mirror of
https://github.com/alexbelgium/hassio-addons.git
synced 2026-01-13 03:11:02 +01:00
nobuild
This commit is contained in:
Alexandre
@@ -1,226 +0,0 @@
|
||||
# 0.30.0 (New year release 🎁)
|
||||
|
||||
Welcome to the 0.30.0 release of Karakeep and happy new year! This release comes with "2025 wrapped" (a bit late), PDF archives, new reader settings, avatars, reddit crawling improvements, and more! Huge thanks to our contributors for this release @esimkowitz, @Moondragon85, @rzxczxc, @colado, @Yeraze, @eriktews and everyone who shipped code, triaged bugs, or shared feedback for this release.
|
||||
|
||||
> If you enjoy using Karakeep, consider supporting the project [here ☕️](https://buymeacoffee.com/mbassem) or via GitHub [here](https://github.com/sponsors/MohamedBassem).
|
||||
|
||||
<a href="https://www.buymeacoffee.com/mbassem" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" width="auto" height="50" ></a>
|
||||
|
||||
And in case you missed it, we now have a ☁️ managed offering ☁️ for those who don't want to self-host. We're in public beta now and you can signup [here](https://cloud.karakeep.app) 🎉.
|
||||
|
||||
# New Features 🚀
|
||||
|
||||
- 2025 Wrapped is here to celebrate your year in Karakeep (#2322).
|
||||
- PDF archives
|
||||
- Archive bookmarks as PDFs, generated automatically during crawling or on-demand (#2309).
|
||||
- Set `CRAWLER_STORE_PDF=true` to enable auto PDF archiving.
|
||||
- Unified reader settings (font, size, etc) across all devices with per-device overrides (#2230). By @esimkowitz!
|
||||
- Better metadata extraction:
|
||||
- Reddit posts should now be crawled correctly, and banners should be fetched more reliably.
|
||||
- Fixed YouTube thumbnail and author extraction.
|
||||
- Fixed Amazon product image extraction (where it was sometimes showing the prime logo) (#2204, #2108). By @Yeraze
|
||||
- Upload custom user avatars for more personal profiles (#2296).
|
||||
- AI Setting customization:
|
||||
- Customize tag styling (case, separators, language) per user. It's highly recommended to set the tag style for more consistent tags (#2312).
|
||||
- Per-user toggles to disable auto-tagging and/or auto-summarization (#2275).
|
||||
- Others:
|
||||
- Import libraries from Matter with full export support (#2245). By @Moondragon85
|
||||
- Bulk remove bookmarks from lists (#2279).
|
||||
- Add a new rule condition to rule engine: "URL Does Not Contain" (#2280).
|
||||
- Configure an OpenAI proxy via `OPENAI_PROXY_URL` (#2231). By @rzxczxc
|
||||
- Added `is:broken` search qualifier to show links that failed crawling (#2225).
|
||||
- Edit list now in the mobile app (#2310). By @colado
|
||||
|
||||
# UX Improvements ✨
|
||||
|
||||
- Our docs got a facelift! The docs got some styling, the pages got re-organized and we now have a "Using Karakeep" section that explains some of the core concepts of Karakeep.
|
||||
- Replace bookmark banners and download attachments directly from the drop down menu (#2328).
|
||||
- Sidebar scrollbar looks cleaner, and pending list invites show as a badge in the sidebar.
|
||||
- Bookmark edit dialog now includes notes.
|
||||
- Bookmark owner avatars now show up in collaborative lists.
|
||||
- Mobile UI/UX improvements:
|
||||
- Fixed title on mobile to be at most 2 lines long.
|
||||
- Mobile settings screens should now feel more native (#2307).
|
||||
- OLED-friendly colors in the Android app matching the colors of the ios app (#1958).
|
||||
- Toasts on iOS now appear correctly above the open modals (#2320). By @colado
|
||||
- Shared lists now appear in a dedicated subsection on mobile.
|
||||
- Adding a bookmark to a list now shows a spinner during loading (#2283).
|
||||
- Server version now appears in mobile settings (#2276).
|
||||
- Fixed the confusing "tick button" beside the server address during login.
|
||||
|
||||
# Fixes 🔧
|
||||
|
||||
- Fixed missing db indicies that was causing slow bookmark queries (#2246, #2287).
|
||||
- Improved Ollama summaries by using the generate endpoint (#2324). By @eriktews
|
||||
- Fixed HTML bookmark imports failing on empty folder names (#2300).
|
||||
- Fixed non-link bookmarks stuck in pending summarization (#1605).
|
||||
- Improved tagging prompts and error-page detection.
|
||||
- Reject spoofed content types on file uploads.
|
||||
- Preserve failure counts when rescheduling rate-limited domains (#2303).
|
||||
- Fixed duplicate backdrop buttons in reader view (#2234). By @colado
|
||||
- RSS feed fetching is now spread over the hour (#2227).
|
||||
- Asset preprocessing worker timeout is now configurable (91784cd2).
|
||||
- Fixed bypassing email verification in apiKey.exchange.
|
||||
- Added limits on number of rss feeds and webhooks per user configurable by admins.
|
||||
- Fixed a bug where failed crawling leave bookmarks as pending tagging in the admin dashboard.
|
||||
|
||||
# For Developers 🛠️
|
||||
|
||||
- OpenTelemetry integration with OTLP exporter (#2318, #2321).
|
||||
- CLI can list users for admins.
|
||||
- We're now defaulting to Node.js 24 (the current LTS).
|
||||
- Breaking: In bookmark APIs `includeContent` now defaults to `false`. This change was announced a couple months ago, and is taking effect in this release.
|
||||
|
||||
# Community Projects 💡
|
||||
|
||||
- Karakeep integration for Home Assistant (#2196) by @sli-cka. Get it from [here](https://github.com/sli-cka/karakeep-homeassistant).
|
||||
|
||||
# Screenshots 📸
|
||||
|
||||
## Wrapped 2025
|
||||
|
||||
|
||||
|
||||
## Reader Settings
|
||||
|
||||
.
|
||||
|
||||
|
||||
### AI Settings
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# Upgrading 📦
|
||||
|
||||
To upgrade:
|
||||
* If you're using `KARAKEEP_VERSION=release`, run `docker compose pull && docker compose up -d`.
|
||||
* If you're pinning it to a specific version, bump the version and then run `docker compose pull && docker compose up -d`.
|
||||
|
||||
# All Commits
|
||||
|
||||
* i18n: fix en_US translation - @MohamedBassem in d472a3a1
|
||||
* fix: fix wrapped feature to only show bookmarks in 2025 - @MohamedBassem in 4077e286
|
||||
* i18n: Sync weblate translations - Weblate in 401ea6a9
|
||||
* chore: drop the experimental tag from the rule engine - @MohamedBassem in bf9d6105
|
||||
* fix: show a toast during banner upload - @MohamedBassem in 9555f409
|
||||
* fix: don't switch the bookmark back to pending on recrawl - @MohamedBassem in 79400d04
|
||||
* fix: use the Ollama generate endpoint instead of chat (#2324) - @eriktews in e8c79f29
|
||||
* feat: add replace banner and attachment download (#2328) - @MohamedBassem in 3d652eee
|
||||
* feat: Add bulk remove from list (#2279) - @MohamedBassem in 7a76216e
|
||||
* feat: add "URL Does Not Contain" condition to rule engine (#2280) - @MohamedBassem in b20ba9cf
|
||||
* feat: 2025 wrapped (#2322) - @MohamedBassem in a0b4a26a
|
||||
* chore: worker tracing (#2321) - @MohamedBassem in 7ab7db8e
|
||||
* feat(landing): add corporate pricing - @MohamedBassem in d852ee1a
|
||||
* fix(mobile): mobile modal UI issues (#2320) - @colado in a43d375f
|
||||
* ci: fix tests - @MohamedBassem in 9d6b1282
|
||||
* feat: change default for tag style to be title case with spaces - @MohamedBassem in 9098a5a6
|
||||
* fix: more tagging tweaks - @MohamedBassem in c1cbaa8a
|
||||
* build: fix broken CI - @MohamedBassem in a5ce977d
|
||||
* fix: change prompt to better recognize error pages - @MohamedBassem in f5a5c14e
|
||||
* refactor: reduce duplication in compare-models tool - @MohamedBassem in f00287ed
|
||||
* chore: add tracing for email functions - @MohamedBassem in ba8d84a5
|
||||
* feat(mobile): create new list edit screen (#2310) - @colado in 30fa06fe
|
||||
* feat: Add open telemetry (#2318) - @MohamedBassem in 5537fe85
|
||||
* fix: reset tagging status on crawl failure (#2316) - @MohamedBassem in f7920bdc
|
||||
* feat: add the ability to specify a different changelog version - @MohamedBassem in 10820761
|
||||
* fix: remove duplicate mobile backdrop button in reader view (#2234) - @esimkowitz in 3f44e319
|
||||
* fix(landing): fix cloud banner on mobile - @MohamedBassem in 23f28530
|
||||
* refactor: add suspense boundary in sidebar layout - @MohamedBassem in 3c3d8685
|
||||
* feat(mobile): make the settings menu look more native (#2307) - @MohamedBassem in 6ee48ffb
|
||||
* feat(web): better looking scrollbar in the sidebar - @MohamedBassem in f7523a21
|
||||
* feat(mobile): use oled friendly colors for android app. fixes #1958 - @MohamedBassem in e800d744
|
||||
* refactor: migrate toasts to sonner - @MohamedBassem in 173fb99a
|
||||
* feat: add customizable tag styles (#2312) - @MohamedBassem in af3010ab
|
||||
* feat: add Matter import support (#2245) - @Moondragon85 in 93630ce8
|
||||
* feat: support archiving as pdf (#2309) - @MohamedBassem in 267db791
|
||||
* feat: add OPENAI_PROXY_URL configuration and support for proxy in OpenAI client (#2231) - @rzxczxc in bb6b742a
|
||||
* fix(tests): fix the asset upload tests - @MohamedBassem in e82694de
|
||||
* fix: reject spoofed content types on uploads - @MohamedBassem in 2dbdf76c
|
||||
* deps: upgrade tesseract to v7 - @MohamedBassem in 347793ad
|
||||
* feat(landing): announce cloud public beta in landing page - @MohamedBassem in c3b2326c
|
||||
* chore: add a tool for comparing perf of different models - @MohamedBassem in 1dfa5d12
|
||||
* feat: add notes to the bookmark edit dialog - @MohamedBassem in ecb7a710
|
||||
* fix(restate): change journal retention for services to 3d - @MohamedBassem in 0efffdcc
|
||||
* fix(cli): migrate bookmark source in migration command - @MohamedBassem in 65cfa871
|
||||
* fix: preserve failure count when rescheduling rate limited domains (#2303) - @MohamedBassem in ddd4b578
|
||||
* feat: show bookmark owner icon in shared lists (#2277) - @MohamedBassem in ef27670f
|
||||
* fix: make avatars public - @MohamedBassem in f7d34627
|
||||
* refactor: move assets to their own model (#2301) - @MohamedBassem in 013ca67c
|
||||
* feat: add support for user avatars (#2296) - @MohamedBassem in 314c363e
|
||||
* fix: handle empty folder names in HTML bookmark imports (#2300) - @MohamedBassem in 3408e6e4
|
||||
* feat: add a warning about viewing archives inline. fixes #2286 - @MohamedBassem in e336513f
|
||||
* fix(tests): fix the user setting tests - @MohamedBassem in 258bebe0
|
||||
* feat: Add user settings to disable auto tagging/summarization (#2275) - @MohamedBassem in 0bdba54b
|
||||
* feat(mobile): Convert server address editing to modal in mobile app (#2290) - @MohamedBassem in ece68ed0
|
||||
* fix: check quota usage instead bookmark transaction - @MohamedBassem in ca4bfa4c
|
||||
* fix: optimize tagging db queries (#2287) - @MohamedBassem in e18dc4c9
|
||||
* docs: shuffle some docs around - @MohamedBassem in 4762da12
|
||||
* docs: add RSS feeds integration documentation (#2288) - @MohamedBassem in 903aa5e9
|
||||
* feat(restate): Add a var to control whether to expose core services or not - @MohamedBassem in dc8ab862
|
||||
* feat: add more restate semaphore controls - @MohamedBassem in 58eb6c00
|
||||
* feat(mobile): Show shared lists under a subsection - @MohamedBassem in 837dea5e
|
||||
* fix(mobile): Fix title line clamp to 2 lines - @MohamedBassem in 15cfa137
|
||||
* fix(mobile): Add loading spinner to mobile list button (#2283) - @MohamedBassem in 7b98c52a
|
||||
* feat: add server version display to mobile app settings (#2276) - @MohamedBassem in bd969b34
|
||||
* fix: add authentication checks to settings layout (#2274) - @MohamedBassem in e53f3ae5
|
||||
* fix: only trigger search autocomplete on first search char - @MohamedBassem in 92e352f3
|
||||
* feat(landing): remove waitlist link. fixes #2270 - @MohamedBassem in e842c5a7
|
||||
* fix: don't fail the script if the user karakeep already exists. fixes #2242 - @MohamedBassem in e78e5129
|
||||
* fix: collapse reader settings by default - @MohamedBassem in 3955f91a
|
||||
* docs: Add icons beside category names - @MohamedBassem in 9021822a
|
||||
* Revert "fix: fix restate service to return control to restate service on timeout" - @MohamedBassem in 510174db
|
||||
* feat: Add unified reader settings with local overrides (#2230) - @esimkowitz in 7f4202af
|
||||
* fix: fix restate service to return control to restate service on timeout - @MohamedBassem in 6db14ac4
|
||||
* fix: non-link bookmarks where stuck in pending summarization. Fixes #1605 - @MohamedBassem in d7357118
|
||||
* fix: move trpc error logging inside the dev check - @MohamedBassem in 0b65e5a4
|
||||
* fix: Fix Amazon product image extraction on amazon.com URLs (#2108) - @Yeraze in b3196354
|
||||
* feat: use reddit API for metadata extraction. Fixes #1853 #1883 - @MohamedBassem in f5c32d94
|
||||
* fix: use GET requests for the content type request - @MohamedBassem in d6dd8ebd
|
||||
* docs: fix sidebar on mobile - @MohamedBassem in f111cba9
|
||||
* feat: Add limits on number of rss feeds and webhooks per user - @MohamedBassem in 74df8bd7
|
||||
* release(cli): Bump CLI version to 0.29.1 - @MohamedBassem in 697c853a
|
||||
* readme: some readme updates - @MohamedBassem in 1ebc721c
|
||||
* docs: Update screenshots in docs - @MohamedBassem in c6cf4188
|
||||
* docs: Adding user guides - @MohamedBassem in 04b9c291
|
||||
* docs: drop docs for old versions - @MohamedBassem in fecb0079
|
||||
* docs: restructure the docs - @MohamedBassem in af69f637
|
||||
* docs: restyle the docs - @MohamedBassem in b4344401
|
||||
* ci: run CI with node 24 - @MohamedBassem in 2bdba536
|
||||
* deps: Upgrade to nodejs 24 - @MohamedBassem in 480abce4
|
||||
* fix!: changing default for includeContent to be false in the API - @MohamedBassem in 1369ad01
|
||||
* deps: Upgrade nextjs to 15.3.8 - @MohamedBassem in 80278ecf
|
||||
* deps: Upgrade nextjs to 15.3.7 - @MohamedBassem in 74bdc186
|
||||
* fix: add more indicies for faster bookmark queries (#2246) - @MohamedBassem in 683083f4
|
||||
* feat: make asset preprocessing worker timeout configurable - @Claude in 91784cd2
|
||||
* fix: Add cache control header on asset endpoints - @MohamedBassem in 3e8cc745
|
||||
* chore: Allowing multi user benchmarks and adding more coverage - @MohamedBassem in 265b6773
|
||||
* feat(cli): Add ability to list users for the admin in the CLI - @MohamedBassem in 69a756aa
|
||||
* fix: fix correctly accounting for text bookmark in import sessions. #2208 - @MohamedBassem in 6886385c
|
||||
* fix: check import quota before importing bookmarks (#2232) - @MohamedBassem in 20d3761c
|
||||
* build: fix typecheck error in query explainer - @MohamedBassem in b6c2dadd
|
||||
* fix: migrate to metascraper-x from metascraper-twitter - @MohamedBassem in c6f93b3b
|
||||
* feat: add is:broken search qualifier for broken links (#2225) - @MohamedBassem in 1f43f232
|
||||
* feat: spread feed fetch scheduling deterministically over the hour (#2227) - @MohamedBassem in 13a090c4
|
||||
* fix: better extraction for youtube thumbnails. #2204 - @MohamedBassem in e3cc5463
|
||||
* fix: remove queue triggers outside of updateTags transaction - @MohamedBassem in cf2a12c8
|
||||
* chore: add benchmarks (#2229) - @MohamedBassem in 6180c662
|
||||
* build: dont update latest tags on release - @MohamedBassem in de98873a
|
||||
* deps: Upgrade nextjs to 15.3.6 - @MohamedBassem in 20081a3a
|
||||
* feat: add a notification badge for list invitations - @MohamedBassem in 3c6b8e97
|
||||
* docs: add karakeep integration for Home Assistant (#2196) - @sli-cka in 9a339385
|
||||
* fix: regen turnstile token on signup resubmission - @MohamedBassem in 9257b534
|
||||
* feat(landing): Add more features to the homepage - @MohamedBassem in 9a6d36f2
|
||||
* ci: run arm docker image builds on arm machines - @MohamedBassem in 3421246d
|
||||
* ci: parallelize the docker workflow for platforms - @MohamedBassem in 2e889617
|
||||
* fix: reenable idempotency key for search indexing - @MohamedBassem in 2ef751ef
|
||||
* fix: fix bypass email verification in apiKey.exchange - @MohamedBassem in e4f434e7
|
||||
* readme: add collaborative lists to the list of features - @MohamedBassem in d6d319d3
|
||||
* fix: Add restate queued idempotency (#2169) - @MohamedBassem in a71b9505
|
||||
* feat: add support for turnstile on signup - @MohamedBassem in b12c1c3a
|
||||
* build: fix npm trusted publishing - @MohamedBassem in 4898b6be
|
||||
* release: cli, mcp and sdk - @MohamedBassem in 28d6750e
|
||||
* release(extension): Release version 1.2.8 - @MohamedBassem in fdea0861
|
||||
* release(mobile): Bump mobile version to 1.8.3 - @MohamedBassem in 8da5b598
|
||||
* release(docs): release the 0.29 docs - @MohamedBassem in 97c386a4
|
||||
@@ -1,42 +0,0 @@
|
||||
# Home Assistant add-on: Karakeep (all-in-one) 💾 by Fabio Garavini
|
||||
|
||||
The Karakeep Addon is a bookmark-everything app with a touch of AI, designed specifically for data hoarders. This addon allows you to save and organize your favorite bookmarks, with features like AI-powered search and recommendation.
|
||||
|
||||
## Configuration
|
||||
|
||||
- `NEXTAUTH_URL`: The URL of the Karakeep instance. Example `http://<homeassistant-ip>:3011`.
|
||||
- `TZ`: The timezone to use for the addon. Example `Europe/Rome`.
|
||||
- `DISABLE_SIGNUPS`: Whether to disable signups for new users. Defaults to `false`.
|
||||
- `NEXTAUTH_SECRET`: A secret key used for authentication. Defaults to a random value.
|
||||
- `MAX_ASSET_SIZE_MB`: The maximum size of assets (e.g. images) that can be uploaded. Defaults to `4`.
|
||||
- `OCR_LANGS`: A comma-separated list of languages to use for optical character recognition (OCR). Defaults to `eng`.
|
||||
- `OCR_CONFIDENCE_THRESHOLD`: The minimum confidence threshold for OCR results. Defaults to `50`.
|
||||
- `OPENAI_API_KEY`: An API key for OpenAI. Optional.
|
||||
- `OPENAI_BASE_URL`: The base URL of the OpenAI API. Optional.
|
||||
- `OLLAMA_BASE_URL`: The base URL of the OLLAMA API. Optional.
|
||||
- `INFERENCE_TEXT_MODEL`: The text model to use for inference. Defaults to `gpt-4o-mini`.
|
||||
- `INFERENCE_IMAGE_MODEL`: The image model to use for inference. Defaults to `gpt-4o-mini`.
|
||||
- `EMBEDDING_TEXT_MODEL`: The text model to use for embedding. Defaults to `text-embedding-3-small`.
|
||||
- `INFERENCE_CONTEXT_LENGTH`: The length of the context to use for inference. Defaults to `2048`.
|
||||
- `INFERENCE_LANG`: The language to use for inference. Defaults to `english`.
|
||||
- `INFERENCE_JOB_TIMEOUT_SEC`: The timeout for inference jobs in seconds. Defaults to `30`.
|
||||
|
||||
More informations about other configs can be found in the [official documentation](https://docs.karakeep.app/configuration)
|
||||
|
||||
## Ports
|
||||
|
||||
The Karakeep Addon exposes the following ports:
|
||||
|
||||
- `3000/tcp`: The web UI port.
|
||||
|
||||
## Installation
|
||||
|
||||
To install the Karakeep Addon, follow these steps:
|
||||
|
||||
1. Open the Home Assistant UI and navigate to the Add-ons page.
|
||||
1. Click the "Karakeep" addon.
|
||||
1. Click the "Install" button.
|
||||
1. (Optional) under `Configuration` set `NEXTAUTH_URL` as specified above
|
||||
1. Click the "Open Web UI" button.
|
||||
1. Create a new user.
|
||||
1. Happy hoarding!
|
||||
@@ -1,121 +0,0 @@
|
||||
# check=skip=SecretsUsedInArgOrEnv
|
||||
ARG BUILD_FROM=ghcr.io/karakeep-app/karakeep:0.30.0
|
||||
|
||||
ARG MEILI_VERSION="v1.13.3"
|
||||
|
||||
FROM getmeili/meilisearch:${MEILI_VERSION} AS meilisearch
|
||||
|
||||
FROM ${BUILD_FROM}
|
||||
|
||||
# Environment variables
|
||||
ENV \
|
||||
DATA_DIR="/share/karakeep" \
|
||||
MEILI_DIR="/config/meili" \
|
||||
DISABLE_NEW_RELEASE_CHECK=true \
|
||||
BROWSER_WEB_URL="http://127.0.0.1:9222" \
|
||||
MEILI_ADDR="http://127.0.0.1:7700" \
|
||||
MEILI_MASTER_KEY="0uIHQXWthY2L2yqCWGVGu2axN+l4qcDEc+Of/7e8X7bEyZ8k" \
|
||||
MEILI_NO_ANALYTICS=true \
|
||||
XDG_CACHE_HOME="/data/cache"
|
||||
|
||||
ENV \
|
||||
CHROME_BIN=/usr/bin/chromium-browser \
|
||||
CHROME_PATH=/usr/lib/chromium/ \
|
||||
CHROMIUM_FLAGS="--disable-software-rasterizer --disable-dev-shm-usage" \
|
||||
MEILI_HTTP_ADDR=0.0.0.0:7700 \
|
||||
MEILI_SERVER_PROVIDER=docker \
|
||||
MEILI_ENV=production
|
||||
|
||||
ENV \
|
||||
SERVICE_PORT=3000 \
|
||||
NGINX_PORT=8080
|
||||
|
||||
# NGINX Install
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
bash \
|
||||
openssl \
|
||||
nginx \
|
||||
&& rm -rf /etc/nginx
|
||||
|
||||
# Set shell
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
|
||||
# Addon base configuration
|
||||
ARG BUILD_ARCH=amd64
|
||||
# renovate: datasource=github-releases packageName=hassio-addons/bashio
|
||||
ARG BASHIO_VERSION="v0.17.5"
|
||||
# renovate: datasource=github-releases packageName=home-assistant/tempio
|
||||
ARG TEMPIO_VERSION="2024.11.2"
|
||||
RUN \
|
||||
set -o pipefail \
|
||||
&& apk add --no-cache --virtual .build-dependencies \
|
||||
tar \
|
||||
xz \
|
||||
&& apk add --no-cache \
|
||||
libcrypto3 \
|
||||
libssl3 \
|
||||
musl-utils \
|
||||
musl \
|
||||
curl \
|
||||
jq \
|
||||
tzdata \
|
||||
\
|
||||
&& curl -J -L "https://github.com/hassio-addons/bashio/archive/${BASHIO_VERSION}.tar.gz" -o /tmp/bashio.tar.gz \
|
||||
&& mkdir /tmp/bashio \
|
||||
&& tar zxvf /tmp/bashio.tar.gz --strip 1 -C /tmp/bashio \
|
||||
\
|
||||
&& mv /tmp/bashio/lib /usr/lib/bashio \
|
||||
&& ln -s /usr/lib/bashio/bashio /usr/bin/bashio \
|
||||
\
|
||||
&& curl -L -s "https://github.com/home-assistant/tempio/releases/download/${TEMPIO_VERSION}/tempio_${BUILD_ARCH}" -o /usr/bin/tempio \
|
||||
&& chmod a+x /usr/bin/tempio \
|
||||
\
|
||||
&& apk del --no-cache --purge .build-dependencies \
|
||||
&& rm -rf /tmp/*
|
||||
|
||||
# Installs latest Chromium package.
|
||||
RUN \
|
||||
apk upgrade --no-cache --available \
|
||||
&& apk add --no-cache \
|
||||
chromium \
|
||||
chromium-swiftshader \
|
||||
ttf-freefont \
|
||||
font-noto-emoji \
|
||||
font-wqy-zenhei \
|
||||
&& mkdir -p /usr/src/chrome \
|
||||
&& adduser -D chrome \
|
||||
&& chown -R chrome:chrome /usr/src/chrome
|
||||
|
||||
COPY --from=meilisearch /bin/meilisearch /bin/meilitool /bin/
|
||||
|
||||
COPY .common/addon-config /
|
||||
COPY .common/nginx /
|
||||
|
||||
COPY rootfs/ /
|
||||
|
||||
ARG BUILD_VERSION \
|
||||
BUILD_DATE \
|
||||
BUILD_DESCRIPTION \
|
||||
BUILD_NAME \
|
||||
BUILD_REF \
|
||||
BUILD_REPOSITORY
|
||||
|
||||
LABEL \
|
||||
io.hass.name="${BUILD_NAME}" \
|
||||
io.hass.description="${BUILD_DESCRIPTION}" \
|
||||
io.hass.arch="${BUILD_ARCH}" \
|
||||
io.hass.type="addon" \
|
||||
io.hass.version="${BUILD_VERSION}" \
|
||||
maintainer="Fabio Garavini <info@fabiogaravini.dev>" \
|
||||
org.opencontainers.image.title="${BUILD_NAME}" \
|
||||
org.opencontainers.image.description="${BUILD_DESCRIPTION}" \
|
||||
org.opencontainers.image.vendor="Fabio Garavini Hassio Add-ons" \
|
||||
org.opencontainers.image.authors="Fabio Garavini <info@fabiogaravini.dev>" \
|
||||
org.opencontainers.image.licenses="MIT" \
|
||||
org.opencontainers.image.url="https://github.com/fabio-garavini" \
|
||||
org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \
|
||||
org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \
|
||||
org.opencontainers.image.created=${BUILD_DATE} \
|
||||
org.opencontainers.image.revision=${BUILD_REF} \
|
||||
org.opencontainers.image.version=${BUILD_VERSION}
|
||||
@@ -1 +0,0 @@
|
||||
Borrowed from Fabio Garavini
|
||||
@@ -1,16 +0,0 @@
|
||||
source:
|
||||
type: docker
|
||||
repo: ghcr.io/karakeep-app/karakeep
|
||||
current_version: 0.30.0
|
||||
version_template: regex:^(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)$
|
||||
config:
|
||||
version_template: "{{major}}.{{minor}}.{{patch}}"
|
||||
patch: 0
|
||||
image: fabioogaravini/hassio-karakeep
|
||||
build:
|
||||
image: ghcr.io/karakeep-app/karakeep
|
||||
version_template: "{{major}}.{{minor}}.{{patch}}"
|
||||
changelog:
|
||||
source: github-releases
|
||||
repo: karakeep-app/karakeep
|
||||
version_template: v{{major}}.{{minor}}.{{patch}}
|
||||
@@ -1,3 +0,0 @@
|
||||
build_from:
|
||||
aarch64: ghcr.io/karakeep-app/karakeep:0.30.0
|
||||
amd64: ghcr.io/karakeep-app/karakeep:0.30.0
|
||||
@@ -1,68 +0,0 @@
|
||||
name: Karakeep
|
||||
version: 0.30.0-5
|
||||
slug: karakeep
|
||||
description: bookmark-everything app with a touch of AI for the data hoarders out there
|
||||
url: https://karakeep.app/
|
||||
webui: "[PROTO:ssl]://[HOST]:[PORT:8080]"
|
||||
arch:
|
||||
- aarch64
|
||||
- amd64
|
||||
init: false
|
||||
hassio_api: true
|
||||
map:
|
||||
- type: addon_config
|
||||
read_only: false
|
||||
- type: share
|
||||
read_only: false
|
||||
- type: ssl
|
||||
backup: cold
|
||||
backup_exclude:
|
||||
- "**/logs"
|
||||
schema:
|
||||
TZ: str?
|
||||
ssl: bool
|
||||
certfile: str?
|
||||
keyfile: str?
|
||||
BROWSER_WEB_URL: str?
|
||||
DISABLE_SIGNUPS: bool
|
||||
NEXTAUTH_SECRET: password
|
||||
MAX_ASSET_SIZE_MB: int?
|
||||
NEXTAUTH_URL: str?
|
||||
OCR_LANGS: str?
|
||||
OCR_CONFIDENCE_THRESHOLD: int(0,100)?
|
||||
OPENAI_BASE_URL: str?
|
||||
OPENAI_API_KEY: password?
|
||||
OLLAMA_BASE_URL: str?
|
||||
INFERENCE_TEXT_MODEL: str?
|
||||
INFERENCE_IMAGE_MODEL: str?
|
||||
EMBEDDING_TEXT_MODEL: str?
|
||||
INFERENCE_CONTEXT_LENGTH: int(0,)?
|
||||
INFERENCE_LANG: str?
|
||||
INFERENCE_JOB_TIMEOUT_SEC: int(0,)?
|
||||
CRAWLER_DOWNLOAD_BANNER_IMAGE: bool
|
||||
CRAWLER_STORE_SCREENSHOT: bool
|
||||
CRAWLER_FULL_PAGE_SCREENSHOT: bool
|
||||
CRAWLER_FULL_PAGE_ARCHIVE: bool
|
||||
CRAWLER_JOB_TIMEOUT_SEC: int(0,)?
|
||||
CRAWLER_NAVIGATE_TIMEOUT_SEC: int(0,)?
|
||||
CRAWLER_VIDEO_DOWNLOAD: bool?
|
||||
CRAWLER_VIDEO_DOWNLOAD_MAX_SIZE: int?
|
||||
CRAWLER_VIDEO_DOWNLOAD_TIMEOUT_SEC: int(0,)?
|
||||
CRAWLER_ENABLE_ADBLOCKER: bool
|
||||
options:
|
||||
TZ: Etc/UTC
|
||||
ssl: true
|
||||
certfile: fullchain.pem
|
||||
keyfile: privkey.pem
|
||||
DISABLE_SIGNUPS: false
|
||||
NEXTAUTH_SECRET: jnE2An0WyIKZvO+WgKJrn8WPW+c3DzV+c9ntBp8CdobTOmpJ
|
||||
MAX_ASSET_SIZE_MB: 4
|
||||
CRAWLER_DOWNLOAD_BANNER_IMAGE: true
|
||||
CRAWLER_STORE_SCREENSHOT: false
|
||||
CRAWLER_FULL_PAGE_SCREENSHOT: false
|
||||
CRAWLER_FULL_PAGE_ARCHIVE: false
|
||||
CRAWLER_ENABLE_ADBLOCKER: true
|
||||
ports:
|
||||
8080/tcp: 3011
|
||||
ports_description:
|
||||
8080/tcp: Web UI
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 2.1 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 30 KiB |
@@ -1,31 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
|
||||
<fontconfig>
|
||||
|
||||
<alias>
|
||||
<family>sans-serif</family>
|
||||
<prefer>
|
||||
<family>Main sans-serif font name goes here</family>
|
||||
<family>Noto Color Emoji</family>
|
||||
<family>Noto Emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
|
||||
<alias>
|
||||
<family>serif</family>
|
||||
<prefer>
|
||||
<family>Main serif font name goes here</family>
|
||||
<family>Noto Color Emoji</family>
|
||||
<family>Noto Emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
|
||||
<alias>
|
||||
<family>monospace</family>
|
||||
<prefer>
|
||||
<family>Main monospace font name goes here</family>
|
||||
<family>Noto Color Emoji</family>
|
||||
<family>Noto Emoji</family>
|
||||
</prefer>
|
||||
</alias>
|
||||
</fontconfig>
|
||||
@@ -1,96 +0,0 @@
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/webp webp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
pptx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
xlsx;
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
proxy_http_version 1.1;
|
||||
proxy_ignore_client_abort off;
|
||||
proxy_read_timeout 86400s;
|
||||
proxy_redirect off;
|
||||
proxy_send_timeout 86400s;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
@@ -1 +0,0 @@
|
||||
resolver 127.0.0.11 ipv6=off;
|
||||
@@ -1,6 +0,0 @@
|
||||
root /dev/null;
|
||||
server_name $hostname;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
@@ -1,8 +0,0 @@
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
#ssl_stapling on;
|
||||
#ssl_stapling_verify on;
|
||||
@@ -1,52 +0,0 @@
|
||||
# Run nginx in foreground.
|
||||
daemon off;
|
||||
|
||||
# This is run inside Docker.
|
||||
user root;
|
||||
|
||||
# Pid storage location.
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
# Set number of worker processes.
|
||||
worker_processes 1;
|
||||
|
||||
# Enables the use of JIT for regular expressions to speed-up their processing.
|
||||
pcre_jit on;
|
||||
|
||||
# Write error log to the add-on log.
|
||||
error_log /proc/1/fd/1 error;
|
||||
|
||||
# Load allowed environment vars
|
||||
env HASSIO_TOKEN;
|
||||
|
||||
# Load dynamic modules.
|
||||
include /etc/nginx/modules/*.conf;
|
||||
|
||||
# Max num of simultaneous connections by a worker process.
|
||||
events {
|
||||
worker_connections 512;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/includes/mime.types;
|
||||
|
||||
access_log off;
|
||||
client_max_body_size 4G;
|
||||
default_type application/octet-stream;
|
||||
gzip on;
|
||||
keepalive_timeout 65;
|
||||
sendfile on;
|
||||
server_tokens off;
|
||||
tcp_nodelay on;
|
||||
tcp_nopush on;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
include /etc/nginx/includes/resolver.conf;
|
||||
include /etc/nginx/includes/upstream.conf;
|
||||
|
||||
include /etc/nginx/servers/*.conf;
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
server {
|
||||
{{ if not .ssl }}
|
||||
listen {{ .port }} default_server;
|
||||
{{ else }}
|
||||
listen {{ .port }} default_server ssl;
|
||||
{{ end }}
|
||||
|
||||
include /etc/nginx/includes/server_params.conf;
|
||||
include /etc/nginx/includes/proxy_params.conf;
|
||||
|
||||
{{ if .ssl }}
|
||||
include /etc/nginx/includes/ssl_params.conf;
|
||||
|
||||
ssl_certificate {{ .certfile }};
|
||||
ssl_certificate_key {{ .keyfile }};
|
||||
{{ end }}
|
||||
|
||||
location / {
|
||||
{{ if .ingress_user }}
|
||||
set $ingress_user "";
|
||||
|
||||
if ($remote_addr = 172.30.32.2) {
|
||||
set $ingress_user {{ .ingress_user }};
|
||||
}
|
||||
|
||||
proxy_set_header X-WebAuth-User $ingress_user;
|
||||
{{ end }}
|
||||
|
||||
proxy_pass {{ .protocol }}://backend;
|
||||
}
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
upstream backend {
|
||||
server 127.0.0.1:{{ .port }};
|
||||
}
|
||||
@@ -1,59 +0,0 @@
|
||||
#!/command/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
echo " Loading env variables:"
|
||||
|
||||
OPTIONS_SOURCE=/data/options.json
|
||||
|
||||
while read -r -d $'\0' key && read -r value; do
|
||||
|
||||
line="$key=$value"
|
||||
|
||||
# log redacted config
|
||||
case "$key" in
|
||||
*PASS*|*SECRET*|*KEY*|*TOKEN*)
|
||||
echo " $key=******"
|
||||
;;
|
||||
*)
|
||||
echo " $line"
|
||||
;;
|
||||
esac
|
||||
|
||||
export $key=$value
|
||||
|
||||
# set .env
|
||||
echo "$line" >> /.env || true
|
||||
|
||||
# set /etc/environment
|
||||
echo "$line" >> /etc/environment
|
||||
|
||||
# For s6
|
||||
if [ -d /var/run/s6/container_environment ]; then
|
||||
printf "%s" "$value" > /var/run/s6/container_environment/"$key"
|
||||
fi
|
||||
|
||||
echo "export $line" >> ~/.bashrc
|
||||
done < <(
|
||||
jq -r '
|
||||
reduce to_entries[] as $item (
|
||||
{};
|
||||
if $item.value | type == "object" then
|
||||
. + $item.value
|
||||
else
|
||||
. + { ($item.key): $item.value }
|
||||
end
|
||||
)
|
||||
| to_entries[]
|
||||
| "\(.key)\u0000\(.value|tostring)"
|
||||
' "$OPTIONS_SOURCE"
|
||||
)
|
||||
|
||||
if [ -n "$TZ" ] && [ -f /etc/localtime ]; then
|
||||
if [ -f /usr/share/zoneinfo/"$TZ" ]; then
|
||||
echo "Timezone set to $TZ"
|
||||
ln -snf /usr/share/zoneinfo/"$TZ" /etc/localtime
|
||||
echo "$TZ" >/etc/timezone
|
||||
fi
|
||||
fi
|
||||
@@ -1 +0,0 @@
|
||||
oneshot
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-addon-config/run
|
||||
@@ -1,8 +0,0 @@
|
||||
#!/command/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
if [ ! -d "$DATA_DIR" ]; then
|
||||
mkdir -p "$DATA_DIR"
|
||||
fi
|
||||
@@ -1 +0,0 @@
|
||||
oneshot
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-folders/run
|
||||
@@ -1,49 +0,0 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
OPTIONS_SOURCE=/data/options.json
|
||||
|
||||
service_port=${SERVICE_PORT:-80}
|
||||
service_protocol=${SERVICE_PROTOCOL:-http}
|
||||
nginx_port=${NGINX_PORT:-8080}
|
||||
certfile="/ssl/$(jq -r '.certfile' $OPTIONS_SOURCE)"
|
||||
keyfile="/ssl/$(jq -r '.keyfile' $OPTIONS_SOURCE)"
|
||||
ingress_user=$(jq -r '.ingress_user' $OPTIONS_SOURCE)
|
||||
|
||||
# Generate upstream configuration
|
||||
printf '{ "port": "%s" }' "$service_port" \
|
||||
| tempio \
|
||||
-template /etc/nginx/templates/upstream.gtpl \
|
||||
-out /etc/nginx/includes/upstream.conf
|
||||
|
||||
if jq -e '.ssl == true' $OPTIONS_SOURCE > /dev/null; then
|
||||
# Require certfile and keyfile
|
||||
#bashio::config.require 'certfile'
|
||||
#bashio::config.require 'keyfile'
|
||||
|
||||
# If certfile or keyfile does not exist, generate self-signed cert
|
||||
if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then
|
||||
bashio::log.warning "SSL is enabled, but either certfile, keyfile or both are missing. Falling back to a self-signed certificate..."
|
||||
|
||||
certfile="/data/ssl/fullchain.pem"
|
||||
keyfile="/data/ssl/privkey.pem"
|
||||
|
||||
/usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" true
|
||||
else
|
||||
/usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" false
|
||||
fi
|
||||
fi
|
||||
|
||||
printf '{
|
||||
"certfile": "%s",
|
||||
"keyfile": "%s",
|
||||
"port": "%s",
|
||||
"protocol": "%s",
|
||||
"ssl": %s,
|
||||
"ingress_user": "%s"
|
||||
}' "$certfile" "$keyfile" "$nginx_port" "$service_protocol" "$(jq -r '.ssl' $OPTIONS_SOURCE)" "$ingress_user" \
|
||||
| tempio \
|
||||
-template /etc/nginx/templates/direct.gtpl \
|
||||
-out /etc/nginx/servers/direct.conf
|
||||
@@ -1 +0,0 @@
|
||||
oneshot
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/init-nginx/run
|
||||
@@ -1,148 +0,0 @@
|
||||
#!/bin/bash
|
||||
# shellcheck shell=bash
|
||||
set -euo pipefail
|
||||
|
||||
############################
|
||||
# Configurable directories #
|
||||
############################
|
||||
|
||||
CHROME_CACHE_DIR="/data/cache"
|
||||
CHROME_PROFILE_DIR="/data/chrome-profile"
|
||||
EXT_BASE_DIR="/data/extensions"
|
||||
|
||||
# Extension IDs (Chrome Web Store)
|
||||
# uBlock Origin (MV2): cjpalhdlnbpafiamejdnhcphjbkeiagm
|
||||
# I don't care about cookies: fihnjjcciajhdojfnbdddfaoknhalnja
|
||||
UBLOCK_ID="cjpalhdlnbpafiamejdnhcphjbkeiagm"
|
||||
IDCAC_ID="fihnjjcciajhdojfnbdddfaoknhalnja"
|
||||
|
||||
UBLOCK_DIR="${EXT_BASE_DIR}/ublock"
|
||||
IDCAC_DIR="${EXT_BASE_DIR}/idontcareaboutcookies"
|
||||
|
||||
#################################
|
||||
# Ensure persistent writable FS #
|
||||
#################################
|
||||
|
||||
mkdir -p "$CHROME_CACHE_DIR" "$CHROME_PROFILE_DIR" "$EXT_BASE_DIR"
|
||||
chown -R chrome:chrome "$CHROME_CACHE_DIR" "$CHROME_PROFILE_DIR" "$EXT_BASE_DIR"
|
||||
|
||||
########################
|
||||
# Helper: download CRX #
|
||||
########################
|
||||
|
||||
need_bin() {
|
||||
local b="$1"
|
||||
if ! command -v "$b" >/dev/null 2>&1; then
|
||||
echo "Missing required binary: $b"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
crx_to_zip() {
|
||||
# CRX2/CRX3 contains a header before the ZIP payload.
|
||||
# We locate the first ZIP local-file header "PK\003\004" and write from there.
|
||||
local crx="$1"
|
||||
local zip="$2"
|
||||
|
||||
python3 - "$crx" "$zip" <<'PY'
|
||||
import sys
|
||||
|
||||
crx_path, zip_path = sys.argv[1], sys.argv[2]
|
||||
with open(crx_path, "rb") as f:
|
||||
data = f.read()
|
||||
|
||||
sig = b"PK\x03\x04"
|
||||
i = data.find(sig)
|
||||
if i == -1:
|
||||
raise SystemExit("Could not find ZIP signature in CRX (PK\\x03\\x04).")
|
||||
|
||||
with open(zip_path, "wb") as f:
|
||||
f.write(data[i:])
|
||||
PY
|
||||
}
|
||||
|
||||
download_and_unpack_extension() {
|
||||
local ext_id="$1"
|
||||
local out_dir="$2"
|
||||
local name="$3"
|
||||
|
||||
# Skip if already unpacked
|
||||
if [ -f "${out_dir}/manifest.json" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
need_bin python3
|
||||
need_bin curl
|
||||
need_bin unzip
|
||||
|
||||
mkdir -p "$out_dir"
|
||||
chown -R chrome:chrome "$out_dir"
|
||||
|
||||
local tmpdir
|
||||
tmpdir="$(mktemp -d)"
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -rf '$tmpdir'" EXIT
|
||||
|
||||
local crx="${tmpdir}/${name}.crx"
|
||||
local zip="${tmpdir}/${name}.zip"
|
||||
|
||||
# CWS update endpoint (works for most public extensions)
|
||||
# Note: prodversion is just a hint; keep it reasonably recent.
|
||||
local url
|
||||
url="https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0.0.0&acceptformat=crx2,crx3&x=id%3D${ext_id}%26installsource%3Dondemand%26uc"
|
||||
|
||||
echo "Downloading ${name} (${ext_id})..."
|
||||
curl -fsSL "$url" -o "$crx"
|
||||
|
||||
echo "Unpacking ${name}..."
|
||||
crx_to_zip "$crx" "$zip"
|
||||
|
||||
# Unzip into a clean directory
|
||||
rm -rf "${out_dir:?}/"*
|
||||
unzip -q "$zip" -d "$out_dir"
|
||||
|
||||
chown -R chrome:chrome "$out_dir"
|
||||
|
||||
# Basic validation
|
||||
if [ ! -f "${out_dir}/manifest.json" ]; then
|
||||
echo "Failed to unpack ${name}: manifest.json not found in ${out_dir}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -rf "$tmpdir"
|
||||
trap - EXIT
|
||||
}
|
||||
|
||||
#########################
|
||||
# Download extensions #
|
||||
#########################
|
||||
|
||||
download_and_unpack_extension "$UBLOCK_ID" "$UBLOCK_DIR" "ublock-origin"
|
||||
download_and_unpack_extension "$IDCAC_ID" "$IDCAC_DIR" "i-dont-care-about-cookies"
|
||||
|
||||
EXTENSIONS="${UBLOCK_DIR},${IDCAC_DIR}"
|
||||
|
||||
#########################
|
||||
# Start Chromium #
|
||||
#########################
|
||||
|
||||
cd /usr/src/chrome
|
||||
|
||||
# Use exec so s6 can manage the process; avoid backgrounding and /dev/null-ing
|
||||
exec su chrome -c "
|
||||
chromium-browser \
|
||||
--headless=new \
|
||||
--no-sandbox \
|
||||
--disable-gpu \
|
||||
--disable-dev-shm-usage \
|
||||
--disable-crash-reporter \
|
||||
--no-crash-upload \
|
||||
--hide-scrollbars \
|
||||
--remote-debugging-address=0.0.0.0 \
|
||||
--remote-debugging-port=9222 \
|
||||
--user-data-dir='${CHROME_PROFILE_DIR}' \
|
||||
--disk-cache-dir='${CHROME_CACHE_DIR}' \
|
||||
--disable-extensions-except='${EXTENSIONS}' \
|
||||
--load-extension='${EXTENSIONS}' \
|
||||
about:blank
|
||||
"
|
||||
@@ -1 +0,0 @@
|
||||
longrun
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/svc-chrome/run
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/command/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
if [ ! -d "$MEILI_DIR" ]; then
|
||||
mkdir -p "$MEILI_DIR"
|
||||
fi
|
||||
|
||||
cd "$MEILI_DIR"
|
||||
|
||||
exec /bin/meilisearch --no-analytics --experimental-dumpless-upgrade
|
||||
@@ -1 +0,0 @@
|
||||
longrun
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/svc-meilisearch/run
|
||||
@@ -1,9 +0,0 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
bashio::net.wait_for "$SERVICE_PORT" localhost 900
|
||||
|
||||
bashio::log.info "Starting NGinx..."
|
||||
exec nginx
|
||||
@@ -1 +0,0 @@
|
||||
longrun
|
||||
@@ -1 +0,0 @@
|
||||
/etc/s6-overlay/s6-rc.d/svc-nginx/run
|
||||
@@ -1,47 +0,0 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
# Check for required arguments
|
||||
if [ $# -ne 3 ]; then
|
||||
bashio::log.error "[ssl-check-generate.sh] missing: <certfile> <keyfile> <selfsigned>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
bashio::log.debug "SSL Certificate check"
|
||||
|
||||
renew_days=90
|
||||
|
||||
certfile="$1"
|
||||
keyfile="$2"
|
||||
selfsigned=${3:-true}
|
||||
|
||||
if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then
|
||||
if [ "$selfsigned" = "true" ]; then
|
||||
/usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile"
|
||||
exit 0
|
||||
else
|
||||
bashio::log.error "[ssl-check-generate.sh] either certfile, keyfile, or both are missing"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
enddate=$(openssl x509 -enddate -noout -in "$certfile" 2>/dev/null || true)
|
||||
if [ -n "$enddate" ]; then
|
||||
expiry_date=$(echo "$enddate" | cut -d= -f2 | sed 's/ GMT$//')
|
||||
expiry_ts=$(date -d "$expiry_date" +%s)
|
||||
now_ts=$(date +%s)
|
||||
days_left=$(( (expiry_ts - now_ts) / 86400 ))
|
||||
|
||||
if [ "$days_left" -le "$renew_days" ]; then
|
||||
bashio::log.info "Self-signed cert expiring in $days_left days, regenerating..."
|
||||
/usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile"
|
||||
fi
|
||||
else
|
||||
bashio::log.error "Unable to determine ssl certificate expiry date"
|
||||
fi
|
||||
|
||||
if pgrep -x nginx >/dev/null 2>&1; then
|
||||
nginx -s reload
|
||||
fi
|
||||
@@ -1,57 +0,0 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
# Check for required arguments
|
||||
if [ $# -ne 2 ]; then
|
||||
bashio::log.error "[ssl-keygen.sh] missing: <certfile> <keyfile>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
certfile="$1"
|
||||
keyfile="$2"
|
||||
|
||||
[ -f "$certfile" ] && rm -f "$certfile"
|
||||
[ -f "$keyfile" ] && rm -f "$keyfile"
|
||||
|
||||
mkdir -p "$(dirname "$certfile")" && mkdir -p "$(dirname "$keyfile")"
|
||||
|
||||
if ! hostname="$(bashio::info.hostname 2> /dev/null)" || [ -z "$hostname" ]; then
|
||||
hostname="homeassistant"
|
||||
fi
|
||||
tmp_openssl_cfg=$(mktemp)
|
||||
trap 'rm -f "$tmp_openssl_cfg"' EXIT
|
||||
|
||||
cat > "$tmp_openssl_cfg" <<EOF
|
||||
[req]
|
||||
default_bits = 4096
|
||||
prompt = no
|
||||
default_md = sha256
|
||||
req_extensions = req_ext
|
||||
distinguished_name = dn
|
||||
|
||||
[dn]
|
||||
CN = ${hostname}.local
|
||||
|
||||
[req_ext]
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = localhost
|
||||
DNS.2 = ${hostname}.local
|
||||
EOF
|
||||
|
||||
if ! openssl req -x509 -nodes -days 3650 \
|
||||
-newkey rsa:4096 \
|
||||
-keyout "$keyfile" \
|
||||
-out "$certfile" \
|
||||
-config "$tmp_openssl_cfg" \
|
||||
-extensions req_ext; then
|
||||
|
||||
# Certificate gen failed
|
||||
bashio::log.error "OpenSSL certificate generation failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
bashio::log.info "New self-signed certificate generated"
|
||||
Reference in New Issue
Block a user