From 6453bb62a1665c259c7d3075d851b9739e72a322 Mon Sep 17 00:00:00 2001
From: servius <servius@darksailor.dev>
Date: Wed, 14 Jan 2026 12:08:19 +0530
Subject: [PATCH] feat(kellnr): add sops config and docs flag, dynamic domain
 vhost

---
 nixos/tako/services/kellnr.nix | 9 ++++++---
 secrets/secrets.yaml           | 6 ++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/nixos/tako/services/kellnr.nix b/nixos/tako/services/kellnr.nix
index dd91e990..fd04292d 100644
--- a/nixos/tako/services/kellnr.nix
+++ b/nixos/tako/services/kellnr.nix
@@ -6,22 +6,25 @@
   port = 8899;
   domain = "crates.darksailor.dev";
 in {
+  sops = {
+  };
   virtualisation.oci-containers = {
     backend = "docker";
     containers = {
-      excalidraw = {
+      kellnr = {
         image = "ghcr.io/kellnr/kellnr:5";
         ports = ["127.0.0.1:${toString port}:8000"];
         volumes = [
           "/var/lib/kellnr:/opt/kdata"
         ];
         environment = {
-          "KELLNR_ORIGIN__HOSTNAME" = domain;
+          KELLNR_ORIGIN__HOSTNAME = domain;
+          KELLNR_DOCS__ENABLED = "true";
         };
       };
     };
   };
-  services.caddy.virtualHosts.domain.extraConfig = ''
+  services.caddy.virtualHosts."${domain}".extraConfig = ''
     import auth
     reverse_proxy localhost:${toString port}
   '';
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index e5f0ffae..93969361 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -80,6 +80,8 @@ pihole:
     password: ENC[AES256_GCM,data:xOpsEFN6zbgPwYnSudmFqlYOghY=,iv:isO0RtKgi8G8noumyhIfLLfmH9w5ybt9NVxh7bRVykM=,tag:17UcPypyqquJDTFZAc5iyA==,type:str]
 nas:
     password: ENC[AES256_GCM,data:lWb/l3srLrA=,iv:SN8+ziMJZZ1F+RT6JhoqWXcr1c4pSAkiT6gYfsi2LS4=,tag:g5Whb9nV8FHrOA5/Nbg0Fw==,type:str]
+kellnr:
+    password: ENC[AES256_GCM,data:OZkfHckKHu/EM6+PquknU+aKmyyFw5o25ZENqNGc0d/vYiNBo4FBdCZwj1W0efo43+hTgsxVj7QCDSxFgROdOg==,iv:2G3fy5dIufL7tXEgRaOGBFNaVoKbfKqcFnRiZN1I1F4=,tag:iyHQD5oXy44tL18W7Fw35g==,type:str]
 sops:
     age:
         - recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -91,7 +93,7 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-30T01:39:33Z"
-    mac: ENC[AES256_GCM,data:dD0EYgJ7vD4bH5l36XJZO5LA495tVCeh5bMUBhKaOoZgf2LmgNXz5oBHwIof1ZrhZ6cYMKCxvt+hllAL5u2N+hE/JjJLDxPj3DS/BXhTzp/OoQohKdLrYoj6IAUfTQppmLj06WLKR+5TCEzOuG01Y/SkAM9tqk3himfrx7guxUQ=,iv:U7a+4syPkM9R9ksIVJ3/vnFi0iS1uPH2rulpWOayPgs=,tag:2r2rrUg6wEC1zqRpeU2GJA==,type:str]
+    lastmodified: "2026-01-14T06:29:20Z"
+    mac: ENC[AES256_GCM,data:86cBNjAgiF9XBClEN0GCg74JP2O3nMzYAIkpsoU14HE2T9H1PzfDO3kzTaujfyVTw2PRfOPko8xvQrg8L8eSSAbO1h/I4Ta34L0Pc8Ud7zlDjKaa+a31nOlrdBLom1qGZytlI/IRgdBTexjMZPprsHbrS9pCwd3bUnH5YhcRBF0=,iv:s88NUl5tSq5pe3J+WI0JP0olAExkH1Gxs0KW8dzNkrY=,tag:VOKYIP3aPGON7BwNm28PQg==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0