diff --git a/README.md b/README.md index be3affb..0724c31 100644 --- a/README.md +++ b/README.md @@ -6,4 +6,15 @@ nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurati nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://github.com/adrlau/nix-dotfiles.git --upgrade -nix why-depends .\#nixosConfigurations.eowyn.config.system.build.toplevel pkgs.python3.12-libarcus-4.12.0 --impure + + +show flake attrs +```nix flake show .#``` + + +why depends: +```nix why-depends /run/current-system /nix/store/...``` +```nix why-depends .#``` +```nix why-depends .#nixosConfigurations.galadriel nixpkgs#python312Packages.botorch``` +```nix why-depends .\#nixosConfigurations.eowyn.config.system.build.toplevel pkgs.python3.12-libarcus-4.12.0 --impure``` + diff --git a/flake.nix b/flake.nix index 95df010..443cb75 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,7 @@ }; aragon = nixpkgs.lib.nixosSystem { - system = "x84_64-linux"; + system = "x86_64-linux"; specialArgs = { inherit inputs; }; diff --git a/machines/elrond/configuration.nix b/machines/elrond/configuration.nix index fe6657e..66620b5 100644 --- a/machines/elrond/configuration.nix +++ b/machines/elrond/configuration.nix @@ -9,7 +9,6 @@ ./hardware-configuration.nix ../../profiles/webhost.nix ../../profiles/base.nix - ../../services/gate.nix #../../services/ozai.nix ./routes.nix ]; diff --git a/machines/elrond/routes.nix b/machines/elrond/routes.nix index 25ad230..3fb8e24 100644 --- a/machines/elrond/routes.nix +++ b/machines/elrond/routes.nix @@ -1,14 +1,14 @@ { config, pkgs, lib, ... }: { services.nginx = { - virtualHosts."lauterer.it" = { - forceSSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://100.84.215.84"; - }; - }; + #virtualHosts."lauterer.it" = { + # forceSSL = true; + # useACMEHost = config.networking.domain; + # locations."/" = { + # proxyWebsockets = true; + # proxyPass = "http://100.84.215.84"; + # }; + #}; virtualHosts."managment.lauterer.it" = { forceSSL = true; @@ -50,16 +50,16 @@ #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; }; - virtualHosts."hybel.lauterer.it" = { - forceSSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://100.109.23.4:8123"; - }; - # ignorerer sikkerhet for littegran for å oprettholde lettvinthet og app kompatibilitet. - #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; - }; + # virtualHosts."hybel.lauterer.it" = { + # forceSSL = true; + # useACMEHost = config.networking.domain; + # locations."/" = { + # proxyWebsockets = true; + # proxyPass = "http://100.109.23.4:8123"; + # }; + # # ignorerer sikkerhet for littegran for å oprettholde lettvinthet og app kompatibilitet. + # #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; + # }; virtualHosts."jellyfin.lauterer.it" = { @@ -81,6 +81,8 @@ basicAuthFile = config.sops.secrets."nginx/defaultpass".path; }; + + virtualHosts."rss.lauterer.it" = { forceSSL = true; useACMEHost = config.networking.domain; @@ -91,6 +93,18 @@ #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; }; + + virtualHosts."ai.lauterer.it" = { + forceSSL = true; + useACMEHost = config.networking.domain; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://100.84.215.84:11111"; + }; + #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; + }; + + #virtualHosts."azul.256.no" = { # forceSSL = true; # useACMEHost = config.networking.domain; @@ -101,15 +115,15 @@ # #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; #}; - virtualHosts."azul.256.no" = { - forceSSL = true; - useACMEHost = config.networking.domain; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://localhost:8095"; - }; - #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; - }; + # virtualHosts."azul.256.no" = { + # forceSSL = true; + # useACMEHost = config.networking.domain; + # locations."/" = { + # proxyWebsockets = true; + # proxyPass = "http://localhost:8095"; + # }; + # #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; + # }; #virtualHosts."shiori.lauterer.it" = config.services.nginx.virtualHosts."archive.lauterer.it"; @@ -123,7 +137,7 @@ proxyPass = "http://100.84.215.84:8082"; }; #basicAuthFile = config.sops.secrets."nginx/defaultpass".path; - }; + }; diff --git a/profiles/ai.nix b/profiles/ai.nix index 7ee8f4a..263e59e 100644 --- a/profiles/ai.nix +++ b/profiles/ai.nix @@ -13,7 +13,6 @@ ollama openai-whisper openai-whisper-cpp - whisper-ctranslate2 wyoming-faster-whisper wyoming-piper subtitlr diff --git a/services/searxng.nix b/services/searxng.nix new file mode 100644 index 0000000..0636092 --- /dev/null +++ b/services/searxng.nix @@ -0,0 +1,180 @@ +{ config, pkgs, lib, ... }: +{ + environment.systemPackages = [ + + ]; + + +services.searx = { + enable = false; + redisCreateLocally = true; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + # UWSGI configuration should be true for non single user instances. + runInUwsgi = false; + + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + http = ":8888"; + chmod-socket = "660"; + }; + + # Searx configuration + settings = { + # Instance settings + general = { + debug = false; + instance_name = "SearXNG Instance"; + donation_url = false; + contact_url = false; + privacypolicy_url = false; + enable_metrics = false; + }; + + # User interface + ui = { + static_use_hash = true; + default_locale = "en"; + query_in_title = true; + infinite_scroll = false; + center_alignment = true; + default_theme = "simple"; + theme_args.simple_style = "auto"; + search_on_category_select = false; + hotkeys = "vim"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + ban_time_on_fail = 5; + max_ban_time_on_fail = 120; + }; + + # Server configuration + server = { + base_url = "https://search.lauterer.it"; + port = 8888; + bind_address = "127.0.0.1"; + secret_key = config.sops.secrets.searx.path; + limiter = true; + public_instance = false; + image_proxy = true; + method = "GET"; + }; + + # Search engines + engines = lib.mapAttrsToList (name: value: { inherit name; } // value) { + "duckduckgo".disabled = false; + "brave".disabled = true; + "bing".disabled = false; + "mojeek".disabled = true; + "mwmbl".disabled = false; + "mwmbl".weight = 0.4; + "qwant".disabled = true; + "crowdview".disabled = false; + "crowdview".weight = 0.5; + "curlie".disabled = true; + "ddg definitions".disabled = false; + "ddg definitions".weight = 2; + "wikibooks".disabled = false; + "wikidata".disabled = false; + "wikiquote".disabled = true; + "wikisource".disabled = true; + "wikispecies".disabled = false; + "wikispecies".weight = 0.5; + "wikiversity".disabled = false; + "wikiversity".weight = 0.5; + "wikivoyage".disabled = false; + "wikivoyage".weight = 0.5; + "currency".disabled = true; + "dictzone".disabled = true; + "lingva".disabled = true; + "bing images".disabled = false; + "brave.images".disabled = true; + "duckduckgo images".disabled = false; + "google images".disabled = false; + "qwant images".disabled = true; + "1x".disabled = true; + "artic".disabled = false; + "deviantart".disabled = true; + "flickr".disabled = true; + "imgur".disabled = false; + "library of congress".disabled = false; + "material icons".disabled = true; + "material icons".weight = 0.2; + "openverse".disabled = false; + "pinterest".disabled = true; + "svgrepo".disabled = false; + "unsplash".disabled = false; + "wallhaven".disabled = false; + "wikicommons.images".disabled = false; + "yacy images".disabled = true; + "bing videos".disabled = true; + "brave.videos".disabled = true; + "duckduckgo videos".disabled = false; + "google videos".disabled = false; + "qwant videos".disabled = false; + "dailymotion".disabled = true; + "google play movies".disabled = true; + "invidious".disabled = false; + "odysee".disabled = true; + "peertube".disabled = false; + "piped".disabled = true; + "rumble".disabled = false; + "sepiasearch".disabled = false; + "vimeo".disabled = true; + "youtube".disabled = true; + "brave.news".disabled = true; + "google news".disabled = true; + }; + + # Outgoing requests + outgoing = { + request_timeout = 5.0; + max_request_timeout = 15.0; + pool_connections = 100; + pool_maxsize = 15; + enable_http2 = true; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Hostnames plugin" + "Self Information" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; +}; + +# Systemd configuration +#systemd.services.nginx.serviceConfig.ProtectHome = false; + +# User management +users.groups.searx.members = ["nginx"]; + + + }