Paperclip quadlet + cloudflared + Caddy routing

2026-04-22-paperclip-quadlet April 22, 2026 dotfiles GitHub

First cut of the Paperclip quadlet stack landed in sodimo/dotfiles, wired into the existing cloudflared tunnel and Caddy reverse-proxy, with the derived image built locally on the Strix-Halo dev box.

Added

docker/paperclip/Dockerfile — derived image layering @mariozechner/pi@latest on ghcr.io/paperclipai/paperclip:sha-b8725c5. First use of a top-level docker/ dir for a Sodimo-built image (establishes the pattern for future derived images)
home/dot_config/containers/systemd/paperclip.container + paperclip-db.container (Postgres sidecar)
home/dot_config/containers/systemd/paperclip-data.volume + paperclip-db-data.volume
home/dot_config/caddy/routes/paperclip.caddy — reverse-proxy route for paperclip.sodimo.eu
home/dot_config/sodimo/paperclip.env.tmpl — first .tmpl EnvironmentFile in the repo (divergence from the stack-wide convention of co-locating envs with .container units; authorized in the handoff)
home/dot_config/sodimo/paperclip/models.json — model allowlist for Paperclip
Local image build: ghcr.io/sodimo/paperclip:v2026.416.0-pi0.x.y (2.55 GB, image id 6ebbd8afe02f) — not yet pushed to ghcr.io, pending org-level write:packages (tracked in #12)

Changed

home/dot_config/cloudflared/config.yml — ingress list appended with paperclip.sodimo.eu → localhost:80 (single named tunnel, now routing 6 hostnames)
Stack-wide Restart=always relaxed to Restart=on-failure for Paperclip only (explicit handoff instruction; revisit after first-week production runtime)

Fixed

podman quadlet -dryrun passes with 0 parse errors across all 42 units after Paperclip addition