Prepare remote building, add searx
This commit is contained in:
parent
76c26c868d
commit
faa29d540e
18
base.nix
18
base.nix
|
@ -24,7 +24,11 @@
|
||||||
options = "--delete-older-than 2d";
|
options = "--delete-older-than 2d";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings.experimental-features = ["nix-command" "flakes"];
|
settings = {
|
||||||
|
experimental-features = ["nix-command" "flakes"];
|
||||||
|
trusted-users = [ "felixalb" ];
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
};
|
||||||
|
|
||||||
registry= {
|
registry= {
|
||||||
nixpkgs.flake = inputs.nixpkgs;
|
nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
@ -36,12 +40,15 @@
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
bat
|
||||||
git
|
|
||||||
tree
|
|
||||||
rsync
|
|
||||||
bottom
|
bottom
|
||||||
|
git
|
||||||
|
gnugrep
|
||||||
|
gnutar
|
||||||
ripgrep
|
ripgrep
|
||||||
|
rsync
|
||||||
|
tree
|
||||||
|
wget
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -68,6 +75,7 @@
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-voyager-worf"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
./services/calibre.nix
|
./services/calibre.nix
|
||||||
./services/stash.nix
|
./services/stash.nix
|
||||||
./services/fancontrol.nix
|
./services/fancontrol.nix
|
||||||
|
./services/searx.nix
|
||||||
# ./services/code-server.nix
|
# ./services/code-server.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
|
@ -11,5 +11,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
/* security.acme = { */
|
||||||
|
/* acceptTerms = true; */
|
||||||
|
/* email = "felix@albrigtsen.it"; */
|
||||||
|
/* }; */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
domain = "search.feal.no";
|
||||||
|
cfg = config.services.searx.settings;
|
||||||
|
in {
|
||||||
|
|
||||||
|
sops.secrets."searx/env" = {
|
||||||
|
restartUnits = [ "searx.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.searx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
general = {
|
||||||
|
debug = false;
|
||||||
|
instance_name = "Taschmex Searx";
|
||||||
|
wiki_url = false;
|
||||||
|
docs_url = false;
|
||||||
|
twitter_url = false;
|
||||||
|
};
|
||||||
|
server = {
|
||||||
|
port = 8090;
|
||||||
|
bind_address = "127.0.1.2";
|
||||||
|
secret_key = "@SEARX_SECRETKEY@";
|
||||||
|
base_url = domain;
|
||||||
|
image_proxy = true;
|
||||||
|
};
|
||||||
|
outgoing = {
|
||||||
|
request_timeout = 2.0;
|
||||||
|
useragent_suffix = "searx@albrigtsen.it";
|
||||||
|
pool_connections = 100;
|
||||||
|
pool_maxsize = 10;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFile = config.sops.secrets."searx/env".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${domain} = {
|
||||||
|
locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
|
||||||
|
/* addSSL = true; */
|
||||||
|
/* enableACME = true; */
|
||||||
|
/* listen = [ */
|
||||||
|
/* { */
|
||||||
|
/* addr = "0.0.0.0"; */
|
||||||
|
/* port = 43443; */
|
||||||
|
/* ssl = true; */
|
||||||
|
/* } */
|
||||||
|
/* { */
|
||||||
|
/* addr = "0.0.0.0"; */
|
||||||
|
/* port = 43080; */
|
||||||
|
/* } */
|
||||||
|
/* ]; */
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 43443 43080 ];
|
||||||
|
}
|
|
@ -10,6 +10,8 @@
|
||||||
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
|
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
|
||||||
|
searx:
|
||||||
|
env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str]
|
||||||
transmission:
|
transmission:
|
||||||
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
||||||
matrix:
|
matrix:
|
||||||
|
@ -54,8 +56,8 @@ sops:
|
||||||
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
|
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
|
||||||
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
|
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-06-08T21:22:10Z"
|
lastmodified: "2023-08-22T15:28:28Z"
|
||||||
mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]
|
mac: ENC[AES256_GCM,data:Fj4acVrxZJjJTXQAFedzdra3L3rupGbP4SnymkN/vd9dFm0iFNUXF1ZybQGtLFsEBtKZqlNxUMcyGz3/jbWfTDEoItITc+rjHFoWpTDyT81aGGSQFr/NYyGI421stn9x4uZgh2SZZAepYDWb7gLLhw24kvFW3XMV08m6XatUn9I=,iv:g7uQE40u6q373X4hiL8HPlm3rLRU/o1NTrSYcSQVgao=,tag:M0ul7bVOdwZKT4BrhcbEFw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in New Issue