From 960ed1fc7843f859df901ede8526fcebb095ba60 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 11 Jan 2026 16:42:50 +0000 Subject: [PATCH] Revert 'clean' [nobuild] --- karakeep/CHANGELOG.md | 8 + karakeep/Dockerfile | 194 ++++++++++++++++++ karakeep/README.md | 104 ++++++++++ karakeep/apparmor.txt | 66 ++++++ karakeep/build.yaml | 4 + karakeep/config.yaml | 58 ++++++ karakeep/icon.png | Bin 0 -> 6684 bytes karakeep/logo.png | Bin 0 -> 6684 bytes karakeep/rootfs/etc/cont-init.d/90-folders.sh | 15 ++ karakeep/rootfs/etc/cont-init.d/91-secrets.sh | 50 +++++ .../etc/cont-init.d/92-chrome-extensions.sh | 46 +++++ .../etc/s6-overlay/s6-rc.d/svc-chrome/run | 21 ++ .../etc/s6-overlay/s6-rc.d/svc-chrome/type | 1 + .../s6-overlay/s6-rc.d/svc-meilisearch/run | 7 + .../s6-overlay/s6-rc.d/svc-meilisearch/type | 1 + .../s6-rc.d/svc-web/dependencies.d/svc-chrome | 0 .../svc-web/dependencies.d/svc-meilisearch | 0 .../svc-workers/dependencies.d/svc-chrome | 0 .../dependencies.d/svc-meilisearch | 0 .../s6-rc.d/user/contents.d/svc-chrome | 0 .../s6-rc.d/user/contents.d/svc-meilisearch | 0 karakeep/updater.json | 8 + 22 files changed, 583 insertions(+) create mode 100644 karakeep/CHANGELOG.md create mode 100644 karakeep/Dockerfile create mode 100644 karakeep/README.md create mode 100644 karakeep/apparmor.txt create mode 100644 karakeep/build.yaml create mode 100644 karakeep/config.yaml create mode 100644 karakeep/icon.png create mode 100644 karakeep/logo.png create mode 100755 karakeep/rootfs/etc/cont-init.d/90-folders.sh create mode 100755 karakeep/rootfs/etc/cont-init.d/91-secrets.sh create mode 100755 karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-meilisearch create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-chrome create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-meilisearch create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-chrome create mode 100644 karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-meilisearch create mode 100644 karakeep/updater.json diff --git a/karakeep/CHANGELOG.md b/karakeep/CHANGELOG.md new file mode 100644 index 000000000..5e243e249 --- /dev/null +++ b/karakeep/CHANGELOG.md @@ -0,0 +1,8 @@ +## 0.30.0-4 (11-01-2026) +- Minor bugs fixed +## 0.30.0-3 (11-01-2026) +- Minor bugs fixed +## 0.30.0-2 (11-01-2026) +- Minor bugs fixed +## 0.30.0 (2026-01-11) +- Initial add-on release diff --git a/karakeep/Dockerfile b/karakeep/Dockerfile new file mode 100644 index 000000000..f59dad295 --- /dev/null +++ b/karakeep/Dockerfile @@ -0,0 +1,194 @@ +#============================# +# ALEXBELGIUM'S DOCKERFILE # +#============================# +# _.------. +# _.-` ('>.-`"""-. +# '.--'` _'` _ .--.) +# -' '-.-';` ` +# ' - _.' ``'--. +# '---` .-'""` +# /` +#=== Home Assistant Addon ===# + +################# +# 1 Build Image # +################# + +ARG BUILD_FROM +ARG BUILD_VERSION +ARG MEILI_VERSION="v1.13.3" +FROM getmeili/meilisearch:${MEILI_VERSION} AS meilisearch + +FROM ${BUILD_FROM} + +################## +# 2 Modify Image # +################## + +# Set S6 wait time +ENV S6_CMD_WAIT_FOR_SERVICES=1 \ + S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \ + S6_SERVICES_GRACETIME=0 + +ENV \ + DATA_DIR="/data" \ + MEILI_DIR="/config/meili" \ + DISABLE_NEW_RELEASE_CHECK=true \ + BROWSER_WEB_URL="http://127.0.0.1:9222" \ + MEILI_ADDR="http://127.0.0.1:7700" \ + MEILI_MASTER_KEY="" \ + MEILI_NO_ANALYTICS=true \ + XDG_CACHE_HOME="/data/cache" + +ENV \ + CHROME_BIN=/usr/bin/chromium-browser \ + CHROME_PATH=/usr/lib/chromium/ \ + CHROMIUM_FLAGS="--disable-software-rasterizer --disable-dev-shm-usage" \ + MEILI_HTTP_ADDR=0.0.0.0:7700 \ + MEILI_SERVER_PROVIDER=docker \ + MEILI_ENV=production + +# Image specific modifications +RUN \ + apk upgrade --no-cache --available \ + && apk add --no-cache \ + chromium \ + chromium-swiftshader \ + ttf-freefont \ + font-noto-emoji \ + font-wqy-zenhei \ + unzip \ + && mkdir -p /usr/src/chrome \ + && adduser -D chrome \ + && chown -R chrome:chrome /usr/src/chrome + +COPY --from=meilisearch /bin/meilisearch /bin/meilitool /bin/ + +################## +# 3 Install apps # +################## + +# Add rootfs +COPY rootfs/ / + +RUN chmod +x /etc/s6-overlay/s6-rc.d/*/run + +# Uses /bin for compatibility purposes +# hadolint ignore=DL4005 +RUN if [ ! -f /bin/sh ] && [ -f /usr/bin/sh ]; then ln -s /usr/bin/sh /bin/sh; fi && \ + if [ ! -f /bin/bash ] && [ -f /usr/bin/bash ]; then ln -s /usr/bin/bash /bin/bash; fi + +# Modules +ARG MODULES="00-banner.sh 01-custom_script.sh 00-global_var.sh" + +# Automatic modules download +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automodules.sh" "/ha_automodules.sh" +RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh + +# Manual apps +ENV PACKAGES="" + +# Automatic apps & bashio +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh" +RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.sh + +################ +# 4 Entrypoint # +################ + +# Add entrypoint +ENV S6_STAGE2_HOOK=/ha_entrypoint.sh +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint.sh" "/ha_entrypoint.sh" + +# Entrypoint modifications +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_entrypoint_modif.sh" "/ha_entrypoint_modif.sh" +RUN chmod 777 /ha_entrypoint.sh /ha_entrypoint_modif.sh && /ha_entrypoint_modif.sh && rm /ha_entrypoint_modif.sh + +# Standalone bashio command +ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/bashio-standalone.sh" "/.bashio-standalone.sh" +RUN chmod 777 /.bashio-standalone.sh + +RUN set -e; \ + extensions_dir="/usr/src/chrome/extensions"; \ + mkdir -p "${extensions_dir}"; \ + for entry in \ + "i-dont-care-about-cookies:fllaojicojecljbmefodhfapmkghcbnh" \ + "ublock-origin:cjpalhdlnbpafiamejdnhcphjbkeiagm"; do \ + name="${entry%%:*}"; \ + ext_id="${entry##*:}"; \ + curl -fsSL "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0&acceptformat=crx2,crx3&x=id%3D${ext_id}%26installsource%3Dondemand%26uc" \ + -o "/tmp/${name}.crx"; \ + rm -rf "${extensions_dir:?}/${name}"; \ + mkdir -p "${extensions_dir}/${name}"; \ + rc=0; \ + unzip -q "/tmp/${name}.crx" -d "${extensions_dir}/${name}" || rc=$$?; \ + if [ "$$rc" -ne 0 ] && [ "$$rc" -ne 1 ]; then \ + echo "ERROR: unzip failed for ${name} (rc=$$rc)"; \ + exit "$$rc"; \ + fi; \ + rm -f "/tmp/${name}.crx"; \ + done; \ + chown -R chrome:chrome "${extensions_dir}" + +ENTRYPOINT [ "/usr/bin/env" ] +CMD [ "/ha_entrypoint.sh" ] + +############ +# 5 Labels # +############ + +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION +ENV BUILD_VERSION="${BUILD_VERSION}" +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.title="${BUILD_NAME}" \ + org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ + org.opencontainers.image.vendor="Home Assistant Add-ons" \ + org.opencontainers.image.authors="alexbelgium (https://github.com/alexbelgium)" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://github.com/alexbelgium" \ + org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ + org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} + +################# +# 6 Healthcheck # +################# + +# Avoid spamming logs +# hadolint ignore=SC2016 +RUN \ + # Handle Apache configuration + if [ -d /etc/apache2/sites-available ]; then \ + for file in /etc/apache2/sites-*/*.conf; do \ + sed -i '/ /etc/nginx/nginx.conf.new && \ + mv /etc/nginx/nginx.conf.new /etc/nginx/nginx.conf; \ + fi + +ENV HEALTH_PORT="3000" \ + HEALTH_URL="/api/health" +HEALTHCHECK \ + --interval=5s \ + --retries=5 \ + --start-period=30s \ + --timeout=25s \ + CMD curl -A "HealthCheck: Docker/1.0" -s -f "http://127.0.0.1:${HEALTH_PORT}${HEALTH_URL}" &>/dev/null || exit 1 diff --git a/karakeep/README.md b/karakeep/README.md new file mode 100644 index 000000000..eb54c9177 --- /dev/null +++ b/karakeep/README.md @@ -0,0 +1,104 @@ +# Home assistant add-on: Karakeep + +I maintain this and other Home Assistant add-ons in my free time: keeping up with upstream changes, Home Assistant changes, and testing on real hardware takes a lot of time (and some money). I use around 5–10 of my >110 addons so regularly I install test machines (and purchase some test services such as VPNs) that I do not use myself, in order to troubleshoot and improve the addons. + +If this add-on saves you time or makes your setup easier, I would be very grateful for your support. + +[![Buy me a coffee][donation-badge]](https://www.buymeacoffee.com/alexbelgium) +[![Donate via PayPal][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) + +## Addon informations + +![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fkarakeep%2Fconfig.yaml) +![Arch](https://img.shields.io/badge/dynamic/yaml?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fkarakeep%2Fconfig.yaml) + +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard) +[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml) +[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white +[paypal-badge]: https://img.shields.io/badge/Donate%20via%20PayPal-0070BA?logo=paypal&style=flat&logoColor=white + +_Thanks to everyone who has starred my repo!_ + +[![Stargazers repo roster](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers) + +--- + +## About + +[Karakeep](https://karakeep.app/) is a bookmark-everything app with a touch of AI for data hoarders. +It stores pages, screenshots, files, and metadata with fast full-text and semantic search powered by **Meilisearch**. + +This add-on is based on the official Karakeep Docker image. + +This Home Assistant add-on integrates Karakeep in a **Supervisor-native way**: +- Internal services (Meilisearch, Chromium, cache, paths) are pre-wired and hidden from the UI +- Secrets are **auto-generated and persisted** +- Only meaningful user settings are exposed + +Add additional environment variables with [env_vars](https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2) + +--- + +## Secrets & Security + +Two secrets are required for Karakeep to work securely: + +- `NEXTAUTH_SECRET` +- `MEILI_MASTER_KEY` + +If you leave them empty, the add-on will: +- Generate strong cryptographic secrets automatically +- Store them permanently in the add-on options +- Reuse them across restarts and upgrades + +You do **not** need to manage them manually. + +--- + +## Configuration + +Only **safe, meaningful options** are exposed. +All infrastructure (Meilisearch, Chromium, cache, paths, analytics, etc.) is managed automatically by the add-on. + +### Options + +| Option | Type | Default | Description | +|--------|------|---------|-------------| +| `NEXTAUTH_SECRET` | password | *(auto)* | Authentication secret (auto-generated if empty). | +| `NEXTAUTH_URL` | str | | Public URL used by NextAuth (optional). | +| `DISABLE_SIGNUPS` | bool | `false` | Disable new user signups. | +| `MAX_ASSET_SIZE_MB` | int | `4` | Maximum asset upload size. | +| `OPENAI_API_KEY` | password | | OpenAI API key for AI features. | +| `OCR_LANGS` | str | | OCR languages (comma separated). | +| `INFERENCE_LANG` | str | | Language used for AI inference. | +| `CRAWLER_DOWNLOAD_BANNER_IMAGE` | bool | `true` | Download banner image. | +| `CRAWLER_STORE_SCREENSHOT` | bool | `true` | Store page screenshots. | +| `CRAWLER_FULL_PAGE_SCREENSHOT` | bool | `true` | Capture full-page screenshots. | +| `CRAWLER_FULL_PAGE_ARCHIVE` | bool | `true` | Store full-page archive. | +| `CRAWLER_ENABLE_ADBLOCKER` | bool | `true` | Enable ad blocking. | +| `CRAWLER_VIDEO_DOWNLOAD` | bool | `false` | Enable video downloads. | +| `TZ` | str | `Etc/UTC` | Timezone. | + +--- + +## Installation + +1. Add my Home Assistant add-ons repository + [![Add repository][repository-badge]][repository-url] + +2. Install **Karakeep** +3. Click **Save** +4. Start the add-on (secrets are auto-generated) +5. Open the Web UI and complete onboarding + +--- + +## Support + +Create an issue on GitHub if you need help. + +[repository]: https://github.com/alexbelgium/hassio-addons +[repository-badge]: https://img.shields.io/badge/Add%20repository%20to%20my-Home%20Assistant-41BDF5?logo=home-assistant&style=for-the-badge +[repository-url]: https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons diff --git a/karakeep/apparmor.txt b/karakeep/apparmor.txt new file mode 100644 index 000000000..68f11001b --- /dev/null +++ b/karakeep/apparmor.txt @@ -0,0 +1,66 @@ +#include + +profile karakeep_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + signal, + mount, + umount, + remount, + network udp, + network tcp, + network dgram, + network stream, + network inet, + network inet6, + network netlink raw, + network unix dgram, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + # capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /init ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /run/{,**} rwk, + /dev/tty rw, + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/fuse mrwkl, + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/nvme0 mrwkl, + /dev/nvme1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /tmp/** mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/karakeep/build.yaml b/karakeep/build.yaml new file mode 100644 index 000000000..ca94365f9 --- /dev/null +++ b/karakeep/build.yaml @@ -0,0 +1,4 @@ +--- +build_from: + aarch64: ghcr.io/karakeep-app/karakeep:0.30.0 + amd64: ghcr.io/karakeep-app/karakeep:0.30.0 diff --git a/karakeep/config.yaml b/karakeep/config.yaml new file mode 100644 index 000000000..b88e394f6 --- /dev/null +++ b/karakeep/config.yaml @@ -0,0 +1,58 @@ +arch: + - aarch64 + - amd64 +name: Karakeep +slug: karakeep +description: A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search +version: 0.30.0-4 +url: https://github.com/alexbelgium/hassio-addons/tree/master/karakeep +image: ghcr.io/alexbelgium/karakeep-{arch} +init: false +ports: + 3000/tcp: 3000 +ports_description: + 3000/tcp: Web UI +webui: "[PROTO:ssl]://[HOST]:[PORT:3000]" +map: + - addon_config:rw + - share:rw +environment: + DATA_DIR: /data + XDG_CACHE_HOME: /data/cache + BROWSER_WEB_URL: http://127.0.0.1:9222 + CHROME_EXTENSIONS_DIR: /usr/src/chrome/extensions + MEILI_ADDR: http://127.0.0.1:7700 + MEILI_NO_ANALYTICS: "true" + DISABLE_NEW_RELEASE_CHECK: "true" +options: + TZ: Etc/UTC + DISABLE_SIGNUPS: false + NEXTAUTH_SECRET: "" + NEXTAUTH_URL: "" + MAX_ASSET_SIZE_MB: 4 + OPENAI_API_KEY: "" + OCR_LANGS: "" + INFERENCE_LANG: "" + MEILI_MASTER_KEY: "" # <-- add this + CRAWLER_DOWNLOAD_BANNER_IMAGE: true + CRAWLER_STORE_SCREENSHOT: true + CRAWLER_FULL_PAGE_SCREENSHOT: true + CRAWLER_FULL_PAGE_ARCHIVE: true + CRAWLER_ENABLE_ADBLOCKER: true + CRAWLER_VIDEO_DOWNLOAD: false +schema: + TZ: str? + DISABLE_SIGNUPS: bool + NEXTAUTH_SECRET: password? + NEXTAUTH_URL: str? + MAX_ASSET_SIZE_MB: int? + OPENAI_API_KEY: password? + OCR_LANGS: str? + INFERENCE_LANG: str? + MEILI_MASTER_KEY: password? # <-- change to password? + CRAWLER_DOWNLOAD_BANNER_IMAGE: bool + CRAWLER_STORE_SCREENSHOT: bool + CRAWLER_FULL_PAGE_SCREENSHOT: bool + CRAWLER_FULL_PAGE_ARCHIVE: bool + CRAWLER_ENABLE_ADBLOCKER: bool + CRAWLER_VIDEO_DOWNLOAD: bool? diff --git a/karakeep/icon.png b/karakeep/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..371e3672b8ef27d2fb1c86b34783b56b3e3d9508 GIT binary patch literal 6684 zcmeHMdpML^+g~%3DLJK3{viAKeU5=v$7lEZ{?NCuTksAoFv94fml z4>4s&jAOFxXDhPXqB5waO%8)`n8rAKYuNAgz3=)*v+jGX^;^Gn z-}k!LnsYnoj!N^F&IbS}p<6fa0)R}0|9~+3( zvz=Q+T0cMX=liUE9Yc-cjn`{TZtvNAaIVshNAYa7#jQK{&K^+o$a__!sQC3urloH) zHKaTKe4f3XT|m9FCwtM(OW*$FtVTJI^zG)2c4`YTt%btk*uI#LfBxBaJp1@q(7Mwydg+I12YB2n3pXP#z~9Z(V-32zqpI8 zqBHknir9oi^kEvYEXG&ao(*dM@e&ZJ1^Vc;x%p+4R9uQVZG@+<_dtm*GN*1*fJQI8(y!r`J~z{Eaa5wCn*9F zdvq`dNzKD|XFk*HPkWZclh$EnE58EZ)$?me+#S1CgJh`+zbY}I8?7a)!%d7;053I2SK*-fp38CAxMdN>L{_#MJZIg`%p;WyA2BK z76I;_)O&cB-eltLd2t^_)jYo>eGtG&!rJcQHlYGNVfc~GAvF@<9&2zGUC5dq+-6L! z_g6^E6udEp_T+JYAP3*AGxfa5m~5-52Eg0C-KA2!>8a^DAILK{kz`;9Q8Me04%TOL z$9#(QD#Fa&Mj3FA*v5R;yn^s!k`X;8=F6SxBw##h#u&}7F(#{ApaAv_Yir5-oH#ul z3ku*ysq_o+j|r!3mKc+P=}lfAQsT53fM?xPR%pfkkwu_NRosp;6PsKC*whwcMD#nl zkideF-gLxgP1Jngdv^tF#a3c|O(*qB9uqIREDU7)W<=6%9T z4~(b=l-E0|fQu9oxc-AGV4s@@E7$+O^4~{7Ycu4R)6*muaE>new9jUh_sOY3RC#6W z&H7aQreRzhL(?!(!)T7JVKAUE!f>*DNuoI?)BX(jPF{eIN#YnQ5 z5i@>EpaO%FOUCMR1jVfeTg z)<~5kAwf3d!~AlNpuUh2|8{waD^@^fhGW|Kfx9fs?16`-?LJ2Aw^3&~3`XKZkK3Pv zv6f|$5@E$54ZGkLWZIf&@ee5_y*i@`Ec6+pmrUqK%S3~jVdDD_De(m^%uEyecSknO zJw+k0ui&@}Rk8!qL{L_TDN)X8Gfy&oytl9W!0A)q!p9Z^+(LS`oJn1EcTVP^at>rFnk&kb1 zV+`csM!TE$VQt?Keh*vAgTEUnIHPVT@4LX5oc1$59?YQK$AwpFX$vwg3(Ebn54@a5 zVk@~ZG~Jpl8DZfV50N}V^t7!tw70@J=}O!nyobgZJ!KLYFtXCq%P+XLHK%ovJ@9oh zDOmBj1|N?z35=Wg(IhZbz7CNGMLQTVWq1S1>_s}#1u6=uPk&fQ273cawhjJq_r4~`_q6Wrep3A*cq0s~ zb#9E^Zp|;Twlzu7s@y}fdfJB~v!6I3lA_1QhTPR=1`PNSA5TD74ezJq66dDY*r<}> zfsB_PjGT^>E|+w6hFEO32fqX#VJGiq1UZY$(2TWF8uWCCJZ-73v0L+L#%LC*nOL5(s0u+A#2EUD68C{6vTm-%Pjf}ga^4HxNG#Zh*c|qPB zIKpEGb`GO?7@O!l8}|;XZ*prs&asXf(J53Xg9U}w+Xq{ljz4pT)90(P@8VHMFr(BA zKX(}!$w22ee$s#_bZA^-2p3Qq;fC2Rr9BOR!yLVhuW}J}A_LmAdS@ByOG&L;7%}S! zF(P@}RQSw(c0j*-c;&C}U(5Sw(drk-x@F_unSyJMjcep&1CF0Y3bbiYiy)M|yZDC7 zg8itCP1Mz6%b^=+Dn6Na4|iD}8DY)otdiMbZG3P%-jm9ixYl$$z!>&l9$}AF>d>C9 zho+lXj+a^xskPrfiZPN0t(1CK`Nk!*x+2;3Pv^$D4nIaRWva68q&e>vnFQHQ9M9@% zU2YH9+lTv*fn^W}w2FYs__#e*cOk=XuWU{;a`4itn#vWBu(vYjJ~`GoLNgFrM7$|m zQZ4&h$7q&v%1(^v+-$h1cHy1B%2?g%+MJ@7@1IkC87x$g-ohK4L~kJAZ-X36&t%eC zZKp#DWAV$dCC7S&)2y3~15nev%oLDm!5m zhiAZisJ5P2-8pX|Y+OvT@Cb4eNt!kVkYW3)9Ng){hB)=FWY1 zi#$qIb#y(169?fKGnzY$B(2?+uVfwuMMuhlMnEqey3O+jJz7<%48>xShmt|Cj%5bVdxfsQE!mu*%=JfLHM| z%i?N42Mv+HJZqr=$nsG8hjs(VOn_e7EHg8j2LAv}&W%y0VehL1(beG~5BiQ6;!cZ| z@o;CBl+RTs`u%uELV zLZLo~qe%VXPW@(U(%qqV$=4`ZqXc zAO={yRe%Qd?{Ul!_&vK@CXG9e&@5cF$1ybi$Bso?C_^XhOjCh@>0XLk;194XSdK1iHyby#Y0>bXHkW4 z%3K=ZT$H8?JZ=jszGqc_MGRwJU7(^i8M7|r#a8lyLO`8=Jxp>Je-cWmmaBYB+N-9`aA7lkLcYGjjzmQhzt0ymFbMuPf;Rw=q?Mh)b_ zm?taqHNVkWbO$llp*8LlUJ|(Qq$}X{y{SfaX=ruiPd-B1ZyZc79!$R^IES{k^L^Gv zY5f9^cACA@Ei@aipo$A4abUC?pDaRgi?5LXMZ}IIEQ9N{Is&zhnCbFCk_*v zr|AC4Zk_Rm;H9O~y@ikU2T57}mfMR_(YWyBVU|zOh-n@S9~N^QtxdXPsU?!`$T5Ph z(XzfQn>Sz^rR5GYxwIdJ6`Qc)KS%U5e$EfPA_%K*j_Xa;J(B>pfc`|Z-)>+lv!$s} zhx^-suueJt-+t7Ez4+)^CvmTbRo~@55D;_+5)KyB+8N1 zK_hq^>(CJsIU16bK1XE?Oo^swWU)|CUZp_#G$xaiYQgA_2VcrAn<&lS3m4}yX4}ejL`v-vka-vjijN{8j@q-eQdW`1UE|CNpx{9^m0n!yFR_DD9TdWPu^JS0lCN+|=eprU%4Vr-ow)11M;qp(|gX_Ck zvB#kmRQQdU?ClXkkk)s3i4N|J+4$sqm)Gb4;XLweGfPc4?x2xsaWa|}+uyyvHC+|_ z)Wk1#VFqf5=MGL4Z}2yY>}7^^?#W7g_uGU%aJ7JVSTOJWF+ZcWrz)B!wSkhPQ-IrC zDjnxfb`(ZACSg=VT;LXd75YCVl}Rj zL2!U=6F*gtCjT~@7j#i@$g|Dkv@tIRySA*?VJ*M>CEqqp;PT<;-vV?m3S#(^16OnH zqW9Q%k85%!2CGwxUZ*X!sL(_r?HT(_qg2=Xuwsv59T&RV^%^Cp_Ybuz<5oX^-&DkM z5#2&qx)z$f@03tocgZ31zqTmH=22+^D_L>q4|aL^nXS47X3Xd z5rAJ>Q6|xC0N887F|TzquaD`7W{NHuX!#itvZMw+R(@whWTs}oruQ{gsEz5&v!zNO z5;@$x0R%%C}T;^eOupz51+S4JXc zXnzY|wN(^d<3I-P@8Xfl=+EX>jxi!l%&YA85Wr@Pzy3%ip(*p@@bT|3A8*N4*t2Yf zW8Pc@T{e0CqjEfpS~7h83>hf5A3`hg@%Cteo^H&M&OzmPJ!d9yey$vpd`L-QAH1fz z6~i~!5?RV85a7Gmdk@2SS~mV>c3cP(!Q* zAKp7kJguEN3sS^SKAhS3&|}Fx+{j-|K3pACjYl2UP#Y{Z61}GtsI_iqbyyOL*okK1 zBtb=Mk`hjp0mGTP|{viAKeU5=v$7lEZ{?NCuTksAoFv94fml z4>4s&jAOFxXDhPXqB5waO%8)`n8rAKYuNAgz3=)*v+jGX^;^Gn z-}k!LnsYnoj!N^F&IbS}p<6fa0)R}0|9~+3( zvz=Q+T0cMX=liUE9Yc-cjn`{TZtvNAaIVshNAYa7#jQK{&K^+o$a__!sQC3urloH) zHKaTKe4f3XT|m9FCwtM(OW*$FtVTJI^zG)2c4`YTt%btk*uI#LfBxBaJp1@q(7Mwydg+I12YB2n3pXP#z~9Z(V-32zqpI8 zqBHknir9oi^kEvYEXG&ao(*dM@e&ZJ1^Vc;x%p+4R9uQVZG@+<_dtm*GN*1*fJQI8(y!r`J~z{Eaa5wCn*9F zdvq`dNzKD|XFk*HPkWZclh$EnE58EZ)$?me+#S1CgJh`+zbY}I8?7a)!%d7;053I2SK*-fp38CAxMdN>L{_#MJZIg`%p;WyA2BK z76I;_)O&cB-eltLd2t^_)jYo>eGtG&!rJcQHlYGNVfc~GAvF@<9&2zGUC5dq+-6L! z_g6^E6udEp_T+JYAP3*AGxfa5m~5-52Eg0C-KA2!>8a^DAILK{kz`;9Q8Me04%TOL z$9#(QD#Fa&Mj3FA*v5R;yn^s!k`X;8=F6SxBw##h#u&}7F(#{ApaAv_Yir5-oH#ul z3ku*ysq_o+j|r!3mKc+P=}lfAQsT53fM?xPR%pfkkwu_NRosp;6PsKC*whwcMD#nl zkideF-gLxgP1Jngdv^tF#a3c|O(*qB9uqIREDU7)W<=6%9T z4~(b=l-E0|fQu9oxc-AGV4s@@E7$+O^4~{7Ycu4R)6*muaE>new9jUh_sOY3RC#6W z&H7aQreRzhL(?!(!)T7JVKAUE!f>*DNuoI?)BX(jPF{eIN#YnQ5 z5i@>EpaO%FOUCMR1jVfeTg z)<~5kAwf3d!~AlNpuUh2|8{waD^@^fhGW|Kfx9fs?16`-?LJ2Aw^3&~3`XKZkK3Pv zv6f|$5@E$54ZGkLWZIf&@ee5_y*i@`Ec6+pmrUqK%S3~jVdDD_De(m^%uEyecSknO zJw+k0ui&@}Rk8!qL{L_TDN)X8Gfy&oytl9W!0A)q!p9Z^+(LS`oJn1EcTVP^at>rFnk&kb1 zV+`csM!TE$VQt?Keh*vAgTEUnIHPVT@4LX5oc1$59?YQK$AwpFX$vwg3(Ebn54@a5 zVk@~ZG~Jpl8DZfV50N}V^t7!tw70@J=}O!nyobgZJ!KLYFtXCq%P+XLHK%ovJ@9oh zDOmBj1|N?z35=Wg(IhZbz7CNGMLQTVWq1S1>_s}#1u6=uPk&fQ273cawhjJq_r4~`_q6Wrep3A*cq0s~ zb#9E^Zp|;Twlzu7s@y}fdfJB~v!6I3lA_1QhTPR=1`PNSA5TD74ezJq66dDY*r<}> zfsB_PjGT^>E|+w6hFEO32fqX#VJGiq1UZY$(2TWF8uWCCJZ-73v0L+L#%LC*nOL5(s0u+A#2EUD68C{6vTm-%Pjf}ga^4HxNG#Zh*c|qPB zIKpEGb`GO?7@O!l8}|;XZ*prs&asXf(J53Xg9U}w+Xq{ljz4pT)90(P@8VHMFr(BA zKX(}!$w22ee$s#_bZA^-2p3Qq;fC2Rr9BOR!yLVhuW}J}A_LmAdS@ByOG&L;7%}S! zF(P@}RQSw(c0j*-c;&C}U(5Sw(drk-x@F_unSyJMjcep&1CF0Y3bbiYiy)M|yZDC7 zg8itCP1Mz6%b^=+Dn6Na4|iD}8DY)otdiMbZG3P%-jm9ixYl$$z!>&l9$}AF>d>C9 zho+lXj+a^xskPrfiZPN0t(1CK`Nk!*x+2;3Pv^$D4nIaRWva68q&e>vnFQHQ9M9@% zU2YH9+lTv*fn^W}w2FYs__#e*cOk=XuWU{;a`4itn#vWBu(vYjJ~`GoLNgFrM7$|m zQZ4&h$7q&v%1(^v+-$h1cHy1B%2?g%+MJ@7@1IkC87x$g-ohK4L~kJAZ-X36&t%eC zZKp#DWAV$dCC7S&)2y3~15nev%oLDm!5m zhiAZisJ5P2-8pX|Y+OvT@Cb4eNt!kVkYW3)9Ng){hB)=FWY1 zi#$qIb#y(169?fKGnzY$B(2?+uVfwuMMuhlMnEqey3O+jJz7<%48>xShmt|Cj%5bVdxfsQE!mu*%=JfLHM| z%i?N42Mv+HJZqr=$nsG8hjs(VOn_e7EHg8j2LAv}&W%y0VehL1(beG~5BiQ6;!cZ| z@o;CBl+RTs`u%uELV zLZLo~qe%VXPW@(U(%qqV$=4`ZqXc zAO={yRe%Qd?{Ul!_&vK@CXG9e&@5cF$1ybi$Bso?C_^XhOjCh@>0XLk;194XSdK1iHyby#Y0>bXHkW4 z%3K=ZT$H8?JZ=jszGqc_MGRwJU7(^i8M7|r#a8lyLO`8=Jxp>Je-cWmmaBYB+N-9`aA7lkLcYGjjzmQhzt0ymFbMuPf;Rw=q?Mh)b_ zm?taqHNVkWbO$llp*8LlUJ|(Qq$}X{y{SfaX=ruiPd-B1ZyZc79!$R^IES{k^L^Gv zY5f9^cACA@Ei@aipo$A4abUC?pDaRgi?5LXMZ}IIEQ9N{Is&zhnCbFCk_*v zr|AC4Zk_Rm;H9O~y@ikU2T57}mfMR_(YWyBVU|zOh-n@S9~N^QtxdXPsU?!`$T5Ph z(XzfQn>Sz^rR5GYxwIdJ6`Qc)KS%U5e$EfPA_%K*j_Xa;J(B>pfc`|Z-)>+lv!$s} zhx^-suueJt-+t7Ez4+)^CvmTbRo~@55D;_+5)KyB+8N1 zK_hq^>(CJsIU16bK1XE?Oo^swWU)|CUZp_#G$xaiYQgA_2VcrAn<&lS3m4}yX4}ejL`v-vka-vjijN{8j@q-eQdW`1UE|CNpx{9^m0n!yFR_DD9TdWPu^JS0lCN+|=eprU%4Vr-ow)11M;qp(|gX_Ck zvB#kmRQQdU?ClXkkk)s3i4N|J+4$sqm)Gb4;XLweGfPc4?x2xsaWa|}+uyyvHC+|_ z)Wk1#VFqf5=MGL4Z}2yY>}7^^?#W7g_uGU%aJ7JVSTOJWF+ZcWrz)B!wSkhPQ-IrC zDjnxfb`(ZACSg=VT;LXd75YCVl}Rj zL2!U=6F*gtCjT~@7j#i@$g|Dkv@tIRySA*?VJ*M>CEqqp;PT<;-vV?m3S#(^16OnH zqW9Q%k85%!2CGwxUZ*X!sL(_r?HT(_qg2=Xuwsv59T&RV^%^Cp_Ybuz<5oX^-&DkM z5#2&qx)z$f@03tocgZ31zqTmH=22+^D_L>q4|aL^nXS47X3Xd z5rAJ>Q6|xC0N887F|TzquaD`7W{NHuX!#itvZMw+R(@whWTs}oruQ{gsEz5&v!zNO z5;@$x0R%%C}T;^eOupz51+S4JXc zXnzY|wN(^d<3I-P@8Xfl=+EX>jxi!l%&YA85Wr@Pzy3%ip(*p@@bT|3A8*N4*t2Yf zW8Pc@T{e0CqjEfpS~7h83>hf5A3`hg@%Cteo^H&M&OzmPJ!d9yey$vpd`L-QAH1fz z6~i~!5?RV85a7Gmdk@2SS~mV>c3cP(!Q* zAKp7kJguEN3sS^SKAhS3&|}Fx+{j-|K3pACjYl2UP#Y{Z61}GtsI_iqbyyOL*okK1 zBtb=Mk`hjp0mGTP|/dev/null; then + chown -R chrome:chrome /data/cache /data/chrome /usr/src/chrome/extensions +fi diff --git a/karakeep/rootfs/etc/cont-init.d/91-secrets.sh b/karakeep/rootfs/etc/cont-init.d/91-secrets.sh new file mode 100755 index 000000000..b22cfd2e7 --- /dev/null +++ b/karakeep/rootfs/etc/cont-init.d/91-secrets.sh @@ -0,0 +1,50 @@ +#!/usr/bin/with-contenv bashio +# shellcheck shell=bash +set -e + +generate_secret() { + # Avoid SIGPIPE from `tr` when `head` terminates early under pipefail. + ( + set +o pipefail 2>/dev/null || true + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 64 + ) +} + +set_option() { + local key="$1" + local value="$2" + + # Store permanently in Home Assistant add-on options + bashio::addon.option "${key}" "${value}" + + # Export into current process + export "${key}=${value}" + + # Export into s6 so all services inherit it + if [ -d /var/run/s6/container_environment ]; then + printf "%s" "${value}" > "/var/run/s6/container_environment/${key}" + fi +} + +load_option() { + local key="$1" + local value + + value="$(bashio::config "${key}")" + export "${key}=${value}" + + if [ -d /var/run/s6/container_environment ]; then + printf "%s" "${value}" > "/var/run/s6/container_environment/${key}" + fi +} + +for key in MEILI_MASTER_KEY NEXTAUTH_SECRET; do + if bashio::config.has_value "${key}"; then + bashio::log.info "Using existing ${key}" + load_option "${key}" + else + bashio::log.warning "${key} not set, generating persistent secret" + value="$(generate_secret)" + set_option "${key}" "${value}" + fi +done diff --git a/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh b/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh new file mode 100755 index 000000000..4df7b761f --- /dev/null +++ b/karakeep/rootfs/etc/cont-init.d/92-chrome-extensions.sh @@ -0,0 +1,46 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +set -e + +EXTENSIONS_DIR="${CHROME_EXTENSIONS_DIR:-/usr/src/chrome/extensions}" +bashio::log.info "Refreshing Chromium extensions in ${EXTENSIONS_DIR}" + +mkdir -p "${EXTENSIONS_DIR}" + +download_extension() { + local name="$1" + local extension_id="$2" + local crx_path rc + + crx_path="$(mktemp)" + + if ! curl -fsSL \ + "https://clients2.google.com/service/update2/crx?response=redirect&prodversion=120.0&acceptformat=crx2,crx3&x=id%3D${extension_id}%26installsource%3Dondemand%26uc" \ + -o "${crx_path}"; then + rm -f "${crx_path}" + bashio::log.warning "Failed to download extension ${name}. Continuing without refresh." + return 0 + fi + + rm -rf "${EXTENSIONS_DIR:?}/${name}" + mkdir -p "${EXTENSIONS_DIR}/${name}" + + rc=0 + unzip -q "${crx_path}" -d "${EXTENSIONS_DIR}/${name}" || rc=$? + rm -f "${crx_path}" + + # unzip may return 1 even though files extracted (common with CRX zip metadata) + if [ "${rc}" -ne 0 ] && [ "${rc}" -ne 1 ]; then + bashio::log.warning "Failed to unzip extension ${name} (rc=${rc}). Continuing." + return 0 + fi + + return 0 +} + +download_extension "i-dont-care-about-cookies" "fllaojicojecljbmefodhfapmkghcbnh" +download_extension "ublock-origin" "cjpalhdlnbpafiamejdnhcphjbkeiagm" + +if id chrome &>/dev/null; then + chown -R chrome:chrome "${EXTENSIONS_DIR}" +fi diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run new file mode 100644 index 000000000..e13702a2e --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/run @@ -0,0 +1,21 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +set -e + +EXTENSIONS_DIR="${CHROME_EXTENSIONS_DIR:-/usr/src/chrome/extensions}" + +extensions=() +for extension in "${EXTENSIONS_DIR}/i-dont-care-about-cookies" "${EXTENSIONS_DIR}/ublock-origin"; do + if [ -d "$extension" ]; then + extensions+=("$extension") + fi +done + +extension_flag="" +if [ ${#extensions[@]} -gt 0 ]; then + extension_flag="--load-extension=$(IFS=,; echo "${extensions[*]}")" +fi + +cd /usr/src/chrome + +exec su chrome -c "chromium-browser --headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars --disable-crash-reporter --no-crash-upload --user-data-dir=/data/chrome ${extension_flag}" diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type new file mode 100644 index 000000000..5883cff0c --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-chrome/type @@ -0,0 +1 @@ +longrun diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run new file mode 100644 index 000000000..9af8cd43d --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/run @@ -0,0 +1,7 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +set -e + +mkdir -p "${MEILI_DIR}" + +exec /bin/meilisearch --db-path "${MEILI_DIR}" --no-analytics --experimental-dumpless-upgrade diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type new file mode 100644 index 000000000..5883cff0c --- /dev/null +++ b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-meilisearch/type @@ -0,0 +1 @@ +longrun diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-chrome new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-web/dependencies.d/svc-meilisearch new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-chrome b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-chrome new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/svc-workers/dependencies.d/svc-meilisearch new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-chrome b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-chrome new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-meilisearch b/karakeep/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/svc-meilisearch new file mode 100644 index 000000000..e69de29bb diff --git a/karakeep/updater.json b/karakeep/updater.json new file mode 100644 index 000000000..ca2b083f1 --- /dev/null +++ b/karakeep/updater.json @@ -0,0 +1,8 @@ +{ + "last_update": "11-01-2026", + "repository": "alexbelgium/hassio-addons", + "slug": "karakeep", + "source": "github", + "upstream_repo": "karakeep-app/karakeep", + "upstream_version": "0.30.0" +}