Prepare remote building, add searx

2023-09-13 23:21:28 +02:00 · 2023-09-13 23:21:28 +02:00 · 6b8599d30a
parent 82dbad07d0
commit 6b8599d30a
5 changed files with 81 additions and 7 deletions
--- a/base.nix
+++ b/base.nix
@ -24,7 +24,11 @@
      options = "--delete-older-than 2d";
    };
-    settings.experimental-features = ["nix-command" "flakes"];
+    settings = {
      experimental-features = ["nix-command" "flakes"];
      trusted-users = [ "felixalb" ];
      builders-use-substitutes = true;
    };
    registry= {
      nixpkgs.flake = inputs.nixpkgs;
@ -36,12 +40,15 @@
  programs.zsh.enable = true;
  environment.systemPackages = with pkgs; [
-    wget
+    bat
    git
    tree
    rsync
    bottom
    git
    gnugrep
    gnutar
    ripgrep
    rsync
    tree
    wget
  ];
  services.openssh = {
@ -68,6 +75,7 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-voyager-worf"
    ];
  };
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@ -26,6 +26,7 @@
      ./services/vaultwarden.nix
      ./services/calibre.nix
      ./services/fancontrol.nix
      ./services/searx.nix
      # ./services/code-server.nix
  ];
--- a/hosts/voyager/services/nginx/default.nix
+++ b/hosts/voyager/services/nginx/default.nix
@ -11,5 +11,10 @@
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  /* security.acme = { */
  /*   acceptTerms = true; */
  /*   email = "felix@albrigtsen.it"; */
  /* }; */
 }
--- a/hosts/voyager/services/searx.nix
+++ b/hosts/voyager/services/searx.nix
@ -0,0 +1,58 @@
 { config, lib, pkgs, ... }:
 let
  domain = "search.feal.no";
  cfg = config.services.searx.settings;
 in {
  sops.secrets."searx/env" = {
    restartUnits = [ "searx.service" ];
  };
  services.searx = {
    enable = true;
    settings = {
      general = {
        debug = false;
        instance_name = "Taschmex Searx";
        wiki_url = false;
        docs_url = false;
        twitter_url = false;
      };
      server = {
        port = 8090;
        bind_address = "127.0.1.2";
        secret_key = "@SEARX_SECRETKEY@";
        base_url = domain;
        image_proxy = true;
      };
      outgoing = {
        request_timeout = 2.0;
        useragent_suffix = "searx@albrigtsen.it";
        pool_connections = 100;
        pool_maxsize = 10;
      };
    };
    environmentFile = config.sops.secrets."searx/env".path;
  };
  services.nginx.virtualHosts.${domain} = {
    locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
    /* addSSL = true; */
    /* enableACME = true; */
    /* listen = [ */
    /*   { */
    /*     addr = "0.0.0.0"; */
    /*     port = 43443; */
    /*     ssl = true; */
    /*   } */
    /*   { */
    /*     addr = "0.0.0.0"; */
    /*     port = 43080; */
    /*   } */
    /* ]; */
  };
  networking.firewall.allowedTCPPorts = [ 43443 43080 ];
 }
--- a/secrets/voyager/voyager.yaml
+++ b/secrets/voyager/voyager.yaml
@ -10,6 +10,8 @@
 #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
 hedgedoc:
    env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
 searx:
    env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str]
 transmission:
    vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
 matrix:
@ -54,8 +56,8 @@ sops:
            NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
            4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-08T21:22:10Z"
+    lastmodified: "2023-08-22T15:28:28Z"
-    mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]
+    mac: ENC[AES256_GCM,data:Fj4acVrxZJjJTXQAFedzdra3L3rupGbP4SnymkN/vd9dFm0iFNUXF1ZybQGtLFsEBtKZqlNxUMcyGz3/jbWfTDEoItITc+rjHFoWpTDyT81aGGSQFr/NYyGI421stn9x4uZgh2SZZAepYDWb7gLLhw24kvFW3XMV08m6XatUn9I=,iv:g7uQE40u6q373X4hiL8HPlm3rLRU/o1NTrSYcSQVgao=,tag:M0ul7bVOdwZKT4BrhcbEFw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3