From c43b1c1bf66b4c3b1a80467f48308aed5a9dabb0 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Wed, 13 Sep 2023 23:21:28 +0200 Subject: [PATCH] Prepare remote building, add searx --- base.nix | 18 ++++++-- hosts/voyager/configuration.nix | 1 + hosts/voyager/services/nginx/default.nix | 5 ++ hosts/voyager/services/searx.nix | 58 ++++++++++++++++++++++++ secrets/voyager/voyager.yaml | 6 ++- 5 files changed, 81 insertions(+), 7 deletions(-) create mode 100644 hosts/voyager/services/searx.nix diff --git a/base.nix b/base.nix index 5e11c0a..a716f60 100644 --- a/base.nix +++ b/base.nix @@ -24,7 +24,11 @@ options = "--delete-older-than 2d"; }; - settings.experimental-features = ["nix-command" "flakes"]; + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-users = [ "felixalb" ]; + builders-use-substitutes = true; + }; registry= { nixpkgs.flake = inputs.nixpkgs; @@ -36,12 +40,15 @@ programs.zsh.enable = true; environment.systemPackages = with pkgs; [ - wget - git - tree - rsync + bat bottom + git + gnugrep + gnutar ripgrep + rsync + tree + wget ]; services.openssh = { @@ -68,6 +75,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-voyager-worf" ]; }; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index 3f77163..3616daf 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -26,6 +26,7 @@ ./services/vaultwarden.nix ./services/calibre.nix ./services/fancontrol.nix + ./services/searx.nix # ./services/code-server.nix ]; diff --git a/hosts/voyager/services/nginx/default.nix b/hosts/voyager/services/nginx/default.nix index fbaa848..23a9300 100644 --- a/hosts/voyager/services/nginx/default.nix +++ b/hosts/voyager/services/nginx/default.nix @@ -11,5 +11,10 @@ }; networking.firewall.allowedTCPPorts = [ 80 443 ]; + + /* security.acme = { */ + /* acceptTerms = true; */ + /* email = "felix@albrigtsen.it"; */ + /* }; */ } diff --git a/hosts/voyager/services/searx.nix b/hosts/voyager/services/searx.nix new file mode 100644 index 0000000..b70d2f9 --- /dev/null +++ b/hosts/voyager/services/searx.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: +let + domain = "search.feal.no"; + cfg = config.services.searx.settings; +in { + + sops.secrets."searx/env" = { + restartUnits = [ "searx.service" ]; + }; + + services.searx = { + enable = true; + + settings = { + general = { + debug = false; + instance_name = "Taschmex Searx"; + wiki_url = false; + docs_url = false; + twitter_url = false; + }; + server = { + port = 8090; + bind_address = "127.0.1.2"; + secret_key = "@SEARX_SECRETKEY@"; + base_url = domain; + image_proxy = true; + }; + outgoing = { + request_timeout = 2.0; + useragent_suffix = "searx@albrigtsen.it"; + pool_connections = 100; + pool_maxsize = 10; + }; + }; + + environmentFile = config.sops.secrets."searx/env".path; + }; + + services.nginx.virtualHosts.${domain} = { + locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}"; + /* addSSL = true; */ + /* enableACME = true; */ + /* listen = [ */ + /* { */ + /* addr = "0.0.0.0"; */ + /* port = 43443; */ + /* ssl = true; */ + /* } */ + /* { */ + /* addr = "0.0.0.0"; */ + /* port = 43080; */ + /* } */ + /* ]; */ + }; + + networking.firewall.allowedTCPPorts = [ 43443 43080 ]; +} diff --git a/secrets/voyager/voyager.yaml b/secrets/voyager/voyager.yaml index 0d4b0a8..ea7944c 100644 --- a/secrets/voyager/voyager.yaml +++ b/secrets/voyager/voyager.yaml @@ -10,6 +10,8 @@ #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment] hedgedoc: env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str] +searx: + env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str] transmission: vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str] matrix: @@ -54,8 +56,8 @@ sops: NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB 4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-08T21:22:10Z" - mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str] + lastmodified: "2023-08-22T15:28:28Z" + mac: ENC[AES256_GCM,data:Fj4acVrxZJjJTXQAFedzdra3L3rupGbP4SnymkN/vd9dFm0iFNUXF1ZybQGtLFsEBtKZqlNxUMcyGz3/jbWfTDEoItITc+rjHFoWpTDyT81aGGSQFr/NYyGI421stn9x4uZgh2SZZAepYDWb7gLLhw24kvFW3XMV08m6XatUn9I=,iv:g7uQE40u6q373X4hiL8HPlm3rLRU/o1NTrSYcSQVgao=,tag:M0ul7bVOdwZKT4BrhcbEFw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3