGC3A$s7=eor&(81PI;f;vegW)eVA0z4qg zIxeS6opAOR5+q8qG>f%dA#9G}vv+WZtVqx;&00v{t)h#rTJAC|tmlKr;ei%ZO)duo zC|b={kZ^@!bkej`?gjK2#IVU=ofREN;KNroOD140Sb*%5I>+FAh7R7vaibi;MoNCv zo-x{hAH;N=7&AI|JiU&DmmNn(e#97Q(93MW4gl3d^px{7n%b{sPo+_~3_(yW63h8| zKD|!k>p@;nJ(NNrin#8j1a9oxub*f^O-S$U#dzsFv5GI=+aS?xJ<9XzP3xoL`_`Sp ztOWMB6-s#k9=4!K6wkjCKOTrjB+69iB@DrTqP`Gboz8p(US`#N9L4A+U==Uf&3rJ$ z^lJClp;a3BixRoKQL?`#%QzdH@@EQW!hrp|#VO|?nrHPp*Zx5Ix9)FN`vd!^_VFn1 z0Z2! zz(u0FTh6FqzCYb{L1CyfL$TN*GUuvxK;15qG=i!otJX4v<4r#0vfGdVk zrrRI*!@)|ru-#o!lg_+0v<(9rWtwD(W;sQd4#X9Wsul3ElRox1jk#>taJ(pu+XSB; zFH;%Ef~zHoiBFUg@Evuw?X?uIL(ijBC1L=N(A2H{Qalvh9akLDAHbWk)HPP4BsF== z+}+(teBB%-TowS2IE`K<(ahuROeXw#08d9>vT5~LM1}g&#pjw{!}$?lrMchPs5P$b zDSM`xqN9|i_Vn1@5hKpetINnOJon`->|ho(mmiRq^{@A)9X#P0xxnHr*meD4%rWMPfPl zQR~RQne<7sLslcrc!m(nG3=Y-(PLY7q*Ju;%{7Wj6(cKTc25>Oa&K9xpU+CPI$LdI zm3XZp7K9UzW2P}m1NqpcU&e_#`$^3WFMA%}F-IgElZ)4H-}fQ^4?y^Pt5wBQ*tI_c DJv^ZF diff --git a/karakeep/logo.png b/karakeep/logo.png index 59e8dc950253263e3b83bd490e1969057e2ba818..891802b48e7e0c865a75a788aea9dab1b045cb32 100644 GIT binary patch literal 30742 zcmeGD_g7QT_Xi5c3P@8?1OX8ZV5E2H0t%c^4br<1iZlTM>7WQINI40;3jyg!3B3p^ zCiLDxCG=`&(x2no&v)H_;kj#Fe&J+h&di=YyS`?hx7wO2v=^>lfWct2fa(Jj3`XGy zgPr<8c^+!9H%K*v{+)71sVJTrCGZA9KhD}JXehv7pQ5M_Ezd!}Z(6CMG+;0vE*LB* z1P0rOnt~Q!Fb_c(Y{>!!lS+WWu02bseIx@7g#ix~9={k{ne?uA*{+x07?#^KNDXzr zE*5p2)4nJB5l$6u_2CW3;^7|n9a}B>Bh>nh`s->}h7SsGr3a6)u@BxYiPFy>9{(vU z(nnQ89wSPnZuW20pDt z{t2JwOyq(8H>8LEGCtg96V9$dR?mbfk9LFgjr&*sy-iiFbWKjPjdRZg%%!C0q2S?^ zyhjMZx)Iz%&i*$dsheh;TSAO53hZ3GkipfMY~2L+qW&xIFqmj^$m&ZC0ElqBedT_q zNt|`O>ezqsc0cR=rI+Wv&8?^oo!;K+fSbSX+xhQ}9y_xw`c)@@?$Y^;Z$tS34cd49 zYtKl;K1ge##T*I~USz_auEoHO;Wdi?>+}BGck<+rn zI*wxhTgN7*)W2|15hglvS@FLyu+Cf1>Z@fvMt%XF+N2!G|h~JoxFvsVT^%QDosC+`P zhTvYbfx#Bo1YA%3+tmJp7RG;18Cr11|ECe3sVTi$G4W#Nz4wn`3SqA`lX1Z+N%uKY zaorkmHr_lfzHtjj2bs*jf68C)aoD9%3)BmayEHZ2kH`oP4pvW>lQnky^ib~iTP^FF z*|>IqI~D%F@mpACJgxh$x7^5~oe?ZThn#-0m!2r;o@4Rfbg&+s%Xr%IgS9&9mOBZO z?lyGthtGolb!Ftj9a+8=cK4PK897k>&uGeWT8>xHv1GL?w}((Moc*_ppfvF4%)gfw z7^sZ@Jq5|dl>XBR*#Fn~mnHviWC+Gp5w=>{N+)eSsH@-EktiZ!^({g@<=&^1KQrIZ zO9Od{vc8^k9f=s}wd&jM^Ie@qRZ~fSpXXD(%xt>T_=5fkgDjUNH7&kNYT3G^VTTyX z;+!z3XUx~mTdr=?kr2ZfXK<@ON27h@lhw85gRVpo?%gS07wGlW(Q@1QF6s4-ztgff zS93HSZPaliVr};W}$)EUr{-+QIFz8ilelFuSo+pLy2`=Sm zrKhdp$NAY${u%mUj`w#~p9~GX?kORYy+yix`M|pB(LWpSxxf9WKy#kAn4C zQ1d@7q;gnN543!F%dlB!E6Zb>=4}(OU0^=@=62-8EB}qi*oHd>8!=0JI*N~4V^aLc zgqoc(2lolrHmbiNA`I4JbQyo2kCukUdbM)6OM2>e3+i*?&y8gHsu2 z)LbhSvMQVO9G?x7KeRO4Od6*A=em0CL4?l~RsVXox1b`Qqy?S!%YOumzJqAGz`&*c zU4eoPt0vGO%2QHb7WChWu=h7DsVj&>#xAMh{Iz%LR`JOe|2itUp^mQW4uvrS0l&i~ z|NMA$?%zp$6obf!jWhFEOmQP3B=;Ax{;z`%>Zr`oOil7?+)VXulb+)E=e_Uq0VAi2 z#O?dCS$$VNd5@1zas97j6*|u%3D;j=4u=De^dn_=3_kx`{prIN#)Xj2*{eL}d&vK5 zgM8FNM4nFW+$;7&3(s*UiT~@cOt}a%E$a|&Ck^Omb?%J2q&FST3Ytfelzoo8LY8h;QPq(Wzc6Wd?5K zchRR!e1Y@m4(EJ!==-s4Z{*>Bz2Y$#ytM0n!>cGUl{B@Kv{m9AaHIk@an|q={99;y zbTD%@IrL`j6jg}9CatvjspsloSb@B}foa`(N%6GT<8gV+gozV9rI1*Kx<^NMQn#x- zzBZmY1umW`H8kH4=v`f#TVs`Gb;3R zCiG=^GFCYHCmvqKwWk2md+~bm=ndmOJ9XX-;NeP?e0SjL1+vW7a2-h!wt;|n(wNN7 zxx27U39B^U&d>AO^xE~iX&g8Wv-bTGb!9Pp#;IOvx+h*wwq?ZEGe!?| z&bvmvbV{?vEa4Q`)YZLR ztBk`qEg-~1x&Tn)c0 zA0brtVA;Z`GLWTXe)@(cxecz*xu@&lR4aqdp}w!*sY>4R#&_ym);|(17)#r!ZVLQZ zTT<_rwz>p&_uvS(oLn+smsyi2SmW5=HmOvuls&Fl+VNh~4~Qdi4^As!A^_&Izqh=* z>fT@5Okqjqru$&J2{g{J4>p|q*lEX}x-_tGiXp@O{Q2{c0SqJcsR?wB+NSf}gl!9p z6LJ82!Ht0`&2?MBtv=)+zJ2BfmS2n93dR3!=z43bt)e(k+uu9wkMIk)h6_-i!#&DH zD9?B3@9!Ho57rdgGY0bgLvQu->i}C%;v)V zZ^L?lyH(hH#_1A#@^b+tgIuX8ua5z#gV9H3T!gj3IPC1L0A05AYw#L)+^dWW_&r!LxcDK!y_6%c;iHVcEDsvCO&fW);vL}-W-rc@aw=Jo)>6f{@HNjMjWAc87 z_VVnjzO+H{Khe(>Ko_n(&q501y1F{~7raD^xmWi3n*GKmSsd6=^{y#1Y){XmK$-n2 z#*nTKPMfBZ4&n3g8qwL=JNGd~X`~up2g&Rw(#W}LBu5Ay6n}9fCrzjU0y4*?ogBfU ze5+&c!FfNH2twAGYmu73keN2y?gbX44pT3L=IZKrbUa$l;>k~E7VoK1X5AK*{23&=AQKxrG{KVW zh-Uq(LHLBK2to@e)&Ke+ zk$?ae8$g)^k}uGu3QQSodVki_2(&fHD%d91>@mRawl>aX#Do8+ zFR#U}u1G4;q3&oi{UoJ*;m_D`qj=R?TPx(Zin5fOWp^h;ymC`L^Zf$_zSxKleK>HW z-ajJX^Y{Xo4jxkMyF9{IiDpcH%jrlvdO&<*d$dCuPt~o*dk{21zYN@wpBcTCI43~} z;egpG@TV9&tTvLu@ov>1s4fhraZeX(xS0@FPJvz?8QsGU_S5h4ia&QPt5o$H^;NZV zO5Q?KT{tqrtK`Fn)KKTO`s9qc_Ed>vp2)qj$uv?HA{Ld<)NeGhP9OQ?a7dk;DJSpp z{+lP72>ZdABHYj*bZ(&np_4v9gnqfyAM{=x89YAEHW z{CVSy#LK$%{DAk*Kc{y$cwfeI*66zMBwP@9bT}AYca3v%)@ixql#6>;|bVVl`i!}dtXIRHw5=P zN4J|=A6~;tVCicd1zSHoC!%gPsgpOc3O+NhUtcOU+Vfv&lmNUJ_0eAL)^Zf zX(vZdGX2w_u5q8`qRraj2F;rp%#o_z1WngRpp;p&o+kMOWj1FXE!^rHx^_K|4>e?6 z%QcIOxJFBZ-p0nSrK=hC7f&xezU*B9Pgf@o!_$E>HMo74l^;>PhzDhZkW*8&i}pv| zy{K&xOA3P1OFWzA=9Cmg?{s$;9Apz}p9kCMwVkkI{N!*U!kuNF#E#x%9Z)&>0s%87 zgN~l^Kv3ZkiY-qJI0=i0tG0BDKgz#sVRzjE)e-UaX-ZE>koSiFjiuj>6ra_Klo6#N^jfZxglsvNdd?upaSZh%g^n{mYQ;+Cudl6h@OeEqEb6Z z@-jA&0x67A=?DE}<7}Cpn-gKpEG!k>YTS}?INliopf~WoRXnFQ;6w)fZ6IF}C2h

tB?z zv9P#F!S+1*{(af^T7Y^H93uQchxq5{Q}=<;ZS({3dq7jItg(18+!nqEAQg#)pVxc> z!K|mXE?K6Ry|duvs)?@KaTS5Gc~aMtg*ShAAp~MG#iRTYXN)^e3(RF>#ZK&%cD#@` z_-1?^JKin77D9;R6c?@W(K;?PZ5P=7RKu*?WtIJ80!C%SQ+BS=&3*C%OStxo3P<;? zzu|a?x5JjoeLh6z4Cxzh>cFsu2ZuVVQ_BeIs zw|@TH%Wkze#@+2#oaSDaBD=gz!7PXRz^vHP$(saylua5dQ#pLeVia5Ue)_$F{y=N* zZ{Yy5Hn?Oi$F5{pHvFlUDzm7ni^j(_z7haf64}>NCy!#?2ICZ%*_N~6ZQW5g|61pp zXs4}d?oq9Kj0Du6?Y02Mk&iVzp!G~g7&CrS)N^H|{@2x#id)R4FQT{1JG zJdxxZmVc_Wa#comudkyRE)oLF(oi2(-l#T<67CZV zGdG_&St@sb!B)=m{?tC?Cv1W;1~dK>Je>9(&+6+6F?oPo3Tkf3aXzN<0r6(VdTybi zn!jV5@H5hTA%o0L$bo%4RwmLID-Y!Z0otbXyvCbw`dXMw7nCIkQ1+boVnr~8h${e+ z>emq{Blu3<-G*5EN?rp|gB0OQCZkqgEA~nyXCIemfidPyp2^tl=&m>M2o1bDnEofl z7V9U9hFvE(0cpvk$fUJtH-tk>dU9C+_jW_5d5rLK+|O|_^v>v|-^Go^T(}OO<7uYD z{vq4B_3Vz1o^(517M!KwsLRzIVP`Ie*1n`+5*e)>MQQ*-BthE?l^{gg&=8lM} z3mZrpY>9@~$a5MVv_aJUNQyb1DArmC8D+9(H+8tv6Jo^d`WIm?jZgZ>b6K6QKZp%! zB`P$OYeys%frq?Ecz1jVAB{o_ew<4yEk%i5_VLXO`5jHNo~0@%g9T+8Jh1^&7l1Cn zO^0AD=G zcW{#}>cHaMoKj1i6Mj_rqQzEGDk^kXmY5|l6d;I{U)Mz}E3ENstu{0OZYbiun&@x{ zHZey-C96AGRbX?GoFm#&x4pvzYi zQ9_ntnFeurnQi3ePxl9K#0Y4BE;5nZ zwDdV~MQYhl=<+wNy(jRf^QkeU2C<0}+Z=4BD5{oCTs84?L!vf~{Y|v^Uc8J~<+n$O z!8|Uihgq!A!fyx}#Xc{bz!Dtq?0`3yO{@Pxd2Jf3O4b4!_F2~ z?1kAaQmU|as!JW^!x<#mSd-FGJ_gmm0oS7R zYq=ecMhe#|iDbm=!_+`6Q9krDvhTnvR1(ovVG=m!>sq&YK>9}e#gCB=~fb%=1CLJ%eP zg*s1 z%e)|K_($aY@VKN9r@e|7U#xInV7|6!%OALl{f__v#}>~bEb86C!cy0`&^GTh@~9}8 zR4(KTrPztqQSg(Gy>jn0+>F3153Oa5!Zo3Eo-0r~9)*hY$(Y2e0^)gBP+HQQdv1lX zMqbG|Gyw~aeR?g77N_(~Tpua~O&M|E4okjRy6Gd!cGer}3ps1<;Ak$w3Cf79h`grw zoWx}zeszFksxu@sabH5mTMfKMc_!S#2Xy}cM}sntQ{{(;?9#b%9`C%UTw9Ew8gw^{ z$KZ`0cbjRs-h2Md20`Eg#(hTb;oe1wIV4;5W69rBQ$F!qQY#6z#$^{;QEzqpS>l)) z(~W90IB=p5{3e1T^0^=;WV*t2hG=l#s&ee-R>t5p^T6?uJZk7DDKpu7Lg<75=b=7F z?OpH3h2}CI?$iL@9hWK}i1HDuOw{xWE64RKbF?w z4tr$pi3eUSDftc4)6muXAU%9f8_Q*N9ESv2yai_nhx$aLBKW!{x#s$6Hx|3CUezy_ zDwZd8UVKqIxvFT)aWrOaObVCZd@pk$IT)KgJqiq6iBulrCnPQ!(CPd=lW&o1$xiqf zEyy?-f=aJB0KmYn9wLDg=nB7t;~fDJ4lHUB1DiD~w6xCSheM@o@uV$LuOY!KTiab~ z-Y-IKDS~i>0B-q8I09&l74DCAHok>RQoeSc!r55XSEGM5wMrj6xfI&S98a1@I1Klh z9B@j04L=1t?xZnha!uyi3xOuUc}K4P+zr$LyW6gR=1s9xu_px>Y7;63L7CjoPQHFE zo==g9)%uH`jC~Xz6whu}Jp~26@*ZXL`u-+j!S5b|nYBY|L&A1nD*}fWPvr>0e0J?8Pu%&g=ne?3k4}l6h^=>#Y`e@`cuqiPJRWsi5P)OFZAlt>2P>S*mrh64aYk;rCdU zT9gMJ3SO#2YkY|swhPn)$R7T!w+s;Iq8Tn~v*n4$`_>F-($j{OmRYh zTyk8aEw=P;j2v!tN||Iy>IcLxzDtQGeZ0QX#)%M6zR|_Qj0T;+qU&+z2s>!GgBB~zvTX5xfvAAX$) zx77oqD9_Ne-yJ+sSymls(dKSr%B5%)WW!hoT7GxI)ZarNjY<76Bd%ntJg3!qauYYe zl4UjJ;b@-B-Bs=MVKjUra5@R~7M9lGgFqiIMqbM;93JzK$bGC<1Fc!%JN9Wx>PSQk z%{Icd_ZYnToUL`E1sgoj{7bs}efL>ml;GL&yQf0Yxmb_6+O;@%H{fR5xwE|d$r(;P zj|Sqdg+3BWC{0Zu>GIk4Plo?FIk`=UXT88n`lKk~h$UfKqDKd1XFJ8lauWeL29YV| zM%lg;x7{$@0!A2lNKRUxr$S`;M7b`M!Ag+isR4(EdhzS(sug(^q{;B#V)UHe3dFJLp#tkW zX9g=5?_}CRNrhaxHDBg;7EFq9xxWuUj4;39p#_@%1%tMsSb#i?{j5gMRdX9x+gT0o z$Ed58S%a~t^Yz7gZ0pIKi4&jyK#}Ka-ntv>89;N{ZkqS|dmuohTPRS;qj35W+wN|M zd%AR{)Q)Y3dxtzH4s01?dq3@S4Elm;+%BY&K!t$3_MvBY+DTb_nM$;0cqhhx_9w8`i@+ zIBPSVP7TDR7p9ey2_zTYgSGEjv!^NEmvmLlqAs6?u26Dl!NQ-C$3kXlB!`xsy9E#o z3l>LZ9P5JDath6jxutPfrM092l#NvSXqazi9VSKBi3KiMR=cC&XkWOCEK>rh9V)cA zbFd|AU>KN!Aq`*+Nm;97@HXzf``{7ke2GlM*WbtYi5WC%Jx^U;@&~rP`_FnkKJaw~%^wfvNUJRPYH1q!Sd3$@ zjY((2U(`LV!YW93)r3^Eke1Ti5+mDw#$iv%cnv!?eanFt*OG`>!+`1h-py|uz_B#C zbma!$`-3`EI=OY6YqUwJ?XVT$pwL)eOHt5z?8k|2Zc)p(3fyD-=Kl&#kxgT8nz36M z5i8K;=yqG3BP28J!C#G8axIE?E!+vsv-_vdFUI9!56X!*QAzU}89y-g5}mu38{+C^7)3mxZ`dR~1Z z8q7A8;C%ag2QJ^e5GUAhn{X|E)4d1_`k3;VItv2QtchhZO7WdQBD0$}?XDAH$!GYr z+#gktw!pz*lA#d1zE z=e#An$jp@ex|;HZP>WE$W{eM%tu4HunahE11oV}8P9_Pv7fjzSDEauS&JVd)#jY!~ zUL}q36D3Fu222jb%=o*}^jP#pJcqzP9DM%9idFJlcE`fB7+Q9;Dp&4|NwJojIx+m+ zE>3z7=Ba@g*K~JE6{aj*o=PFHh)q^y^`(?;g)i4)KL@L12h4uFM#{my6S2h?%BLlg zM*R=>7<8htT}%AA(98)ZP9p(<90Wb!c&zOBo;X=d(8NXKm2E*CtXZ2Ig8X3AWoBS^ zj`VCMTx}olwjH>UG{@;M?_mS->6BCwRFXzdI-k2C zsmA#0qzI?-Tw)^=fvKLpk?y>)ogGnmL+OQ>3Wu7w;4NFKv|&!eOkCU1_Mp3d@{nvJ z7a?GA9b~?3f3TDY+Q@GD@j@Ym5kRK}j75^9vC^QQ7{LLQ;ly1Z^Y zjBvZBGEvI0)k6uC;M`MIJ2+TJpw9$iJsW#QxzK!%ms~Jd<`q-VKo2c%)Azfs$T8zb zb3GLz&|#J!-gZ&<9WK4Yfc3m+tUdY73)1^?z-uonaQh-G)r zn#1N-gRlD8rC47H*!)5NZUlwvmXGXh%RGBp5mW^ZMkDwl)5|QYJJ<(=HHe^8ouNqR zYCD!WU^}QO8!j7P(r8`+#UQ4CVlDlm4lwmR=(srvqp6cXwLGkAAoV!@eSh608~C0N zQn<8WE~jIyzHsiqTN}9@g7?+}wLE^@s}o#Jbb4Xu(`0j$AyK(uP|brDKjCA$w??nU zoH6tqqjUF>wg7aCqdcsd*rAk!9hKNFzEz8BBuKPYZx{VH*Ib}aW*=CuL3X)umpX~oeyV!@eqs$HqQ^>zI z4{xw1)7xwz+qwZV8C&^*aqubtVM38xo<(a?dmdwZibgH?<8SaiMPhgtzpn%F{`cD5 z!5F@XBYo6R;p)2+^}HLs&zI59&(o|Wp-yFJ+yIzAdZ1Mz_s09vJgVraJlvFsyxYUM z_2VB40(E!yjB`_8wOt!jupjvX)patxgbZL)Y7$wvu6-&Ibs^!`A2_>7$Vs3X_#Wd| z{_4}d#+aep2=Dk@wG4qDz#|hm0|V8@_biA>{_;lOPvp4?6rhXEdbk0*&d@fM_Y0Em*V)erxXq^7E zyrPdW8F=XlIRxjWI(Vt*ohh%Nge;$Xe>#f(-^b-NAi78SZX^Xvh7D9 z7L_P7)C*_^Lb;VWF+56Ehxp8M&=;lbTSb`D3?8e4qU-^^#jfyLU(8CZu!E<9vpRVN z-j+Ry8@*<&Ni=FL@(EF6W_=(lD}nA@9llf zMf#=_qWyFbnC|sQa%Z99Hn4rGir(MDe2_vwiy7AcJ2=MU_?So5hC4cKThW=aLjeo3``U$`GoIdLplR9+sDMi2|z4toTlt;N{#d6>=GZuRc`HK<5ygefQjc|5ki2|IicITTAz6H!aFT|q3mV+ zwg?|V5{O%QM&qoNXgPs(=!T;I!m7pc-+v<0!{%{p4$O_EDiDI9oJ%6xNl6mer2;0> z`(BF6aH4O@W-TvacbVfWKWfMqk3Bb~IB-W^f2;r{V~iHKSiQ?!7? zIJkbx_VW#-x3};;hoA0H7U?bdE$bLU1f9dt`PV21+9WVCVuU@#82FwVQGGlx8{6XN z4=VLfCUPn5xsB;ELMmr=9`wtv755nYu|F1Qr=4EuB#E`^>qLFuOiCtM@!7S>0bDyj z4%Skv2N}0_r!n=zD%t_jBrm9k+GF#&S^J z{|l&ivN@k94R%iG(!GA|sYR5kEYTppONf=h;)`xSE&A@m#OqP*GFGKWerAdRD<(w< zc`ZWb<^9E@XS6ixkVfK@$^EO>I^8j>DK@bdfj*#^(EtThv{kPo1YK?>$=|nqdqXxC zzbdso#gr}hg7)|^_1LHQVpcH;&QVSRADf-k@cEJTL~Az&&&Pk6n1_plnCM`ZLV5#< z>IVGUy(^5PY=9gG4fOy%WYwp(VjVIpcYZr(GW7}Q3>Bg6oc24Cv7Vja(=xU!npIbz z%W*`miqCaB^SKM(?zzc=lhSjmBmN;x(|_RI4v*wdcnG$vYbQIEj1`tePqV6y|ilf#+Esd2*YwL5T#Nl?)%Kjr;+$CRBSbk)bmsO;Mf?hlEo>v#kG_?^Kc z1n!g;!-ddA$k;@Eh96ZSku|HXY>}V!`#L_0cDp=cKa?fJr$k2m?u3@g9_E;kB=qqu z&FEkzR<%#6SU{7}m!2{z`a1(ZgtY=!w37qlNblK}=ambscr2-@OQEaU3#WUoia>=5 zgaNv?9}d9OoOVXo8sO$0K6V??C+`l{ixR3{zr6I!seQ~!5D3&zClA6!Ak)u|BwlH$sP2Yu$&^!1kg{8=%{ejWWQQHwyv#o zY+lnC0jP`(U?PsekxV+1*+rv2nGR(L?OE2>8-{bfya{nSsYk5d`K>H#l1{Q5=2HHy z0?K5~%=ZTXH|%~iu8)>A-fLg{b5v8A#Ecz97EpgY zqGxyX9^nGtlJTo6bL(Xg0Z1@+k$A~V3E5KCZo}{y9z-LEw4%cf>L{P|ERbM4i zL8aOc=bT17LmIn_`Ig7s*`_u<)W(F${ftc|f0-qhIX)UTjVAH1*)Mx~Oe;WK4uXoM zC{Op;K&XUc*gC}xz|A6}(e`;IpJiPVKiiKzSANY$C_F6VvRB}wO zdWAwCzGy(j@)aW_xVcuDI%H0vi#^FJOlT)Hd?G;{Qm)2}#Tuyfjh2tKi(8 z8L92VM`^l$S=yHkKr9_>(?Je<3_<|Pl3o@=jOuvyVqgHpNkps(2QY4}nB zFf{~u-oX!YHIisN$EKH#+SuzeV%Uh+`bz1Sg8r}>ZQ>2Cd>psjn+mC z9I9nYt>hPw>vE-3g37dwmNWpfsh>N6(gY#8GokiK;`c*lM0rh4*XHufdR1=s=Dddy zBSra$&w31Yw9@_c%h#pW9(+l1-5yUj_O}vLQf2Udt0=zkRx;h|N1t43WtC><0karu z&DL=tF+wQcQoOvh*fl#(hz$gY4Fz%A1v8B-ZAUr#J|o9*q}CQFTR@WKfk-EB>GZVg z^r3O3ug^g+t&!a_ocnq8kv`n}5%P41b8?(D4qNs^By=PWDsjeajy$0JDy-P!4wZ~K zST01&f*tB*E2oP!Hk}y?9QsKW4mmx~_;}9BRyl(reUsz}3HT@vp#h428SRG;J}0N9 zQ9pNq7*+u>ERJt^xJjx)+I7MuiIiOHZZMThx?#!G2OyS5HJx2q988`5%KLq&;yrN| zlak8aRkrx9iOahpj*jf#-4CQ3sqyuZiE>i7}s@8NAi7tz9eoJ;!ODn1sNs z%z2p_W$qun$h>~(JZ5WX>#syTP#F)@_t4tgjjPCYdRssRczPz$i`Xo6 zYCF3AY3t|93LJKWtJclHSA~7q*n^zFXvKk&ZOMB?+~E{ z3>A;`?o6jzcUM@gUMCioiG_~nX?fWmY`qF`a`8tH)5PX_IcCv64vWntdp3UjxHbAFNPG+pM?~mK=l^aw(Z~{qn;lDl9bh~Ms$UvA9wxzr%V`29XQbFtSNW8x$2#IQJYldr1cKw5i>V1!_r#fJ@T*s5;)EYqU zCQW692@+AHk-yyk4H$|V{p4}Wa$LHN%UdCAJP=Z^szMDd4}*T~W$WLU@hp^Vw3R+Y zHzs<@ueW^R1nv;aOg{m1Su2sxc_#GlH%{GZe=C~l$;o8g z-5j}jF6pT{u}^*&TJu2fF~5-kWc@h^LeP?99*sh0U}MW5)==JbTON>G5&T%R4X#96 zA3QZyP`z$HdPic4+WgAPM%mjgLfszrId-}j$_x?ser-9b|fX@L>%(1{&2 z>KT~va!s&Q!xUYGK9Y3JxyTEisMRsx9R~L-ufXg|I;AFd*5Q(U9NIiOpku1_I=1qw z-c?Y~fa@~;_Ucb8i89No2K)K8FZU=9I@K{rqs5ct;jKI-pmTSq!`^ZnUTjzPHI<{X zv8UIe7@?B zd%gY*O*aLiFYA2o9S}O6u{js0f77}o8v&=T{dSGT``M84a$p@Y@d6=gG4#DaxBg~ zpm}%eRv#7TMM?v?iw~|ms1?n-be0Br38yM>i!THQo_+G>ve5z}J0|Vm=o8nhB9U)C zC2@4~IBi}glQbn#Zj&x4QodtW@P(0^Yr$`Xm~PzKllMhWVDeJbW z*rlfhiOo?#*BGX?81(Pf>DrmL?1(%_X3XobGAr7A!(oRxMYTTu;em0=ZaChO%aId6 z-AxK=4LT0}kXd`0;!N8wrKWtNj*9~WsumfRc2#`AS#LtruC@NG0iNO*g6i&;rkmB} zt>~RPFFB|CNvI^wm-fZ5UiX38bC81!DHW67|z+o2~5Sr1Mb6Vh( zF=uUH!D)djPFYe?Yj6N{y7)|&1P$%)hd-Qu03YbH2}U*VituR==kRx)UEC1fuvH%- zx?{%H0)8Z1SS|5i(Df|R7%8^<{@5+`6Q_nlLa9@FAa}jX>qEJXQ^{}u`MEzdW3BPR zA>&Aw_5y?YyMZC<&9& z8Id@ZdiYBYj(QD>OJm^xqWbK}cfo-nBiK7E?NVHZvbWZ=z>Wm?h5Zrwf;Fi2TCKyY7V=2i6d6AI4WZR#J=QzfO4f$dL+_*O8=q= zs>$VE1uT_Tp;I(whj-3sBs$?f`C@6}&z{rOZrV=0m#TxGVl~8Eq4}2o&SynwWPM=+ zZwbwKcx-q0`Xj`)3*zUx#Aw8N*_ddy&N2$I8d2(x40ZW7Tek{MyLw*kRaqDNI`N|+Iq!H}y!Tf^K8twks_UDf5ODqMK=qyIz(8F{ABifL@6yxDZr z!J{>k(e0}7YJ|wy%?etpBK!kkL1hloQ>4*V=q$A`n%cq8MDpbnH+XiR8;H6 z9NcNif4P=dLub$~STW}Og;=>3s)(3ac%hUMLU-Tg2e6`3JS1XSuv2@J6E^vOwE(b@ zmUWlBp15Zd1ux@7&+-ZPUSw)5^Jh=^Z!*Ihe;9fQ+7;h_HKUu4n(u}xIk76`zej{x z;0J>OPhYe8rID75oo1?yeHqtLaH_iq`T2v#@d4`6USSqmeFQ%Z&mb&kd=s+dfz)n` z^M`0_sdm9dsu;8E>0FJgb-j=BR$(#}D^KnW(8*!-`3fmae%U@i+OYag-tC?q{QU{q z9G8XLhl8Qs_mCDmO)-a=i_mNi(!K~)jZj^+EHkg%y8Yu)MnR^w^j^JErQ4ln_g@~& zo(a@-WtCo=-K&#Iq6waHI&~rO&CYpc5RS{g{p`#Jv(j&b?SX z+Regb`_x_jQ*Rl4q3ug7>uypye`v-eBlqOx37!8tB%aO`h~on{Zm;yH(nJ5l{1X7Gw35f)3h}}Bt+q86zXs?z0)B@ z(B`Yxnt{+@_h3F~q*ZYEv&v7|zYId|m^MXaMqgML{1ERjn5tS4ryBg0M>l51ET3-N zs?vNoWY-CGNrL!yhQ&J87a6~V3|Onr8RUF82)y_#kNq5Qt}pn`tNQfJXygq46Y$|+ zw`m|uPs74o-6ZcF>n_TpP(%Hq?s!q`Mx+1ZFYkq+lSJ)9_AOZGYE-LFv)I*%^>x^= z_at|oMF7Q?APs79>-<#V3mU!C$Lf3Rr?ouq6};qPKAk7bct%fzX0^>TrFd;fy-5!z=9iv^w}1MxnE#I&4-@*sPQhoKrIzP*+|PY@{!{pd8*r{ncCgU%CXRIJ$A#AB zlAu&%{SlX=?!!pmJR@ASWJhG!zBPk^fFFR>`W{=a(6Xh8wlD`T#Dmvu(hEcFp2_?VCV zvnVD6wf5VdW6Qy=<|T=I%#0?OO{_WdhkB#+U0bHa2GcX!CkK@mo;9}CbLCv7 z_xNTV*mcyc^CoOyrmRVtHbHQ>Tf^l0dgDt2r#re|C4$+RLz5B&(>MF+I-xFf7MZ-$9PBLeozUmK_ z4eEsGn7%}{a!n0C>0;HQH!EI4Yh{){R$WqCa@wC(sbDo_qw&41EV^t|0fFC{|`Rj=v8;YLJJ{-~# zM_~q+cwz}xepqD4mm0jD>0z#pHFz(a`C$Brv9z+)fKxm_Ht<9PI+X~~vqfZ6$c8;6 zI^oR(mO>LDiNw=Qev7LQx;3lTikmluyHenMo5xp*4FTcZD=s_ z1I1;t53DDf)l!O!FE0JjxHXJg{UrD75uvzf+U-w1NzSo#I$d48ESg9Raa#6!_3@8L zuXe@AQu8;e_34v$wf_YY`FMul64A|@Dg7`R(%b2@K1MPMZFIy6b%JF z-y0dOkeU)ZTU2(oxAA95=!dVK+^bLhN*Fy_{}W>;hG3@AtOm!OX%P^Y`8x5G^gGrhkDR;I;24)1Qx3k}8vCEroe zn!Zv17Or0$P^|w|9e;P;xH$=uI63N-x!wD6e>VgVN@$#`EJJluf4Z^iz@p5#b<_+E|Kn(kPd03Te_vBrI8+BRAN9tQlvo; zDJco1j#5fWH#3SzHw+E;;P?Ic-uo}y`@ElLe&9UMF#DXfUu*5xT6^u+QB%Pjyx5d& zy}L_o>!fk)fFD!ohNdXe^PBL{IXn{hVj4R!a#z@=B#Jf#E$@N0OTXhnj^^q7$)>=z zwW1}8coX-<=O)fm0JqUBwpoQ}m~DKD$AKM{)IC8g8K?qRg8XYP)wD0qVwu*;&P8kR z^$YD(e;jusIm)Bn0);@3(pNnsm7GckUXXZgb0Ch1?};nxF;&^jcqgxb5ow?PC7Tx> zS9?S?jPgGtjq(dZR%meV;CbR?-1~tEN0|9!)oCFF5Ld`eJ+-2y(zLoZ9%tlfMiwM2 zDH9$Qyf7FiSdDimUX=cY1$pOgZWf$KG#*-Qnf_OV2s%Ori zI>_!&9X9=YgL>E4$7_l?A6Oc?ewdj%J=U!P?mxlBspfS7gA&JJ|0%Ha50jDI1Yh6_ zk-GRjm;UIym%Zs4Ys-RYeKRvX38h!;LhNU*en6c_Y7snaa z3ezqAkZlIa_p<@ZMh;QozqmL4QN9Dw93ComDe~!x$hirDuV%+wedEPX-4zTp=kFl5 zhUtqH2qT^qR4AD~6QM}GRUcMeP#Yxj)l5*gHWZJ~#sTpFe|xGOz-4;uS||;H$CkSp zPf<>{vYnr~j7a`lLM&eMsW&CLxC{QhhE!VAY-w&4ot15-*Qp=|FVyea^;5QC8T#T2 zaqcZOrh}sdNP4%~Wx{pu&Wg`tA$!hFusc$XWJtL}s`uzgtH#;f$@#P@p5_wdiaOcf zOhUR96pNnMFOm$w>D&(FN@S82`S6m$8#{oW2XSSbJ1a%c}UhMW>s z;pu=5#F=|(=Y#-AaxsU#3cbrxSU1R<4 zq;x(_7JP}`DrG}O1s3QrgApQ~f z9QH{`XGkHY7oRcC;CBShWW`VU2zse9``*(Wc-37-B1q=?^NVQJK1*UG&vk~{g$qQIXFKn$OiAsv!M&) z{0Jv;<}rz-__PKf)CmEol&_oFf-=o;a*G-wwHQ4QCf z@e6?l!d*3VcoF|*Uv%;47mC!r$&Wz0r`{*04+fszxAlz+cfnv^UN-Vh&2QGVv=&r4 z5e>gM(Yw3`^-T~*la@)KFi8d|aX~9oW+l&I0^_0Zn)=g9Ty{ho+y-0vD`cM@lUBD3 zPTUl)_W()Ybop0#5d1?zxB2nrA69Pvn0tc$_|gF`G_hsa%)%I{0GV^VZogMMduCFe z44l!|j!LM+lU3kOd1prSNdq2${Y=LWY3sv73rQOTYj+4Kw1T5GDVu^%=S}5w?IoU2 z8xj3FzPiC65rfq0Hq30i-_U*M!iXldBqoNi-LFKnB3*#SvM;yrxzVn*{e;is40Zmz zcNENmxsmLb(;r~6lIi`_h(X52z6T2EFwl+?Ks8~VKob|!Mm$1}(Rc6yb}}M+b$*P* zo=h&5`?bq%|17xt3k9X{7pZY)OX>I@n)xR?{f;ZKy^#q-hK^Ngm7lD+zryF9tE&sz zd|k50!gmF6-Y^G>8#P~@ZLCdJ(Svd?M)48bpkj(cs*c1j5RcB^UgF~#@FqP5ETf^3 zsAL=D+z_(c*Y~%>vP`ilugU(rQMepqUEj!>(YwtctsLx4i^#2@*Xp(n?*_&p-Vj0nTa<_~NJmUh|upIwz~ZDJ~Y#i*oW{ri&}F&2e_rwZ!157Qp$ z%=mT@yesGS(1YE3=UCy~@lgBY363jQ%{B|uYU!rsjB`sL{&yM?A-U3u)f{fIHvx&e*Z*CJH9d<@O0#lPEv&dP$xt!UmiYtdCnAshBnSP z(cf!3H0Vj7caALi9eQikfhIE3BV3-@ z>2Bq?(nPLOhsd2ORJ447)jme3&p)*usSQxYF#e>=tsh<|1QLPdv{QO*aSD_Qq6}QAJej-=Od8f01f{|W} zg0#E1e0Sc6Lp?|%mnq)VlEy>^-L9YmCugN?#W0% z^B^Btsx)*=O`i~j#e?j=jDLLv5dpPvSsD(+PQ;CdoS%prYv93N+%-l1@ra~GEb)bJ zE^>xYyotWKTM_@&M;KH@gzo+2v@dPF?~>&E5@oi(gDMt-nZgc4UyQ6Mk)yn#L^u#r zD81P3rGZvlu|>vqn5~WiQ~B$0&1}zfwD9_KV-X|%8$zNH4U0sQG9`=Wagv?V17YCwObR zt78{cIviK`u;dNVTULkA-m(JbI5$Umg6R z3Awf$4PAV|-Dqg6!7}_u;L-1VL=rE>4hgUZEEKn_dj}S!`Ba7a1aLA%qwp(}6>~mT z{tR{!w=eM*9L=e$k=hMKdp(nSvyI=1eTaK!kFUZPHQW|C6^oQt;T3G>@#YXt{)_!I z6eg5Pp{por$LCt8n#l0u2Y3F!V(8Ao?lF^)Eu>|$jt~?%;(Di=uy3p0?XMZoS+t5g z$i{7(dWr279{&30Ri)-(+#0&~Ayw+^XIJXqg-*Qfcnr%z#t*DDD-fIAK zD=HLZ+nA@<-xeNm<{9Z>8NTZ2cUoCwRdzj2mzAxTQ{V8>OjI%yf&1`c%JJr1V zjnHo)aZFDk7Zi3$1|{2)XhkdAd8r0&7rj~#Q-T6|$VJ5?36ZbUM;r;}eOlxdVkSpR z1q7N~^W)@FT*>g6JI&=y zgy5?de+j2NTnRzf0WQPAb^R7{${IZmleP4TQ6Q?zZNG~CFmH}*`O`2~#-V$K?<5=V z)GHQ?C*u3_O)8i?_PT?~5T-=E&*hbp`6-8YQ@M10-$dbF#=s{(3m!yGzqjj*-UD^K zQVn(QM}bS=@Cy#Ae!{LzkM0+{8?j81M``xo0vymkQ+AZNi(a8K!fzYt-_6U`WeK@X zpOFTvPlWWlkELrZRDK-;PWRi6&w(SVg!4e;lNEDiiVxb8oLnS}Z*$M-JuHh9*6(v( z4t*w|vHU9B!LTc1pMJ{3Ie&E-JCUdWDjcrp0>iPz$J^l^#s<_y&j;hXcrWRZ8m0~W zy=}LD=9;OTOYaeFf7tBU7>mX_PV?#1nbtfzWZd7V9($)o8gjI5{C!Jir}bdkwKTVR zr~Nz=loJPEFuTW9rqHFQv@v?t{Z*Qy`r~oUkA*GxzO}C5&4LSKQLDd=tz$i?@4# z&7sJyY0&K1EV=7@8S~K(_A(lEdAmLQDLXf;2FVlZjF`p=tKWk#=J%=$Wgxwj_+pnB}7YJlCq%EKpl&@)~xBZ|3yLeKuBu zZlCZ_tfjEWziY#I5j&HDTw!71Cf}B7;k4U+8;8;b2p{=(u)X=3uMUCf1W60QZTE)v zWPKC%O7Us*(sJiN*{+;=Al#9@?J5Zi`8=jJ-BgjniNRU1#plU@2#&P879@r&wL6}! zNnd&SL!CC}Kz4_(Wa|8n_8%lec*0$_Bcg4qwfG* z685sfdjbc~;=y(0hM;XPwD_H^Ef3VbVphn5A1}NC72`6d9)}KM@h`MxN_w4`O zjILsOtRoc=O34Y4p}w#oa|z$@@+p zaCBURQZ^by>EueMgJ4SbT==rrMX8q-9&rYCj{nW}(nYny-^vEp;hFUfYujTEgOs2% zI-BCp&K8s?k`~$lhc4ddY>QzES_AFJe=W1#;nQU8UI`E!vNB}}>H{7!OhGs&iAwrN zDcn@9`Ww!Cnev>_mqeeqrG|FE36n56Mzcue`}F4HV*>Q~xEIWy-G8WOlu-HFK;y{oF~+)5dAidiea-G1 z6g?DUgddLln5;l~bzEjelQ6oGS_%vt6{A`TwG#K_a6_F3E~U#!gs)g9)@TFRy47EK zX3Ggxbl;z2YV>G<*2j448JCbwlA+ykVvp^CE9Iie9m~+^_oJNwo+w{g$8u8tA!(^xC2qG*h% zs=obrCq?lYtLd~R)p)gyLOZA!=Laf8a<(La@`R#bCc_GXP9T+Q##62DM>+tHwrh+> z47y*)>EF~%Y{T(mp zbh9!|*Vv^`uQ17lc;D!-dZQKbBFBSt0CF>VkBlK@y-ACqlXK?ei;B1gWStp%EMC(> z8H#s*qHZsgT0d$z#5SAma{KB8t>(I6Q+v5U6%?6iQ}8XVP5A-9Z_7-L1g2pSGxPmU?;1(judaavku1}vhL+?rU& ztEtR81@}3O0Z@JL8z^Mii{#ET`wZ{6#LV3!Jn*wayWd?%65O)dMOw3-wz`-|wBY7@pTj51;5i z`i)CL$yn|Lw_l!v*ozFxDWiHj5rX8G_?Gs<_RssMkulTMuHXTk)1;3QvJ>dh0&ArORPwD;*ND&6WE4s(R1bG9HWs9x(QUCvg__5f9pzh@u`e( zdgxnSrhebIVy+bZf*q|0m)A)O_b|L?_>^}R>-<4qpATNiy-APK74p=Wf;j>ggSkOD z$2-|xi~Hrp%<#ixX52EkCr8TTyx6)i@?DzUH*}ZnF^C;wsl43Ct-7gsCo(HQg%$GaQk7XfyaK?+K0kmdo zl|KU{_n-Pjuxap9O}qnkkoXpH8gASa9_(~$rOLEHrcq@~7&guDe5loH>#>zBtO9E9 z`WUrmHDV+3Yh*>=#{8m{-O}ffcf>Wkqdb0qI-h*Fg$P_?I-}JsOS8AAWOg;*Q4Q|5 zmAU<(nwV0P=R))0s1~iHr&WCT`-tl+TwS-0Jm4I38$QG{x5E}Dv7CcXw?>#s1CKs-6Qn7`#Yk--G92LS!gkOglw>-owNsz^zWKbq zrW#yMBomkw+BJ@jug-TQJ!-znGwtvc z6!y#s-TwTFPJG?)I${_7mBFWr99OeER|e4z&X7l}{L2RP)1CdAh^lgXqL0)3sjSMV z;4*$x$qH@sj6B}qk6-Wz+}5Wj#?HC1CTzKcH3IAirP?=*>t2kuq@64RhatOt;{oL_ zdXEfkTKO{Ul%}i$t#ze-VM|QgVr7`w<0n}q+$`u{U*H{p8nhXEOTF~33Cuy}1!jaU5>g#lN2 z;$X5Q0`NAnM=FrT%BIUL3RTn2i0WJX%W9sx|mv`PsT$C?ej(Xm9rnjG zvX`Yi_Yg+{Z_&MXCz!CAaC+___T7)0cLm(MBjEL&#|laX1fPkU$xbQ@d0JzL5t>eP z!h8Go<7)Rm-U=r@#Jd^;ju~(n@GrV|D|Cm7gQ#S5u^MsOw}0s~YC|w3K0hqVUWGq= z{==e%qYm7&ZjC`y5O+T1qpV<^4YkIEDwzi@xoj#K-Ssj=QZ4f~(t-u^2b_l@$piYU z4?q2I@uzLf)~MkqB=}{6bNOl*n*_GFM^;9Xi2GQWXf$jA&nkU==w=^IBlzU5Yr6H* z>V^8uPrV9=6=KIixp=v1Be^$}oE1h^!%${g-1PDLKq?3$9fY4>5Nfg6z^37dq((uw z>_hA#4yMR#E5<0?6e>xJ>xw`T<3V-GwhKVAmy#BP1Xyv}p~Ic#0Lj+LDHr-pbnVYP z3GDKMKxA=MTt7#A-&3amo%>%O4FoXk=Hhm&h!y2uYDL?K3n5*O3=XL(hbfU*+)v8y zFmZErsApX_^n?T7(*j3twjuiZ$AE6|rgW7xJ}=Mh$!z1~iKImxy=Hx+l8g6Bk|^pZ zlJ(J#Hi8^Cnk=xDqvGq%eUcN2-NIj{G6UEo9K2&`Ur~|yq0{5K)nt?&@979!+jSv% z>Tqr_drB#m%_Sg`AgZszw;CHljnJFkqaKke=&*aF0*{4r#e>a3m(^lcxUw!ZPL^P2 zM~(UmRG?H1pHL6jIV4To-1cNH>@g-~)?V!A!omAbif{y9dCj|J@UdoE=Ez{kh_3e__XL%R-{8@wrrYP;SXin zKitGoVm8-5N@}3I{5`IjV+DS2GIqrSy6(50-aQ!(48J5^u11&J#25J9nY&{ zZxQ6EpTKTlr;w!@S`{q{773LA$(oqYcecF%yR-;{Dea<=@n=j10$pOZs7=|su8Sao zSn|A#*T3ncaNPA8tIwX(h_-Lki6orcI|#&z5PKEnEi=MxU~qVk*^P$amxcX9WLnm{ z%S8_-aW>aE)|lgPq7!MV(CKoM&&<;bEzH_qiHh0=yO}HmY+o^?EmUh|H6;U{0KM^? z4_G4NDC4=p%JHPhTEpL*O3YUvp|Pj&3oK!M?UaojmcKevaxnloqrv4|$6|A>xQ~G( z4zIQ4;{@Qy9}2BfdU9%7zc-O?!IvVRyILLN!a9dY(#J)Ap`M0v^Ja9bDMux~DQ`ab zXRKtaTNnL8Vt$-80rU|8Y{@ilU1!u53mQ1il@$h8B=h#*j8IRD zlpcper}Huk?n14g7q35^GvpI6JV@(E=YoVn18L%{WU(&t?RZ*iyZUBVD(E2po<<$4 zl-O5Sd=^lX^|ty1P71bE@=;IzrVFyhM-5#RvDvs`p(7oAUE@t~e&^#<8 zcHoEJ03!xr{TsT_fz4F*L6kOH4U9oWc3jX75u)GyjCl+nqtc^El(d{QeN}w2#nicw57IvUHE;l z1T^Sgv^~kcY5RWl((#@A8a>F88?*2kk~oDo)|B~I*c&EkY)$!NYy>Hh`|m`FqIlOe za%wOdHjtrvK)@>;5*AIP#KRhnB`jMnG|f|Tkq*DnzeY{U{^d*qi5pnaMPe&u)v#f@ zxacg!Pfn{_Z9hu?ttTo|ltCyE_YyU5nTXzMWXy3Yv9r!44s)xz$B}RiwfE=351$=vnos~w&u335A55;fabS;8*UHHDKYU0PAWsSZE#%e$IT`DhL_rK<7?@pG6e*Xe$ zeUo{7&ITV`?-zEjGqtr%>I45UFvbSZyWe>dx`^|I5-z{xY%0$TjiKOkR}f9&GyU25n zt@@g_C-4W zOiL&vuHRv7STwW$HalsS*TAoe#SM|cx)x>7$mtD-ZsN8&OS!Gf6=n5~oU}eE)Si}D z;pfuG>n#2)O%gOFBvvmd9N*TaN-p|~bok1=>VRV8{4bUg>%=&VEj{|7{c@GXidzBR z$J?*v*QS(zoA`nKHWoD=Aiip^V99{7Ffn#JHp5Ggr*6Mc%AbG25t2k|tb-g}JYh`D z*!kThf9>plcPS97=v*X!VDWxa=t4``I0%1wiz9tHNU5MJfs-OmKFD($JYvv%=OepQ z&-I8@(=ZiYS&Qh~aXln4hY4q>e z2t4`Lcwg^RO5cF7Px*6@9D&BQjA^oNWcBM-%O2g69d5 zzU_bRL_tZ_0u8mR9#+kI4R?}%b9sN{wb%e2paDoLYa9zl7u!8%GdYPM*ZN~JVW}8s zU(`rByW&MRlDK>T;LLPX5QFG&CZ*JH#5@OSkTy2S*O~eJal#W_#(Q6?p%Ors08qU7 zw{xb*pj{QJfH#RV)YG-)uI$<_7fa!pV&U}vkukA)ZvFMf?^%&8h^<&EuRwd|A0ffH zE;=>RwRMxD8K;l0F9^)&rJyJItYvej%a3g(ZAFV@8@8SwLWIp%)oow?a=`?Dj^g<|0Mj zxMbjNS6pg+SEq8BK(zA;xp*M72Gm42BDWv?eFp4!AK6vO;%_RY zEwz!+xT_O5FnDWVE>Vm@WZeAY-;~jsw(R!5`;;DAu2DKc;B_lEp@gf#P1@TqpsI%1 z^3ngnA(#lt;0b8(HWM9#yz%V!bdVCYt(a=_n?Lp3ddD;}h5c%XM zQp(bZw_JZF@EaX)9C@yO{&iWjs~k8&wr^)Jq|UA!clFT@)=KGz1g%kc9C)L-fpX>i zx$_z}J$JYw2ds(ZtOw;uMCidaV(AxHwElfU>_yH)04SgsqvY{S1ba{nIz>smz*(m43DBl{?AhUXx)?A~8%8Q2_xTtZhU%*b z7*s1`t4hOXHn7n#U6p-;u=otw@YGm5<|#_Yq>Uq5Iw*ho_e}RcTYivVn@FoQ>2RY`Fe&VssG%@<^OG$Rvci?D3$2KDc10N zm`s%dKbjfRFD;fbk(~J`lpIV{)`y24b6B`MO-hxNU(4!Bx|Ab+wQK+&l$R6NIFshc z&`rv3y~Sg>OM_*oP7>^18&Px=h1KVAmUxldXRMLT=sFaOBHvpba_pXU^0>4F8k`YkHTRO6 zw=`viHZ%_zENNGX_){<2N>+Sc2&bl3Ppys{>c01>0~hNSWC*4fF++w1wswRx{cp@_J9(Z!Ka! zX5)eo_g$STg!g_Rp3HM^9i}^XH)#DqXoxhZdQlIS`R9{%$r|6{&-GZ|K7rMkV}j?1 z%miCdAC82&!xeeLaW^Ic8)lTLj&xke>Q>0 z1nTAY9>Lo-QKsBn`;`y2v<7rpxURz>tt#4Q!E&L4S&%0aG!tXLXUy`&x2J}B!lpj= zgbUOCR&kY2hST|Rl_ufI zb8*Eb4qRQl&Ky4|RBE-NrnjiMjHLhIRVJ_Dmf#B5DcUHp-rSP`t3Nd3vdjJL=Cy$4 z!BrI4-n{W7LYLKoF(Gfm@ogBDHJ5lOCdKmKGZIvu0C z`b!|0Blwp7jxbPEnDCb%pc$=XFr*4Q$07x%5gZ|fz`-69();KGTUKn>1`Rmu*3<~u zr|;~*9Y7AmXX5tokP4SO=fCfQ$5~$D&t-&Wue#1L1}%E4yA?!Wp>Qz}RT`52d?97j z?px#074#`_81lo8=f1LmTr2S*GyvKN+ZN%t8Sv&)(hF`J96!Op%~IpvZ_l Ry?L>ihKjE8$A`Ah{}f)XSeyHMCQ45pw47@ezC1sY&~-W!x|72? zqpev%=x%GFa)R4wA@TrFt@ak|iW^=PlueK%Vddf(}S6upe64$jvWF|X>T6j0mmSP$W?nOZGHfhi0^ zq$3U2|2?B(_M>m7R{F(|I6AS(?U+J#FQzK#aBC3ouw>ccxaJFO$?RRe^h+CK)Xf%2 zO+1ndo}mZBxupaNskjZ2f7Te$S_1rM!=2U>Ey-O^eUWDYx3g`qq~Jv8sX1cgxsADU z#le}Nr6dNb$RpOOa{p#>5vN<9Rykg5qIK^aO)^svVb@JNW3TL`*~ z5DHQ}o=Sq#qUds(E=}cjPS;DE)$Gm=0&jpXI<2kHA*WIjz}d3UGy-?P0Ye#92m;+w zP_&Y58Z`vuQlUp}=~62^3sE(xTuwECccGC3A$s7=eor&(81PI;f;vegW)eVA0z4qg zIxeS6opAOR5+q8qG>f%dA#9G}vv+WZtVqx;&00v{t)h#rTJAC|tmlKr;ei%ZO)duo zC|b={kZ^@!bkej`?gjK2#IVU=ofREN;KNroOD140Sb*%5I>+FAh7R7vaibi;MoNCv zo-x{hAH;N=7&AI|JiU&DmmNn(e#97Q(93MW4gl3d^px{7n%b{sPo+_~3_(yW63h8| zKD|!k>p@;nJ(NNrin#8j1a9oxub*f^O-S$U#dzsFv5GI=+aS?xJ<9XzP3xoL`_`Sp ztOWMB6-s#k9=4!K6wkjCKOTrjB+69iB@DrTqP`Gboz8p(US`#N9L4A+U==Uf&3rJ$ z^lJClp;a3BixRoKQL?`#%QzdH@@EQW!hrp|#VO|?nrHPp*Zx5Ix9)FN`vd!^_VFn1 z0Z2! zz(u0FTh6FqzCYb{L1CyfL$TN*GUuvxK;15qG=i!otJX4v<4r#0vfGdVk zrrRI*!@)|ru-#o!lg_+0v<(9rWtwD(W;sQd4#X9Wsul3ElRox1jk#>taJ(pu+XSB; zFH;%Ef~zHoiBFUg@Evuw?X?uIL(ijBC1L=N(A2H{Qalvh9akLDAHbWk)HPP4BsF== z+}+(teBB%-TowS2IE`K<(ahuROeXw#08d9>vT5~LM1}g&#pjw{!}$?lrMchPs5P$b zDSM`xqN9|i_Vn1@5hKpetINnOJon`->|ho(mmiRq^{@A)9X#P0xxnHr*meD4%rWMPfPl zQR~RQne<7sLslcrc!m(nG3=Y-(PLY7q*Ju;%{7Wj6(cKTc25>Oa&K9xpU+CPI$LdI zm3XZp7K9UzW2P}m1NqpcU&e_#`$^3WFMA%}F-IgElZ)4H-}fQ^4?y^Pt5wBQ*tI_c DJv^ZF diff --git a/karakeep/rootfs/etc/cont-init.d/90-folders.sh b/karakeep/rootfs/etc/cont-init.d/90-folders.sh deleted file mode 100755 index 864dd25ea..000000000 --- a/karakeep/rootfs/etc/cont-init.d/90-folders.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/command/with-contenv bashio -# shellcheck shell=bash -set -e - -bashio::log.info "Creating folders" - -mkdir -p \ - /data/cache \ - /data/chrome \ - /config/meili \ - /usr/src/chrome/extensions - -if id chrome &>/dev/null; then - chown -R chrome:chrome /data/cache /data/chrome /usr/src/chrome/extensions -fi diff --git a/karakeep/rootfs/etc/cont-init.d/91-secrets.sh b/karakeep/rootfs/etc/cont-init.d/91-secrets.sh deleted file mode 100755 index b22cfd2e7..000000000 --- a/karakeep/rootfs/etc/cont-init.d/91-secrets.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/with-contenv bashio -# shellcheck shell=bash -set -e - -generate_secret() { - # Avoid SIGPIPE from `tr` when `head` terminates early under pipefail. - ( - set +o pipefail 2>/dev/null || true - tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 64 - ) -} - -set_option() { - local key="$1" - local value="$2" - - # Store permanently in Home Assistant add-on options - bashio::addon.option "${key}" "${value}" - - # Export into current process - export "${key}=${value}" - - # Export into s6 so all services inherit it - if [ -d /var/run/s6/container_environment ]; then - printf "%s" "${value}" > "/var/run/s6/container_environment/${key}" - fi -} - -load_option() { - local key="$1" - local value - - value="$(bashio::config "${key}")" - export "${key}=${value}" - - if [ -d /var/run/s6/container_environment ]; then - printf "%s" "${value}" > "/var/run/s6/container_environment/${key}" - fi -} - -for key in MEILI_MASTER_KEY NEXTAUTH_SECRET; do - if bashio::config.has_value "${key}"; then - bashio::log.info "Using existing ${key}" - load_option "${key}" - else - bashio::log.warning "${key} not set, generating persistent secret" - value="$(generate_secret)" - set_option "${key}" "${value}" - fi -done diff --git a/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh b/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh deleted file mode 100755 index 4df7b761f..000000000 --- a/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/command/with-contenv bashio -# shellcheck shell=bash -set -e - -EXTENSIONS_DIR="${CHROME_EXTENSIONS_DIR:-/usr/src/chrome/extensions}" -bashio::log.info "Refreshing Chromium extensions in ${EXTENSIONS_DIR}" - -mkdir -p "${EXTENSIONS_DIR}" - -download_extension() { - local name="$1" - local extension_id="$2" - local crx_path rc - - crx_path="$(mktemp)" - - if ! curl -fsSL \ - "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0&acceptformat=crx2,crx3&x=id%3D${extension_id}%26installsource%3Dondemand%26uc" \ - -o "${crx_path}"; then - rm -f "${crx_path}" - bashio::log.warning "Failed to download extension ${name}. Continuing without refresh." - return 0 - fi - - rm -rf "${EXTENSIONS_DIR:?}/${name}" - mkdir -p "${EXTENSIONS_DIR}/${name}" - - rc=0 - unzip -q "${crx_path}" -d "${EXTENSIONS_DIR}/${name}" || rc=$? - rm -f "${crx_path}" - - # unzip may return 1 even though files extracted (common with CRX zip metadata) - if [ "${rc}" -ne 0 ] && [ "${rc}" -ne 1 ]; then - bashio::log.warning "Failed to unzip extension ${name} (rc=${rc}). Continuing." - return 0 - fi - - return 0 -} - -download_extension "i-dont-care-about-cookies" "fllaojicojecljbmefodhfapmkghcbnh" -download_extension "ublock-origin" "cjpalhdlnbpafiamejdnhcphjbkeiagm" - -if id chrome &>/dev/null; then - chown -R chrome:chrome "${EXTENSIONS_DIR}" -fi diff --git a/karakeep/rootfs/etc/fonts/local.conf b/karakeep/rootfs/etc/fonts/local.conf new file mode 100644 index 000000000..ed6c08b91 --- /dev/null +++ b/karakeep/rootfs/etc/fonts/local.conf @@ -0,0 +1,31 @@ + + + + + + sans-serif + + Main sans-serif font name goes here + Noto Color Emoji + Noto Emoji + + + + + serif + + Main serif font name goes here + Noto Color Emoji + Noto Emoji + + + + + monospace + + Main monospace font name goes here + Noto Color Emoji + Noto Emoji + + + \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/includes/mime.types b/karakeep/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..c23021204 --- /dev/null +++ b/karakeep/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/includes/proxy_params.conf b/karakeep/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..7aa69699a --- /dev/null +++ b/karakeep/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,15 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/includes/resolver.conf b/karakeep/rootfs/etc/nginx/includes/resolver.conf new file mode 100644 index 000000000..be0943d63 --- /dev/null +++ b/karakeep/rootfs/etc/nginx/includes/resolver.conf @@ -0,0 +1 @@ +resolver 127.0.0.11 ipv6=off; \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/includes/server_params.conf b/karakeep/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..f67263b2c --- /dev/null +++ b/karakeep/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,6 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/includes/ssl_params.conf b/karakeep/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..adb5185f2 --- /dev/null +++ b/karakeep/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,8 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +#ssl_stapling on; +#ssl_stapling_verify on; \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/nginx.conf b/karakeep/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..cb593fd2a --- /dev/null +++ b/karakeep/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,52 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to the add-on log. +error_log /proc/1/fd/1 error; + +# Load allowed environment vars +env HASSIO_TOKEN; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + access_log off; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/resolver.conf; + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome b/karakeep/rootfs/etc/nginx/servers/.gitkeep similarity index 100% rename from karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome rename to karakeep/rootfs/etc/nginx/servers/.gitkeep diff --git a/karakeep/rootfs/etc/nginx/templates/direct.gtpl b/karakeep/rootfs/etc/nginx/templates/direct.gtpl new file mode 100644 index 000000000..2c8d137a1 --- /dev/null +++ b/karakeep/rootfs/etc/nginx/templates/direct.gtpl @@ -0,0 +1,31 @@ +server { + {{ if not .ssl }} + listen {{ .port }} default_server; + {{ else }} + listen {{ .port }} default_server ssl; + {{ end }} + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + {{ if .ssl }} + include /etc/nginx/includes/ssl_params.conf; + + ssl_certificate {{ .certfile }}; + ssl_certificate_key {{ .keyfile }}; + {{ end }} + + location / { + {{ if .ingress_user }} + set $ingress_user ""; + + if ($remote_addr = 172.30.32.2) { + set $ingress_user {{ .ingress_user }}; + } + + proxy_set_header X-WebAuth-User $ingress_user; + {{ end }} + + proxy_pass {{ .protocol }}://backend; + } +} \ No newline at end of file diff --git a/karakeep/rootfs/etc/nginx/templates/upstream.gtpl b/karakeep/rootfs/etc/nginx/templates/upstream.gtpl new file mode 100644 index 000000000..d37ee59f9 --- /dev/null +++ b/karakeep/rootfs/etc/nginx/templates/upstream.gtpl @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:{{ .port }}; +} \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/dependencies.d/base similarity index 100% rename from karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-meilisearch rename to karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/dependencies.d/base diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/run new file mode 100644 index 000000000..e3fba3022 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/run @@ -0,0 +1,59 @@ +#!/command/with-contenv bash +# shellcheck shell=bash + +set -e + +echo " Loading env variables:" + +OPTIONS_SOURCE=/data/options.json + +while read -r -d $'\0' key && read -r value; do + + line="$key=$value" + + # log redacted config + case "$key" in + *PASS*|*SECRET*|*KEY*|*TOKEN*) + echo " $key=******" + ;; + *) + echo " $line" + ;; + esac + + export $key=$value + + # set .env + echo "$line" >> /.env || true + + # set /etc/environment + echo "$line" >> /etc/environment + + # For s6 + if [ -d /var/run/s6/container_environment ]; then + printf "%s" "$value" > /var/run/s6/container_environment/"$key" + fi + + echo "export $line" >> ~/.bashrc +done < <( + jq -r ' + reduce to_entries[] as $item ( + {}; + if $item.value | type == "object" then + . + $item.value + else + . + { ($item.key): $item.value } + end + ) + | to_entries[] + | "\(.key)\u0000\(.value|tostring)" + ' "$OPTIONS_SOURCE" +) + +if [ -n "$TZ" ] && [ -f /etc/localtime ]; then + if [ -f /usr/share/zoneinfo/"$TZ" ]; then + echo "Timezone set to $TZ" + ln -snf /usr/share/zoneinfo/"$TZ" /etc/localtime + echo "$TZ" >/etc/timezone + fi +fi \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/type new file mode 100644 index 000000000..3d92b15f2 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/up new file mode 100644 index 000000000..b6f7a938e --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-addon-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-addon-config/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-chrome b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/init-folders similarity index 100% rename from karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-chrome rename to karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/init-folders diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/svc-chrome similarity index 100% rename from karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-meilisearch rename to karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/svc-chrome diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-db-migration/dependencies.d/svc-meilisearch new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/dependencies.d/init-addon-config b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/dependencies.d/init-addon-config new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run new file mode 100644 index 000000000..eb00b6a41 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run @@ -0,0 +1,8 @@ +#!/command/with-contenv bash +# shellcheck shell=bash + +set -e + +if [ ! -d "$DATA_DIR" ]; then + mkdir -p "$DATA_DIR" +fi \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/type new file mode 100644 index 000000000..3d92b15f2 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/up new file mode 100644 index 000000000..1fd74db37 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-folders/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-folders/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-addon-config b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-addon-config new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run new file mode 100644 index 000000000..8203b6a4f --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -0,0 +1,49 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash + +set -e + +OPTIONS_SOURCE=/data/options.json + +service_port=${SERVICE_PORT:-80} +service_protocol=${SERVICE_PROTOCOL:-http} +nginx_port=${NGINX_PORT:-8080} +certfile="/ssl/$(jq -r '.certfile' $OPTIONS_SOURCE)" +keyfile="/ssl/$(jq -r '.keyfile' $OPTIONS_SOURCE)" +ingress_user=$(jq -r '.ingress_user' $OPTIONS_SOURCE) + +# Generate upstream configuration +printf '{ "port": "%s" }' "$service_port" \ + | tempio \ + -template /etc/nginx/templates/upstream.gtpl \ + -out /etc/nginx/includes/upstream.conf + +if jq -e '.ssl == true' $OPTIONS_SOURCE > /dev/null; then + # Require certfile and keyfile + #bashio::config.require 'certfile' + #bashio::config.require 'keyfile' + + # If certfile or keyfile does not exist, generate self-signed cert + if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then + bashio::log.warning "SSL is enabled, but either certfile, keyfile or both are missing. Falling back to a self-signed certificate..." + + certfile="/data/ssl/fullchain.pem" + keyfile="/data/ssl/privkey.pem" + + /usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" true + else + /usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" false + fi +fi + +printf '{ + "certfile": "%s", + "keyfile": "%s", + "port": "%s", + "protocol": "%s", + "ssl": %s, + "ingress_user": "%s" +}' "$certfile" "$keyfile" "$nginx_port" "$service_protocol" "$(jq -r '.ssl' $OPTIONS_SOURCE)" "$ingress_user" \ + | tempio \ + -template /etc/nginx/templates/direct.gtpl \ + -out /etc/nginx/servers/direct.conf diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type new file mode 100644 index 000000000..3d92b15f2 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up new file mode 100644 index 000000000..60ba159c2 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/dependencies.d/init-folders b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/dependencies.d/init-folders new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run index e13702a2e..5f5a1108b 100644 --- a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run @@ -1,21 +1,148 @@ -#!/command/with-contenv bashio +#!/bin/bash # shellcheck shell=bash -set -e +set -euo pipefail -EXTENSIONS_DIR="${CHROME_EXTENSIONS_DIR:-/usr/src/chrome/extensions}" +############################ +# Configurable directories # +############################ -extensions=() -for extension in "${EXTENSIONS_DIR}/i-dont-care-about-cookies" "${EXTENSIONS_DIR}/ublock-origin"; do - if [ -d "$extension" ]; then - extensions+=("$extension") +CHROME_CACHE_DIR="/data/cache" +CHROME_PROFILE_DIR="/data/chrome-profile" +EXT_BASE_DIR="/data/extensions" + +# Extension IDs (Chrome Web Store) +# uBlock Origin (MV2): cjpalhdlnbpafiamejdnhcphjbkeiagm +# I don't care about cookies: fihnjjcciajhdojfnbdddfaoknhalnja +UBLOCK_ID="cjpalhdlnbpafiamejdnhcphjbkeiagm" +IDCAC_ID="fihnjjcciajhdojfnbdddfaoknhalnja" + +UBLOCK_DIR="${EXT_BASE_DIR}/ublock" +IDCAC_DIR="${EXT_BASE_DIR}/idontcareaboutcookies" + +################################# +# Ensure persistent writable FS # +################################# + +mkdir -p "$CHROME_CACHE_DIR" "$CHROME_PROFILE_DIR" "$EXT_BASE_DIR" +chown -R chrome:chrome "$CHROME_CACHE_DIR" "$CHROME_PROFILE_DIR" "$EXT_BASE_DIR" + +######################## +# Helper: download CRX # +######################## + +need_bin() { + local b="$1" + if ! command -v "$b" >/dev/null 2>&1; then + echo "Missing required binary: $b" + exit 1 fi -done +} -extension_flag="" -if [ ${#extensions[@]} -gt 0 ]; then - extension_flag="--load-extension=$(IFS=,; echo "${extensions[*]}")" -fi +crx_to_zip() { + # CRX2/CRX3 contains a header before the ZIP payload. + # We locate the first ZIP local-file header "PK\003\004" and write from there. + local crx="$1" + local zip="$2" + + python3 - "$crx" "$zip" <<'PY' +import sys + +crx_path, zip_path = sys.argv[1], sys.argv[2] +with open(crx_path, "rb") as f: + data = f.read() + +sig = b"PK\x03\x04" +i = data.find(sig) +if i == -1: + raise SystemExit("Could not find ZIP signature in CRX (PK\\x03\\x04).") + +with open(zip_path, "wb") as f: + f.write(data[i:]) +PY +} + +download_and_unpack_extension() { + local ext_id="$1" + local out_dir="$2" + local name="$3" + + # Skip if already unpacked + if [ -f "${out_dir}/manifest.json" ]; then + return 0 + fi + + need_bin python3 + need_bin curl + need_bin unzip + + mkdir -p "$out_dir" + chown -R chrome:chrome "$out_dir" + + local tmpdir + tmpdir="$(mktemp -d)" + # shellcheck disable=SC2064 + trap "rm -rf '$tmpdir'" EXIT + + local crx="${tmpdir}/${name}.crx" + local zip="${tmpdir}/${name}.zip" + + # CWS update endpoint (works for most public extensions) + # Note: prodversion is just a hint; keep it reasonably recent. + local url + url="https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0.0.0&acceptformat=crx2,crx3&x=id%3D${ext_id}%26installsource%3Dondemand%26uc" + + echo "Downloading ${name} (${ext_id})..." + curl -fsSL "$url" -o "$crx" + + echo "Unpacking ${name}..." + crx_to_zip "$crx" "$zip" + + # Unzip into a clean directory + rm -rf "${out_dir:?}/"* + unzip -q "$zip" -d "$out_dir" + + chown -R chrome:chrome "$out_dir" + + # Basic validation + if [ ! -f "${out_dir}/manifest.json" ]; then + echo "Failed to unpack ${name}: manifest.json not found in ${out_dir}" + exit 1 + fi + + rm -rf "$tmpdir" + trap - EXIT +} + +######################### +# Download extensions # +######################### + +download_and_unpack_extension "$UBLOCK_ID" "$UBLOCK_DIR" "ublock-origin" +download_and_unpack_extension "$IDCAC_ID" "$IDCAC_DIR" "i-dont-care-about-cookies" + +EXTENSIONS="${UBLOCK_DIR},${IDCAC_DIR}" + +######################### +# Start Chromium # +######################### cd /usr/src/chrome -exec su chrome -c "chromium-browser --headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars --disable-crash-reporter --no-crash-upload --user-data-dir=/data/chrome ${extension_flag}" +# Use exec so s6 can manage the process; avoid backgrounding and /dev/null-ing +exec su chrome -c " + chromium-browser \ + --headless=new \ + --no-sandbox \ + --disable-gpu \ + --disable-dev-shm-usage \ + --disable-crash-reporter \ + --no-crash-upload \ + --hide-scrollbars \ + --remote-debugging-address=0.0.0.0 \ + --remote-debugging-port=9222 \ + --user-data-dir='${CHROME_PROFILE_DIR}' \ + --disk-cache-dir='${CHROME_CACHE_DIR}' \ + --disable-extensions-except='${EXTENSIONS}' \ + --load-extension='${EXTENSIONS}' \ + about:blank +" diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type index 5883cff0c..1780f9f44 100644 --- a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type @@ -1 +1 @@ -longrun +longrun \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/up new file mode 100644 index 000000000..ea0dde696 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/svc-chrome/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/dependencies.d/init-folders b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/dependencies.d/init-folders new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run index 9af8cd43d..a5e5681b3 100644 --- a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run @@ -1,7 +1,12 @@ -#!/command/with-contenv bashio +#!/command/with-contenv bash # shellcheck shell=bash + set -e -mkdir -p "${MEILI_DIR}" +if [ ! -d "$MEILI_DIR" ]; then + mkdir -p "$MEILI_DIR" +fi -exec /bin/meilisearch --db-path "${MEILI_DIR}" --no-analytics --experimental-dumpless-upgrade +cd "$MEILI_DIR" + +exec /bin/meilisearch --no-analytics --experimental-dumpless-upgrade \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type index 5883cff0c..1780f9f44 100644 --- a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type @@ -1 +1 @@ -longrun +longrun \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/up new file mode 100644 index 000000000..a3be200b9 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/svc-meilisearch/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/init-nginx b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/init-nginx new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/run new file mode 100644 index 000000000..96acd5752 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/run @@ -0,0 +1,9 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash + +set -e + +bashio::net.wait_for "$SERVICE_PORT" localhost 900 + +bashio::log.info "Starting NGinx..." +exec nginx diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/type new file mode 100644 index 000000000..1780f9f44 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/up b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/up new file mode 100644 index 000000000..e0a24bcc0 --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/svc-nginx/run \ No newline at end of file diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-addon-config b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-addon-config new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-nginx b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-nginx new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/usr/local/bin/ssl-check-generate.sh b/karakeep/rootfs/usr/local/bin/ssl-check-generate.sh new file mode 100644 index 000000000..d18267890 --- /dev/null +++ b/karakeep/rootfs/usr/local/bin/ssl-check-generate.sh @@ -0,0 +1,47 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash + +set -e + +# Check for required arguments +if [ $# -ne 3 ]; then + bashio::log.error "[ssl-check-generate.sh] missing: " + exit 1 +fi + +bashio::log.debug "SSL Certificate check" + +renew_days=90 + +certfile="$1" +keyfile="$2" +selfsigned=${3:-true} + +if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then + if [ "$selfsigned" = "true" ]; then + /usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile" + exit 0 + else + bashio::log.error "[ssl-check-generate.sh] either certfile, keyfile, or both are missing" + exit 1 + fi +fi + +enddate=$(openssl x509 -enddate -noout -in "$certfile" 2>/dev/null || true) +if [ -n "$enddate" ]; then + expiry_date=$(echo "$enddate" | cut -d= -f2 | sed 's/ GMT$//') + expiry_ts=$(date -d "$expiry_date" +%s) + now_ts=$(date +%s) + days_left=$(( (expiry_ts - now_ts) / 86400 )) + + if [ "$days_left" -le "$renew_days" ]; then + bashio::log.info "Self-signed cert expiring in $days_left days, regenerating..." + /usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile" + fi +else + bashio::log.error "Unable to determine ssl certificate expiry date" +fi + +if pgrep -x nginx >/dev/null 2>&1; then + nginx -s reload +fi \ No newline at end of file diff --git a/karakeep/rootfs/usr/local/bin/ssl-keygen.sh b/karakeep/rootfs/usr/local/bin/ssl-keygen.sh new file mode 100644 index 000000000..da821340d --- /dev/null +++ b/karakeep/rootfs/usr/local/bin/ssl-keygen.sh @@ -0,0 +1,57 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash + +set -e + +# Check for required arguments +if [ $# -ne 2 ]; then + bashio::log.error "[ssl-keygen.sh] missing: " + exit 1 +fi + +certfile="$1" +keyfile="$2" + +[ -f "$certfile" ] && rm -f "$certfile" +[ -f "$keyfile" ] && rm -f "$keyfile" + +mkdir -p "$(dirname "$certfile")" && mkdir -p "$(dirname "$keyfile")" + +if ! hostname="$(bashio::info.hostname 2> /dev/null)" || [ -z "$hostname" ]; then + hostname="homeassistant" +fi +tmp_openssl_cfg=$(mktemp) +trap 'rm -f "$tmp_openssl_cfg"' EXIT + +cat > "$tmp_openssl_cfg" <