mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-22 04:07:28 +01:00
Prepare remote building, add searx
This commit is contained in:
parent
82dbad07d0
commit
6b8599d30a
18
base.nix
18
base.nix
@ -24,7 +24,11 @@
|
||||
options = "--delete-older-than 2d";
|
||||
};
|
||||
|
||||
settings.experimental-features = ["nix-command" "flakes"];
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
trusted-users = [ "felixalb" ];
|
||||
builders-use-substitutes = true;
|
||||
};
|
||||
|
||||
registry= {
|
||||
nixpkgs.flake = inputs.nixpkgs;
|
||||
@ -36,12 +40,15 @@
|
||||
programs.zsh.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
git
|
||||
tree
|
||||
rsync
|
||||
bat
|
||||
bottom
|
||||
git
|
||||
gnugrep
|
||||
gnutar
|
||||
ripgrep
|
||||
rsync
|
||||
tree
|
||||
wget
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
@ -68,6 +75,7 @@
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-voyager-worf"
|
||||
];
|
||||
};
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
@ -26,6 +26,7 @@
|
||||
./services/vaultwarden.nix
|
||||
./services/calibre.nix
|
||||
./services/fancontrol.nix
|
||||
./services/searx.nix
|
||||
# ./services/code-server.nix
|
||||
|
||||
];
|
||||
|
@ -11,5 +11,10 @@
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
/* security.acme = { */
|
||||
/* acceptTerms = true; */
|
||||
/* email = "felix@albrigtsen.it"; */
|
||||
/* }; */
|
||||
}
|
||||
|
||||
|
58
hosts/voyager/services/searx.nix
Normal file
58
hosts/voyager/services/searx.nix
Normal file
@ -0,0 +1,58 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
domain = "search.feal.no";
|
||||
cfg = config.services.searx.settings;
|
||||
in {
|
||||
|
||||
sops.secrets."searx/env" = {
|
||||
restartUnits = [ "searx.service" ];
|
||||
};
|
||||
|
||||
services.searx = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
general = {
|
||||
debug = false;
|
||||
instance_name = "Taschmex Searx";
|
||||
wiki_url = false;
|
||||
docs_url = false;
|
||||
twitter_url = false;
|
||||
};
|
||||
server = {
|
||||
port = 8090;
|
||||
bind_address = "127.0.1.2";
|
||||
secret_key = "@SEARX_SECRETKEY@";
|
||||
base_url = domain;
|
||||
image_proxy = true;
|
||||
};
|
||||
outgoing = {
|
||||
request_timeout = 2.0;
|
||||
useragent_suffix = "searx@albrigtsen.it";
|
||||
pool_connections = 100;
|
||||
pool_maxsize = 10;
|
||||
};
|
||||
};
|
||||
|
||||
environmentFile = config.sops.secrets."searx/env".path;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
|
||||
/* addSSL = true; */
|
||||
/* enableACME = true; */
|
||||
/* listen = [ */
|
||||
/* { */
|
||||
/* addr = "0.0.0.0"; */
|
||||
/* port = 43443; */
|
||||
/* ssl = true; */
|
||||
/* } */
|
||||
/* { */
|
||||
/* addr = "0.0.0.0"; */
|
||||
/* port = 43080; */
|
||||
/* } */
|
||||
/* ]; */
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 43443 43080 ];
|
||||
}
|
@ -10,6 +10,8 @@
|
||||
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
||||
hedgedoc:
|
||||
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
|
||||
searx:
|
||||
env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str]
|
||||
transmission:
|
||||
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
||||
matrix:
|
||||
@ -54,8 +56,8 @@ sops:
|
||||
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
|
||||
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-06-08T21:22:10Z"
|
||||
mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]
|
||||
lastmodified: "2023-08-22T15:28:28Z"
|
||||
mac: ENC[AES256_GCM,data:Fj4acVrxZJjJTXQAFedzdra3L3rupGbP4SnymkN/vd9dFm0iFNUXF1ZybQGtLFsEBtKZqlNxUMcyGz3/jbWfTDEoItITc+rjHFoWpTDyT81aGGSQFr/NYyGI421stn9x4uZgh2SZZAepYDWb7gLLhw24kvFW3XMV08m6XatUn9I=,iv:g7uQE40u6q373X4hiL8HPlm3rLRU/o1NTrSYcSQVgao=,tag:M0ul7bVOdwZKT4BrhcbEFw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
Loading…
Reference in New Issue
Block a user