Prepare remote building, add searx

2023-09-13 23:21:28 +02:00 · 2023-09-13 23:21:28 +02:00 · 6b8599d30a
parent 82dbad07d0
commit 6b8599d30a
5 changed files with 81 additions and 7 deletions
--- a/base.nix
+++ b/base.nix
@ -24,7 +24,11 @@
      options = "--delete-older-than 2d";
    };

-    settings.experimental-features = ["nix-command" "flakes"];
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      trusted-users = [ "felixalb" ];
+      builders-use-substitutes = true;
+    };

    registry= {
      nixpkgs.flake = inputs.nixpkgs;
@ -36,12 +40,15 @@
  programs.zsh.enable = true;

  environment.systemPackages = with pkgs; [
-    wget
-    git
-    tree
-    rsync
+    bat
    bottom
+    git
+    gnugrep
+    gnutar
    ripgrep
+    rsync
+    tree
+    wget
  ];

  services.openssh = {
@ -68,6 +75,7 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-voyager-worf"
    ];
  };
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@ -26,6 +26,7 @@
      ./services/vaultwarden.nix
      ./services/calibre.nix
      ./services/fancontrol.nix
+      ./services/searx.nix
      # ./services/code-server.nix

  ];
--- a/hosts/voyager/services/nginx/default.nix
+++ b/hosts/voyager/services/nginx/default.nix
@ -11,5 +11,10 @@
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  /* security.acme = { */
+  /*   acceptTerms = true; */
+  /*   email = "felix@albrigtsen.it"; */
+  /* }; */
 }
 
--- a/hosts/voyager/services/searx.nix
+++ b/hosts/voyager/services/searx.nix
@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+let
+  domain = "search.feal.no";
+  cfg = config.services.searx.settings;
+in {
+
+  sops.secrets."searx/env" = {
+    restartUnits = [ "searx.service" ];
+  };
+
+  services.searx = {
+    enable = true;
+    
+    settings = {
+      general = {
+        debug = false;
+        instance_name = "Taschmex Searx";
+        wiki_url = false;
+        docs_url = false;
+        twitter_url = false;
+      };
+      server = {
+        port = 8090;
+        bind_address = "127.0.1.2";
+        secret_key = "@SEARX_SECRETKEY@";
+        base_url = domain;
+        image_proxy = true;
+      };
+      outgoing = {
+        request_timeout = 2.0;
+        useragent_suffix = "searx@albrigtsen.it";
+        pool_connections = 100;
+        pool_maxsize = 10;
+      };
+    };
+
+    environmentFile = config.sops.secrets."searx/env".path;
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
+    /* addSSL = true; */
+    /* enableACME = true; */
+    /* listen = [ */
+    /*   { */
+    /*     addr = "0.0.0.0"; */
+    /*     port = 43443; */
+    /*     ssl = true; */
+    /*   } */
+    /*   { */
+    /*     addr = "0.0.0.0"; */
+    /*     port = 43080; */
+    /*   } */
+    /* ]; */
+  };
+
+  networking.firewall.allowedTCPPorts = [ 43443 43080 ];
+}
--- a/secrets/voyager/voyager.yaml
+++ b/secrets/voyager/voyager.yaml
@ -10,6 +10,8 @@
 #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
 hedgedoc:
    env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
+searx:
+    env: ENC[AES256_GCM,data:5tzCZulZV+Ls0/N/WMQ4q2A5w04gmlA12AetbcX4pzn1xKDIe/0RwmuJXcq5qIof/A==,iv:/sFUtakRVNX2n1v72FGPFRQy0UK3jKbMS1Qmnrnm/tA=,tag:sxarQL61SDovipJZAd4Ozg==,type:str]
 transmission:
    vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
 matrix:
@ -54,8 +56,8 @@ sops:
            NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
            4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-08T21:22:10Z"
-    mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]
+    lastmodified: "2023-08-22T15:28:28Z"
+    mac: ENC[AES256_GCM,data:Fj4acVrxZJjJTXQAFedzdra3L3rupGbP4SnymkN/vd9dFm0iFNUXF1ZybQGtLFsEBtKZqlNxUMcyGz3/jbWfTDEoItITc+rjHFoWpTDyT81aGGSQFr/NYyGI421stn9x4uZgh2SZZAepYDWb7gLLhw24kvFW3XMV08m6XatUn9I=,iv:g7uQE40u6q373X4hiL8HPlm3rLRU/o1NTrSYcSQVgao=,tag:M0ul7bVOdwZKT4BrhcbEFw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3