Add searchnx container
This commit is contained in:
parent
8ea7d8cfb3
commit
04f7785457
7 changed files with 313 additions and 4 deletions
|
@ -16,6 +16,7 @@ keys:
|
|||
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
|
||||
- &read age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
|
||||
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
|
||||
- &search age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
|
||||
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
|
||||
creation_rules:
|
||||
- path_regex: machines/loki/[^/]+\.yaml$
|
||||
|
@ -96,6 +97,12 @@ creation_rules:
|
|||
- *erwin
|
||||
- *erwin_horus
|
||||
- *saga
|
||||
- path_regex: machines/search/[^/]+\.ya?ml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *erwin
|
||||
- *erwin_horus
|
||||
- *search
|
||||
- path_regex: machines/valkyrie/[^/]+\.ya?ml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
@ -124,6 +124,15 @@ inputs: {
|
|||
tags = [ "container" ];
|
||||
};
|
||||
};
|
||||
search = {
|
||||
config = import ./search/configuration.nix inputs;
|
||||
deploy = {
|
||||
# host = "10.0.0.214";
|
||||
host = "search.barn-beaver.ts.net";
|
||||
targetUser = "erwin";
|
||||
tags = [ "container" ];
|
||||
};
|
||||
};
|
||||
thor = {
|
||||
system = "aarch64-linux";
|
||||
config = import ./thor/configuration.nix inputs;
|
||||
|
|
118
machines/search/configuration.nix
Normal file
118
machines/search/configuration.nix
Normal file
|
@ -0,0 +1,118 @@
|
|||
{ self, ... }:
|
||||
{
|
||||
modulesPath,
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/lxc-container.nix")
|
||||
|
||||
../../users/root
|
||||
../../users/erwin
|
||||
|
||||
./searxng.nix
|
||||
# ./backup.nix
|
||||
];
|
||||
|
||||
eboskma = {
|
||||
users.erwin = {
|
||||
enable = true;
|
||||
server = true;
|
||||
};
|
||||
|
||||
nix-common = {
|
||||
enable = true;
|
||||
remote-builders = true;
|
||||
};
|
||||
|
||||
rust-motd.enable = true;
|
||||
tailscale.enable = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
isContainer = true;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
|
||||
networking = {
|
||||
hostName = "search";
|
||||
useDHCP = false;
|
||||
useHostResolvConf = false;
|
||||
networkmanager.enable = false;
|
||||
useNetworkd = true;
|
||||
nftables.enable = true;
|
||||
firewall.trustedInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.logrotate-checkconf.enable = false;
|
||||
|
||||
network = {
|
||||
enable = true;
|
||||
|
||||
wait-online.anyInterface = true;
|
||||
|
||||
networks = {
|
||||
"40-eth0" = {
|
||||
matchConfig = {
|
||||
Name = "eth0";
|
||||
};
|
||||
|
||||
networkConfig = {
|
||||
Address = "10.0.0.214/24";
|
||||
Gateway = "10.0.0.1";
|
||||
DNS = "10.0.0.206";
|
||||
DHCP = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = pkgs.caddy.withPlugins {
|
||||
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
|
||||
hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g=";
|
||||
};
|
||||
|
||||
virtualHosts = {
|
||||
"search.datarift.nl" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy 127.0.0.1:${config.services.searx.settings.server.port or "8888"}
|
||||
tls {
|
||||
dns cloudflare {env.CF_API_TOKEN}
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];
|
||||
|
||||
security = {
|
||||
sudo-rs = {
|
||||
enable = true;
|
||||
execWheelOnly = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
sudo.enable = false;
|
||||
};
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
caddy-env = { };
|
||||
searxng-env = { };
|
||||
search-backup-ssh-key = { };
|
||||
search-backup-pass = { };
|
||||
};
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
}
|
132
machines/search/searxng.nix
Normal file
132
machines/search/searxng.nix
Normal file
|
@ -0,0 +1,132 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.searx = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets.searxng-env.path;
|
||||
settings = {
|
||||
general = {
|
||||
instance_name = "Search";
|
||||
};
|
||||
|
||||
search = {
|
||||
safe_search = 0;
|
||||
autocomplete = "google";
|
||||
favicon_resolver = "google";
|
||||
};
|
||||
|
||||
server = {
|
||||
bind_address = "0.0.0.0";
|
||||
base_url = "https://search.datarift.nl";
|
||||
image_proxy = true;
|
||||
http_protocol_version = "1.1";
|
||||
method = "GET";
|
||||
};
|
||||
|
||||
ui = {
|
||||
static_use_hash = true;
|
||||
results_on_new_tab = true;
|
||||
};
|
||||
|
||||
enabled_plugins = [
|
||||
"Basic Calculator"
|
||||
"Hash plugin"
|
||||
"Open Access DOI rewrite"
|
||||
"Self Information"
|
||||
"Tracker URL remover"
|
||||
"Unit converter plugin"
|
||||
];
|
||||
|
||||
engines = [
|
||||
{
|
||||
name = "bing";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "cppreference";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "tineye";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "codeberg";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "google videos";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "crates.io";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "hoogle";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "kickass";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "lobste.rs";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "pinterest";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "piratebay";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "reddit";
|
||||
disabled = false;
|
||||
}
|
||||
{
|
||||
name = "solidtorrents";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "torch";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "youtube";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "dailymotion";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "vimeo";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "brave";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "brave.images";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "brave.videos";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "brave.news";
|
||||
disabled = true;
|
||||
}
|
||||
{
|
||||
name = "sourcehut";
|
||||
disabled = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
}
|
42
machines/search/secrets.yaml
Normal file
42
machines/search/secrets.yaml
Normal file
|
@ -0,0 +1,42 @@
|
|||
searxng-env: ENC[AES256_GCM,data:3Z4LI4440Uk84h+xdr1/CqIkHph5nhXnaEtX4QKUkZkVZHZC/XufFtnVWHcR0tJ8b3zXAXWqfz2yC1+RMOFICq4/eF9AamvXOVJ9GsiRFzXZFS00t3TAy7ZEP0g3mm3Yir1e/TgfyEWynUEVa+Y9FPMjjm2QZbi2KL45Zsk6ZrLqI9/0Lol8JnT/A4oB2NY=,iv:5SRBUWOLZP1KaHbJa9B8qlTNsSQeFBrOy8glxDD1fsk=,tag:xmbN0QFv+2PKrqFGwYTQDQ==,type:str]
|
||||
search-backup-ssh-key: ""
|
||||
search-backup-pass: ""
|
||||
caddy-env: ENC[AES256_GCM,data:7tiP85SblV7T/9yiHyiJOc/ESaNWIySfSkpjzHhRHqEXFvaz/drj/HSj6eN+6FpTSrtoBSQ=,iv:i3In19LnAbfTkxDVeEAZ6h3lx9KPAXKVdim16DVTE68=,tag:RNouu7g6FdPOoO51Wby0HQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRR243TTZNaVNpS0F4WjlD
|
||||
L2I3Y3RKKy9oN2JYMmM2UkM1V2JRMEZEMWc4CjRJY3pvTGhzR2NJRkY1VzhOaVNk
|
||||
UDQ5VlAzajZ6YTN6SityV25CR0pNSDgKLS0tIHBCSExNMXhVTmpnanUvVzdBdzJm
|
||||
YU8zRU5Db2ZkSGovRmxpRGI4T2ZnelkKV0oLDxdkmB5r6Y/HTX82CFRA4vjV0BIL
|
||||
7cRA35icYl/OAMgcIzK/ev8QP9nue4sm1mZGqK6+4Q8Lxad9m9lIKw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYU5XamVjY3UvQ0xhemp0
|
||||
OUNzY1MwSHBUcENyNzBuNUZwWUlmMkxCMWx3CnkxdHhVb3BONFBOcmxVMmMwMWpj
|
||||
aGh6dW56ZEJtNm1idWFYUHhpeXZOUncKLS0tIFo4T2ZLT202NDlwbDVVS1ZUTVd0
|
||||
TDlWMkZmWU1xeEJ0YlZzOHA3UkFva3cK33Jw/17ZVitgOPBs+bNrKuhU6UdnCaCt
|
||||
zbWj3XZtkeD0gwY4tPpbK0sqBtu1O0MCKqUgN6hXcaQvIlRyIBdjwQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmZuMTJhSkJXZEpQYVUr
|
||||
Y2tTdk1XTURtME5OQXhha0lOd21UcHVoeEVvCmQ0VlU1RDJBNE1NQjN2cmhacDNM
|
||||
bndrS1FBbHpxeGRTRXlMWSs5KzZYR2sKLS0tIDdxcUJOM25qL2ZMUi9RMXZEVGtt
|
||||
Qk1CR281SUJLbXRrS1JxM3R5UE5yT1EKFu+yaUvdD29UZQM5JWc73RzwqCwtADmQ
|
||||
Wj55pyifNKJ49582R5Az7Dbyfa9ONmMMl/rHoHY4MlezOvKWn46/Ow==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-20T14:08:51Z"
|
||||
mac: ENC[AES256_GCM,data:8bvJf7Jr8js+KgdE5paRWo8PwJjEoXDNiA9CxKRrKv9x66+QGTkYoNVrYr9eBDZsHv/UpPpyPYUKG6BGk4ZKQhnduR6+YuFagzypy781mX1IlIVZ6E3yNrA7bbJiOGMrnOEOzhu/41CN65nM8DkJVvzri+wuBQDFroury7ebwCg=,iv:81ddHQ7lteiHo0oS4LMTE+tIRijXpjxdlJxjcaP89Jc=,tag:nCB+yjQy1+EhzddO6RmmYQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
|
@ -1,6 +1,6 @@
|
|||
$ORIGIN datarift.nl.
|
||||
$TTL 3600
|
||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 8 3600 900 86400 1800
|
||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 9 3600 900 86400 1800
|
||||
|
||||
home IN A 10.0.0.251
|
||||
factorio IN A 159.69.211.175
|
||||
|
@ -15,6 +15,6 @@ mqtt IN A 10.0.0.254
|
|||
nix-cache IN A 10.0.0.209
|
||||
read IN A 10.0.0.207
|
||||
saga IN A 10.0.0.251
|
||||
search IN A 10.0.0.214
|
||||
vidz IN A 10.0.0.211
|
||||
unifi IN A 10.0.0.1
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
$TTL 3600
|
||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 17 3600 900 86400 1800
|
||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 19 3600 900 86400 1800
|
||||
|
||||
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
|
||||
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
|
||||
|
@ -11,6 +11,7 @@ mqtt.datarift.nl. IN CNAME homeassistant.barn-beaver.ts.net.
|
|||
nix-cache.datarift.nl. IN CNAME nix-cache.barn-beaver.ts.net.
|
||||
read.datarift.nl. IN CNAME read.barn-beaver.ts.net.
|
||||
saga.datarift.nl. IN CNAME saga.barn-beaver.ts.net.
|
||||
search.datarift.nl. IN CNAME search.barn-beaver.ts.net.
|
||||
vidz.datarift.nl. IN CNAME vidz.barn-beaver.ts.net.
|
||||
heimdall.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
||||
meili.datarift.nl. IN CNAME meili.barn-beaver.ts.net.
|
||||
|
@ -20,4 +21,4 @@ garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
|||
factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
||||
|
||||
unifi.datarift.nl. IN A 10.0.0.1
|
||||
|
||||
unifi.datarift.nl. IN AAAA fdcd:eae3:8553::1
|
||||
|
|
Loading…
Reference in a new issue