From 6934a9f5fc769535f96b4004f17b9cfdcf2607f0 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Sun, 6 Apr 2025 23:46:28 +0200
Subject: [PATCH] distributed secrets to group_vars and added karakeep

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
---
 group_vars/all/secrets.yml                  | 75 ++++-----------------
 group_vars/docker/secrets.yml               | 32 +++++++++
 group_vars/docker/vars.yml                  | 20 ++++++
 group_vars/k3s/secrets.yml                  | 26 +++++++
 group_vars/k3s/vars.yml                     |  2 +-
 group_vars/proxmox/secrets.yml              | 15 +++++
 group_vars/proxmox/secrets_vm.yml           |  8 ---
 host_vars/k3s-agent00.yml                   |  2 +-
 host_vars/k3s-agent01.yml                   |  2 +-
 host_vars/k3s-agent02.yml                   |  2 +-
 host_vars/k3s-loadbalancer.yml              |  2 +-
 host_vars/k3s-longhorn00.yml                |  2 +-
 host_vars/k3s-longhorn01.yml                |  2 +-
 host_vars/k3s-longhorn02.yml                |  2 +-
 host_vars/k3s-postgres.yml                  |  2 +-
 host_vars/k3s-server00.yml                  |  2 +-
 host_vars/k3s-server01.yml                  |  2 +-
 host_vars/k3s-server02.yml                  |  2 +-
 roles/docker_host/templates/compose.yaml.j2 | 42 +++++++++---
 roles/reverse_proxy/templates/Caddyfile.j2  |  6 +-
 20 files changed, 154 insertions(+), 94 deletions(-)
 create mode 100644 group_vars/docker/secrets.yml
 create mode 100644 group_vars/k3s/secrets.yml
 create mode 100644 group_vars/proxmox/secrets.yml
 delete mode 100644 group_vars/proxmox/secrets_vm.yml

diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
index 7a8a6e3..b336136 100644
--- a/group_vars/all/secrets.yml
+++ b/group_vars/all/secrets.yml
@@ -1,63 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-62353334666233376566326532636437376331316231323234643438323138316538363739343966
-3637633035343637363766613038346162336437303035390a663363313565343230346363646534
-39393835313839323534663430646461336536343764636463376262646666356465386234313635
-3965343062616437660a613633343839303638656464616638306234363732656139653736373262
-63643739313466353637613738343233353738373764653762343432643430383637313137376236
-37643033323439656161333361346638643562393031363230383033363862316162353132313161
-61323433643933323735376163666564666264666461666234376664323661333734313231623730
-65323839383932303436306434356334396130353236323965646564303930383765376265356438
-35633031623036313634333534663564653863366535643466306332386166666531343262386330
-32633530313666653462326565643163616632333835643231643063393438356265313638336662
-36376132353931613835343030633464633561613361376264613535383830376337303539316133
-64666164306235333663303564656364303762326262313835343233303465653934623965653933
-62336130653938643966656665306134376237376537663533306261623132653838363034626131
-39346339666566633037663730313732393464306438623630326533333866636465353631373435
-61623833393039393961633664383939623930633562383936373036616431333664376364663930
-36326666653431326332316361336439303163643061343435643363376665616135653036663466
-65613563356631633238303731366330303265396661303735616534653731616439613531353939
-35386562626432616239643665663432373536623064383963306537386338636437663439313066
-64373336373830633163633433666334393035336539363261336364376139373434316433643364
-35353035326134626661663730383132323466343938373562336332663964393164663731633231
-37386330363531616566663965613164663463303762363635323438366130336334323134393332
-37313638346162633561393562666334616464303330376230633264623262336335613063653665
-32393332396631363562643961336166666339326233366364333061303766616632323732666338
-39363864336634356535333063343730663231303839393061366238353032643965353939656135
-39316539333338333431383635323537653761356665343136303231633265643735623962346133
-66313132313765643231373435653266633564316331633563623138303835616133303061333239
-39333362323162303466383865343031663663613266643932653862623137663766343665366263
-66303962353330653162356333343231393137613763316134663135613738666231373835616563
-33656564343864333263646437656435363338376663636435353432643931303032306330353831
-37623634353735373635303934653034356431346330376637656435356530656131343736636463
-63376565333730623335386231333838353763633031663238346438643664373130343632313462
-39343033623939653865383965653331366539643934363236663631313537323338643266313030
-65363736653237336633343333393665333666386336666630366664313336393136383734613635
-62366365356262643632306430626166346636343837653730626665646631373966396535666336
-36396464626437393433656361386263613330333561643563643232333064333565626534353736
-32653239353531343265353631623430363537396233363666393335356261323532633432376139
-33663266303631383936623332313833616262616635356139336165323662656131643334633563
-39396538383661306564333239383131623039303835323636326532653331346135343065363533
-32616533643662643365383132666438383237396362653465666264346333383133653738643166
-61393561396535343230343665363235326561666565376165323262396638626631363032643865
-66656439626339653837353133626133326234333036386563353532383764613261326130363361
-39663233656538356334326530366132346339666161386433393431663262646433353430366532
-31336661316562323534356632616633363862366163346532613433393434323639313733656562
-37633962613630336661623733626237613365623436346662376135646563353735623030303064
-34303064323635306465326638633665333639306564343034646262326466323539643437646239
-65343865646137336564356438623739323639336437626564393337343232313563353762333561
-65633265386132666635303831653236346165623537343638326639383436326633323163643765
-63336439643465313039653362373538333834666432383533376233643031323665303161336630
-34643462376262363530633933393631343662393631356338316538333366303966623936633163
-31643663616536626538323033396564656432373938383637373831306432353034383630323133
-66646339636335623835636638653533323365323132383134636264396465393463353234363839
-62323236386235303830393930346632366331653632306633376335643232633432386536663630
-35393035303162666563653137613639636561396666623665323832636364336232333165336135
-36626465393762373064353561333939626638613335323066666366326539316438363736373331
-64303538663863613135303531326465666636386364356635316265373533366434323330323266
-39613464343138616235663035316538636137396532373365393866376666343631626333306436
-66383734303032343131356466333264393739663834393836376236656634373832356363343639
-61306436366665616438636539386363616166633536316533386332383632366265313161643965
-31386463323438336165383764396166393530623537666662353735646535653938383031333331
-32646431366166373264326564326630313634333639646662376165643861616139336231373432
-30666165373861343965333264303632623766633763376339353366313839336537616131616436
-6236303866623939313466633635633136383232363034376236
+65646664663537386235383334613536393336623332363437376337323235636335363165366632
+3433623633393731373932306433643663333133393734370a353261353164353335356264643234
+65376132336534306465376435303764616136646633303166336136373263346436353235343065
+6238353863333239330a303131623262353563323864323536313036356237653936326361366565
+62616566396266363535653062636537383061363438303138333237643939323162336465326363
+64323830393839386233303634326562386537373766646461376238663963376463623130303363
+65366638666132393538336361663639303831333232336632616338396539353565663239373265
+38323036343733303131383439323738623263383736303935636339303564343662633437626233
+33303564373963646465306137346161656166366266663766356362636362643430393232646635
+38363764386538613166306464336532623464343565396431643738353434313838633763663861
+35616365383831643434316436313035366131663131373064663464393031623132366137303333
+62333561373465323664303539353966663763613365373633373761343966656166363265313134
+6163
diff --git a/group_vars/docker/secrets.yml b/group_vars/docker/secrets.yml
new file mode 100644
index 0000000..1c0b4ef
--- /dev/null
+++ b/group_vars/docker/secrets.yml
@@ -0,0 +1,32 @@
+$ANSIBLE_VAULT;1.1;AES256
+30383661646632613539633934643164373364323632396664653738383461643436633438616663
+6532323935383966363234373262313135316338333163350a373034356562316438643339643731
+65323462663363313935313763643461633932323763633032346537653431643838643632316431
+3464646137303635300a613464346161636563343664386135663038346464343663323738356432
+66353638616631353765393462353234323437356666316332396661663063363435363039323966
+31303361323432333934353738613233363431366261623433356437626638353063623363373761
+63313437666132373762643530353432353066393861363964663531333439653939313563626334
+31646265316238626639316330373635396538666535373034366131353535343766663833656161
+35326364303262323133633236656632303537636665303061613362336631643261373061393462
+32343263623162643866366361376165633165383733663636363632393634316164356433343766
+30373634623161343363303936396436613265396432616432643064383231326561646533646532
+64393136313438343433643134666164373236383634333838363662323133343833363435306234
+39366662616634323837333231663964633834316163663036613433663630303566303330663765
+38346137393637323434396364333063393961393232363839636334643339333930363131396637
+63383034386535346337633263323130353338393135326535646134336264643136396331653337
+63643035393135623762663763306234313336326465623530393764663131636262386435316235
+38373761333762653531613365336234363238623864393062626166373862623239386164346465
+63393062343166306563636332643966336435303161636533316234353332646131373731313234
+33366465653663643938386439313134666662373865313061316135653639366161303631643436
+64656332616533333338336437323262336463653439613530366430633161616166626461333263
+36643231656133316135373936303361336535393661643363303636343331313461643561303266
+32303438333261613635373165636630363264376638633563353438663236663733346662303661
+35656265373530333063373136343132323461643136336137323361613166336461386565366562
+62343466643334636536653932373433356137373339333235656532643935373661663234633564
+31356630356164646533323134353138666563356431633262306465343731303937323439353236
+66323464633330363031383566313137303766373331653234396131366462633861653031316562
+65346537383436353333303062396139313036386562663630623834306635306230363661353965
+63613239663835623365393432336532636230386635313262623439386338623538626565613765
+63646334313933613963623961633831393737366166363366313138393436633537376166663365
+63333965363465376365353436326236343832653164393563653236376132393463616365616139
+623130306134323838303339653664646539
diff --git a/group_vars/docker/vars.yml b/group_vars/docker/vars.yml
index b6e6938..aa57f4b 100644
--- a/group_vars/docker/vars.yml
+++ b/group_vars/docker/vars.yml
@@ -469,6 +469,26 @@ services:
       - name: "Docker"
         internal: /var/lib/docker:ro
         external: /var/lib/docker
+  - name: karakeep
+    vm:
+      - docker-host01
+    container_name: karakeep
+    image: ghcr.io/karakeep-app/karakeep:0.23.2
+    restart: unless-stopped
+    ports:
+      - name: "http"
+        internal: 3000
+        external: 3000
+    volumes:
+      - name: "Data"
+        internal: /data
+        external: /opt/local/karakeep/config
+    environment:
+      - MEILI_ADDR: http://karakeep-meilisearch:7700
+      - BROWSER_WEB_URL: http://karakeep-chrome:9222
+      - NEXTAUTH_SECRET: "{{ vault.docker.karakeep.nextauth_secret }}"
+      - MEILI_MASTER_KEY: "{{ vault.docker.karakeep.meili_master_key }}"
+      - NEXTAUTH_URL: http://localhost:3000
 #   - name: anubis
 #     vm:
 #       - docker-host00
diff --git a/group_vars/k3s/secrets.yml b/group_vars/k3s/secrets.yml
new file mode 100644
index 0000000..712fa05
--- /dev/null
+++ b/group_vars/k3s/secrets.yml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+66323965326561656434636164616434353663633933346332373537663136323465323461306337
+3733663066623866333534366430663761653262646662650a323938306636653965656361646330
+66313965376537643033666165366435653862663231383366636166373238666334313836313138
+6164353263323136300a653236636334643832396534623735316465623133373838353163313136
+33303331313037376336623637356633383734343338386634646335616632646366366138643539
+37303531346430323330396637316632643065346537386433663431373437376261366263306264
+63323235303632356661373463383565613764323733343839653139613766633036346234316432
+37626432333935613566386631346161623133366438343630316237363730626234336462303132
+38323132363631653432643462306133323266333637346139343961623430363436663763383234
+66343232386263646633653739343963333364386630376638396261326563333935643437646638
+63656664633838336535613963393434336264656265356238306237626361336533643363323838
+30376236613236386133383130633164306632323630383932383432353439646266386239383834
+32346431306662346166653738333138643733623739623536303639663136336533373230643533
+64323037303161306435316662653237356161393239656362383261306366336134353438326233
+62363532396336616261383735386535396363386339333962623233383534393033306662666266
+66316237616137366639333439613732666638376163373235306663323762613466363636346337
+38393762653537316134316234363066363439623164356237313566626533326332646663313838
+38383633616538353833353634376236656433383464303538613663383838633538616136313365
+64643438316638333433366137656634353039663763353734616432306465386563353665666136
+63383739323038333537396433303332343235383562376438633237663465396366643438353862
+32646637323530356432386662613366323234323639653139306665623865613666623133656465
+31636334666638623939393366663935363434613731386365303130343439376430613331663561
+30353738346138343563383738393666333761333231303366386563303165363039313263343563
+36303533353165323461376461623665313938356535363462663737643265636137613366616639
+38383761343161336462373563383338393435326331353132333336666330306638
diff --git a/group_vars/k3s/vars.yml b/group_vars/k3s/vars.yml
index ca4888d..2146eca 100644
--- a/group_vars/k3s/vars.yml
+++ b/group_vars/k3s/vars.yml
@@ -3,7 +3,7 @@ db:
     user: "postgres"
   name: "k3s"
   user: "k3s"
-  password: "{{ vault.k3s.postgres.db.password }}"
+  password: "{{ vault_k3s.postgres.db.password }}"
   listen_address: "{{ k3s.db.ip }}"
 
 k3s:
diff --git a/group_vars/proxmox/secrets.yml b/group_vars/proxmox/secrets.yml
new file mode 100644
index 0000000..62d881d
--- /dev/null
+++ b/group_vars/proxmox/secrets.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+35333866323538343132373761316430616539643436646637633131366232346566656438303438
+3539333661363964633834613161626134323533653737650a613832323436663739663162303066
+31333130646631306539356233346632636132346539343734393065353033613865363466646632
+6565343937666530330a326130393934326435643837323631653862313232363466643534306131
+62376132383137336230366538326364663362346137613930633161663834393835623935373164
+65623564633765653137623361376130623363613263313835366464313039613532323661363461
+37366438616566643537656639316665363339633737363539636364316335663639303364663366
+62653734343364663830633534643931656439313763366138323663373464303137323864313637
+65316135343464393031343166366338323839326631623533343931353833643232643339386231
+38623735386465383964653663346631376531376261353933346661666131353533633331353437
+63336366623333653732306130316264393865633338653238303861646535343837396232366134
+63343037636361323239376436326431623165326366383561323832323730636532623039383734
+66663139656262643038303435346666323762343661336234663131343531636161636536646465
+6530333864323262363536393562346362306161653162346132
diff --git a/group_vars/proxmox/secrets_vm.yml b/group_vars/proxmox/secrets_vm.yml
deleted file mode 100644
index 2e302f5..0000000
--- a/group_vars/proxmox/secrets_vm.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65336233643939653766663539646638346437653862656539666366353630376231353866336439
-3661363464343138333038633464646361616161376662610a303266333539306563393464613238
-36356264633564653265653632323664653133646261656234643235303165393666663539333938
-3665373736323262650a376564663737666339356666393934653234386234306334633864626130
-62663831633836373666303365643539336435393165343461346666636463653564343065653962
-62653163366663386234383462613837316166633735383862646238303263376464366564623631
-383264383961333035653539313266663463
diff --git a/host_vars/k3s-agent00.yml b/host_vars/k3s-agent00.yml
index f01b1ed..8568fbd 100644
--- a/host_vars/k3s-agent00.yml
+++ b/host_vars/k3s-agent00.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.25
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.agent00.sudo }}"
+ansible_become_pass: "{{ vault_k3s.agent00.sudo }}"
 
 host:
   hostname: "k3s-agent00"
diff --git a/host_vars/k3s-agent01.yml b/host_vars/k3s-agent01.yml
index 3134d13..a97cf2d 100644
--- a/host_vars/k3s-agent01.yml
+++ b/host_vars/k3s-agent01.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.26
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.agent01.sudo }}"
+ansible_become_pass: "{{ vault_k3s.agent01.sudo }}"
 
 host:
   hostname: "k3s-agent01"
diff --git a/host_vars/k3s-agent02.yml b/host_vars/k3s-agent02.yml
index de1d865..308b56c 100644
--- a/host_vars/k3s-agent02.yml
+++ b/host_vars/k3s-agent02.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.27
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.agent02.sudo }}"
+ansible_become_pass: "{{ vault_k3s.agent02.sudo }}"
 
 host:
   hostname: "k3s-agent02"
diff --git a/host_vars/k3s-loadbalancer.yml b/host_vars/k3s-loadbalancer.yml
index 455ad44..d3e0d5d 100644
--- a/host_vars/k3s-loadbalancer.yml
+++ b/host_vars/k3s-loadbalancer.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.22
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.loadbalancer.sudo }}"
+ansible_become_pass: "{{ vault_k3s.loadbalancer.sudo }}"
 host:
   hostname: "k3s-loadbalancer"
   ip: "{{ ansible_host }}"
diff --git a/host_vars/k3s-longhorn00.yml b/host_vars/k3s-longhorn00.yml
index a13f2e5..bf32086 100644
--- a/host_vars/k3s-longhorn00.yml
+++ b/host_vars/k3s-longhorn00.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.32
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.longhorn00.sudo }}"
+ansible_become_pass: "{{ vault_k3s.longhorn00.sudo }}"
 
 host:
   hostname: "k3s-longhorn00"
diff --git a/host_vars/k3s-longhorn01.yml b/host_vars/k3s-longhorn01.yml
index fc3688e..620ddd7 100644
--- a/host_vars/k3s-longhorn01.yml
+++ b/host_vars/k3s-longhorn01.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.33
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.longhorn01.sudo }}"
+ansible_become_pass: "{{ vault_k3s.longhorn01.sudo }}"
 
 host:
   hostname: "k3s-longhorn01"
diff --git a/host_vars/k3s-longhorn02.yml b/host_vars/k3s-longhorn02.yml
index d7cd263..ed694ef 100644
--- a/host_vars/k3s-longhorn02.yml
+++ b/host_vars/k3s-longhorn02.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.31
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.longhorn02.sudo }}"
+ansible_become_pass: "{{ vault_k3s.longhorn02.sudo }}"
 
 host:
   hostname: "k3s-longhorn02"
diff --git a/host_vars/k3s-postgres.yml b/host_vars/k3s-postgres.yml
index 5427603..133483b 100644
--- a/host_vars/k3s-postgres.yml
+++ b/host_vars/k3s-postgres.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.23
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.postgres.sudo }}"
+ansible_become_pass: "{{ vault_k3s.postgres.sudo }}"
 host:
   hostname: "k3s-postgres"
   ip: "{{ ansible_host }}"
diff --git a/host_vars/k3s-server00.yml b/host_vars/k3s-server00.yml
index cb76120..3414658 100644
--- a/host_vars/k3s-server00.yml
+++ b/host_vars/k3s-server00.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.21
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.server00.sudo }}"
+ansible_become_pass: "{{ vault_k3s.server00.sudo }}"
 host:
   hostname: "k3s-server00"
   ip: "{{ ansible_host }}"
diff --git a/host_vars/k3s-server01.yml b/host_vars/k3s-server01.yml
index 3f34329..c0cc873 100644
--- a/host_vars/k3s-server01.yml
+++ b/host_vars/k3s-server01.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.24
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
+ansible_become_pass: "{{ vault_k3s.server01.sudo }}"
 
 host:
   hostname: "k3s-server01"
diff --git a/host_vars/k3s-server02.yml b/host_vars/k3s-server02.yml
index 93c03c5..307356e 100644
--- a/host_vars/k3s-server02.yml
+++ b/host_vars/k3s-server02.yml
@@ -3,7 +3,7 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.30
 ansible_port: 22
 ansible_ssh_private_key_file: "{{ pk_path }}"
-ansible_become_pass: "{{ vault.k3s.server02.sudo }}"
+ansible_become_pass: "{{ vault_k3s.server02.sudo }}"
 
 host:
   hostname: "k3s-server02"
diff --git a/roles/docker_host/templates/compose.yaml.j2 b/roles/docker_host/templates/compose.yaml.j2
index c86fb34..31036f9 100644
--- a/roles/docker_host/templates/compose.yaml.j2
+++ b/roles/docker_host/templates/compose.yaml.j2
@@ -1,12 +1,12 @@
 services:
 {% for service in services %}
 {% if inventory_hostname in service.vm %}
-  {{service.name}}:
+  {{ service.name }}:
     container_name: {{ service.container_name }}
     image: {{ service.image }}
     restart: {{ service.restart }}
 {% if service.network_mode is not defined %}
-    hostname: {{service.name}}
+    hostname: {{ service.name }}
     networks:
       - net
 {% endif %}
@@ -15,7 +15,7 @@ services:
     ports:
 {% for port in service.ports %}
 {% if port.internal != 'proxy_only' %}
-      - {{port.external}}:{{port.internal}}
+      - {{ port.external }}:{{ port.internal }}
 {% endif %}
 {% endfor %}
 {% endif %}
@@ -41,24 +41,24 @@ services:
 {% if service.volumes is defined and service.volumes is iterable %}
     volumes:
 {% for volume in service.volumes %}
-      - {{volume.external}}:{{volume.internal}}
+      - {{ volume.external }}:{{ volume.internal }}
 {% endfor %}
 {% endif %}
 {% if service.environment is defined and service.environment is iterable %}
     environment:
 {% for env in service.environment %}
-      - {{env}}
+      - {{ env }}
 {% endfor %}
 {% endif %}
 {% if service.devices is defined and service.devices is iterable  %}
     devices:
 {% for device in service.devices %}
-      - {{device.external}}:{{device.internal}}
+      - {{ device.external }}:{{ device.internal }}
 {% endfor %}
 {% endif %}
 {% if service.name == 'paperless' %}
 
-  {{service.name}}-broker:
+  {{ service.name }}-broker:
     container_name: paperless-broker
     image: docker.io/library/redis:7
     restart: unless-stopped
@@ -67,7 +67,7 @@ services:
     volumes:
       - /opt/local/paperless/redis/data:/data
 
-  {{service.name}}-postgres:
+  {{ service.name }}-postgres:
     container_name: paperless-postgres
     image: docker.io/library/postgres:15
     restart: unless-stopped
@@ -78,7 +78,31 @@ services:
     environment:
       POSTGRES_DB: paperless
       POSTGRES_USER: paperless
-      POSTGRES_PASSWORD: 5fnhn%u2YWY3paNvMAjdoufYPQ2Hf3Yi
+      POSTGRES_PASSWORD: {{ vault.docker.paperless.dbpass }}
+{% endif %}
+{% if service.name == 'karakeep' %}
+
+  {{ service.name }}-chrome:
+    image: gcr.io/zenika-hub/alpine-chrome:123
+    restart: unless-stopped
+    command:
+      - --no-sandbox
+      - --disable-gpu
+      - --disable-dev-shm-usage
+      - --remote-debugging-address=0.0.0.0
+      - --remote-debugging-port=9222
+      - --hide-scrollbars
+
+  {{ service.name }}-meilisearch:
+    image: getmeili/meilisearch:v1.11.1
+    restart: unless-stopped
+    environment:
+      MEILI_NO_ANALYTICS: "true"
+      NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
+      MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
+      NEXTAUTH_URL=http://localhost:3000
+    volumes:
+      - meilisearch:/meili_data
 {% endif %}
 
 {% endif %}
diff --git a/roles/reverse_proxy/templates/Caddyfile.j2 b/roles/reverse_proxy/templates/Caddyfile.j2
index 389859c..1c52c80 100644
--- a/roles/reverse_proxy/templates/Caddyfile.j2
+++ b/roles/reverse_proxy/templates/Caddyfile.j2
@@ -18,9 +18,9 @@
     }
 	tls {
 		dns netcup {
-			customer_number {{ vault.netcup.customer_number }}
-			api_key {{ vault.netcup.api_key}}
-			api_password {{ vault.netcup.api_password }}
+			customer_number {{ vault_netcup.customer_number }}
+			api_key {{ vault_netcup.api_key }}
+			api_password {{ vault_netcup.api_password }}
 		}
     propagation_timeout 900s
 		propagation_delay 600s