Add searchnx container
This commit is contained in:
parent
8ea7d8cfb3
commit
04f7785457
7 changed files with 313 additions and 4 deletions
|
@ -16,6 +16,7 @@ keys:
|
||||||
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
|
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
|
||||||
- &read age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
|
- &read age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
|
||||||
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
|
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
|
||||||
|
- &search age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
|
||||||
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
|
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: machines/loki/[^/]+\.yaml$
|
- path_regex: machines/loki/[^/]+\.yaml$
|
||||||
|
@ -96,6 +97,12 @@ creation_rules:
|
||||||
- *erwin
|
- *erwin
|
||||||
- *erwin_horus
|
- *erwin_horus
|
||||||
- *saga
|
- *saga
|
||||||
|
- path_regex: machines/search/[^/]+\.ya?ml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *erwin
|
||||||
|
- *erwin_horus
|
||||||
|
- *search
|
||||||
- path_regex: machines/valkyrie/[^/]+\.ya?ml$
|
- path_regex: machines/valkyrie/[^/]+\.ya?ml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
@ -124,6 +124,15 @@ inputs: {
|
||||||
tags = [ "container" ];
|
tags = [ "container" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
search = {
|
||||||
|
config = import ./search/configuration.nix inputs;
|
||||||
|
deploy = {
|
||||||
|
# host = "10.0.0.214";
|
||||||
|
host = "search.barn-beaver.ts.net";
|
||||||
|
targetUser = "erwin";
|
||||||
|
tags = [ "container" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
thor = {
|
thor = {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
config = import ./thor/configuration.nix inputs;
|
config = import ./thor/configuration.nix inputs;
|
||||||
|
|
118
machines/search/configuration.nix
Normal file
118
machines/search/configuration.nix
Normal file
|
@ -0,0 +1,118 @@
|
||||||
|
{ self, ... }:
|
||||||
|
{
|
||||||
|
modulesPath,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/virtualisation/lxc-container.nix")
|
||||||
|
|
||||||
|
../../users/root
|
||||||
|
../../users/erwin
|
||||||
|
|
||||||
|
./searxng.nix
|
||||||
|
# ./backup.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
eboskma = {
|
||||||
|
users.erwin = {
|
||||||
|
enable = true;
|
||||||
|
server = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
nix-common = {
|
||||||
|
enable = true;
|
||||||
|
remote-builders = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
rust-motd.enable = true;
|
||||||
|
tailscale.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
isContainer = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "search";
|
||||||
|
useDHCP = false;
|
||||||
|
useHostResolvConf = false;
|
||||||
|
networkmanager.enable = false;
|
||||||
|
useNetworkd = true;
|
||||||
|
nftables.enable = true;
|
||||||
|
firewall.trustedInterfaces = [ "tailscale0" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd = {
|
||||||
|
services.logrotate-checkconf.enable = false;
|
||||||
|
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
wait-online.anyInterface = true;
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
"40-eth0" = {
|
||||||
|
matchConfig = {
|
||||||
|
Name = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
Address = "10.0.0.214/24";
|
||||||
|
Gateway = "10.0.0.1";
|
||||||
|
DNS = "10.0.0.206";
|
||||||
|
DHCP = "no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.caddy.withPlugins {
|
||||||
|
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
|
||||||
|
hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g=";
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"search.datarift.nl" = {
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy 127.0.0.1:${config.services.searx.settings.server.port or "8888"}
|
||||||
|
tls {
|
||||||
|
dns cloudflare {env.CF_API_TOKEN}
|
||||||
|
resolvers 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];
|
||||||
|
|
||||||
|
security = {
|
||||||
|
sudo-rs = {
|
||||||
|
enable = true;
|
||||||
|
execWheelOnly = true;
|
||||||
|
wheelNeedsPassword = false;
|
||||||
|
};
|
||||||
|
sudo.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
sops.secrets = {
|
||||||
|
caddy-env = { };
|
||||||
|
searxng-env = { };
|
||||||
|
search-backup-ssh-key = { };
|
||||||
|
search-backup-pass = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "25.05";
|
||||||
|
}
|
132
machines/search/searxng.nix
Normal file
132
machines/search/searxng.nix
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
services.searx = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = config.sops.secrets.searxng-env.path;
|
||||||
|
settings = {
|
||||||
|
general = {
|
||||||
|
instance_name = "Search";
|
||||||
|
};
|
||||||
|
|
||||||
|
search = {
|
||||||
|
safe_search = 0;
|
||||||
|
autocomplete = "google";
|
||||||
|
favicon_resolver = "google";
|
||||||
|
};
|
||||||
|
|
||||||
|
server = {
|
||||||
|
bind_address = "0.0.0.0";
|
||||||
|
base_url = "https://search.datarift.nl";
|
||||||
|
image_proxy = true;
|
||||||
|
http_protocol_version = "1.1";
|
||||||
|
method = "GET";
|
||||||
|
};
|
||||||
|
|
||||||
|
ui = {
|
||||||
|
static_use_hash = true;
|
||||||
|
results_on_new_tab = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
enabled_plugins = [
|
||||||
|
"Basic Calculator"
|
||||||
|
"Hash plugin"
|
||||||
|
"Open Access DOI rewrite"
|
||||||
|
"Self Information"
|
||||||
|
"Tracker URL remover"
|
||||||
|
"Unit converter plugin"
|
||||||
|
];
|
||||||
|
|
||||||
|
engines = [
|
||||||
|
{
|
||||||
|
name = "bing";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "cppreference";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "tineye";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "codeberg";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "google videos";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "crates.io";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "hoogle";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "kickass";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "lobste.rs";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "pinterest";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "piratebay";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "reddit";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "solidtorrents";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "torch";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "youtube";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dailymotion";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "vimeo";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "brave";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "brave.images";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "brave.videos";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "brave.news";
|
||||||
|
disabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "sourcehut";
|
||||||
|
disabled = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
42
machines/search/secrets.yaml
Normal file
42
machines/search/secrets.yaml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
searxng-env: ENC[AES256_GCM,data:3Z4LI4440Uk84h+xdr1/CqIkHph5nhXnaEtX4QKUkZkVZHZC/XufFtnVWHcR0tJ8b3zXAXWqfz2yC1+RMOFICq4/eF9AamvXOVJ9GsiRFzXZFS00t3TAy7ZEP0g3mm3Yir1e/TgfyEWynUEVa+Y9FPMjjm2QZbi2KL45Zsk6ZrLqI9/0Lol8JnT/A4oB2NY=,iv:5SRBUWOLZP1KaHbJa9B8qlTNsSQeFBrOy8glxDD1fsk=,tag:xmbN0QFv+2PKrqFGwYTQDQ==,type:str]
|
||||||
|
search-backup-ssh-key: ""
|
||||||
|
search-backup-pass: ""
|
||||||
|
caddy-env: ENC[AES256_GCM,data:7tiP85SblV7T/9yiHyiJOc/ESaNWIySfSkpjzHhRHqEXFvaz/drj/HSj6eN+6FpTSrtoBSQ=,iv:i3In19LnAbfTkxDVeEAZ6h3lx9KPAXKVdim16DVTE68=,tag:RNouu7g6FdPOoO51Wby0HQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRR243TTZNaVNpS0F4WjlD
|
||||||
|
L2I3Y3RKKy9oN2JYMmM2UkM1V2JRMEZEMWc4CjRJY3pvTGhzR2NJRkY1VzhOaVNk
|
||||||
|
UDQ5VlAzajZ6YTN6SityV25CR0pNSDgKLS0tIHBCSExNMXhVTmpnanUvVzdBdzJm
|
||||||
|
YU8zRU5Db2ZkSGovRmxpRGI4T2ZnelkKV0oLDxdkmB5r6Y/HTX82CFRA4vjV0BIL
|
||||||
|
7cRA35icYl/OAMgcIzK/ev8QP9nue4sm1mZGqK6+4Q8Lxad9m9lIKw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYU5XamVjY3UvQ0xhemp0
|
||||||
|
OUNzY1MwSHBUcENyNzBuNUZwWUlmMkxCMWx3CnkxdHhVb3BONFBOcmxVMmMwMWpj
|
||||||
|
aGh6dW56ZEJtNm1idWFYUHhpeXZOUncKLS0tIFo4T2ZLT202NDlwbDVVS1ZUTVd0
|
||||||
|
TDlWMkZmWU1xeEJ0YlZzOHA3UkFva3cK33Jw/17ZVitgOPBs+bNrKuhU6UdnCaCt
|
||||||
|
zbWj3XZtkeD0gwY4tPpbK0sqBtu1O0MCKqUgN6hXcaQvIlRyIBdjwQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmZuMTJhSkJXZEpQYVUr
|
||||||
|
Y2tTdk1XTURtME5OQXhha0lOd21UcHVoeEVvCmQ0VlU1RDJBNE1NQjN2cmhacDNM
|
||||||
|
bndrS1FBbHpxeGRTRXlMWSs5KzZYR2sKLS0tIDdxcUJOM25qL2ZMUi9RMXZEVGtt
|
||||||
|
Qk1CR281SUJLbXRrS1JxM3R5UE5yT1EKFu+yaUvdD29UZQM5JWc73RzwqCwtADmQ
|
||||||
|
Wj55pyifNKJ49582R5Az7Dbyfa9ONmMMl/rHoHY4MlezOvKWn46/Ow==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-12-20T14:08:51Z"
|
||||||
|
mac: ENC[AES256_GCM,data:8bvJf7Jr8js+KgdE5paRWo8PwJjEoXDNiA9CxKRrKv9x66+QGTkYoNVrYr9eBDZsHv/UpPpyPYUKG6BGk4ZKQhnduR6+YuFagzypy781mX1IlIVZ6E3yNrA7bbJiOGMrnOEOzhu/41CN65nM8DkJVvzri+wuBQDFroury7ebwCg=,iv:81ddHQ7lteiHo0oS4LMTE+tIRijXpjxdlJxjcaP89Jc=,tag:nCB+yjQy1+EhzddO6RmmYQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
|
@ -1,6 +1,6 @@
|
||||||
$ORIGIN datarift.nl.
|
$ORIGIN datarift.nl.
|
||||||
$TTL 3600
|
$TTL 3600
|
||||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 8 3600 900 86400 1800
|
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 9 3600 900 86400 1800
|
||||||
|
|
||||||
home IN A 10.0.0.251
|
home IN A 10.0.0.251
|
||||||
factorio IN A 159.69.211.175
|
factorio IN A 159.69.211.175
|
||||||
|
@ -15,6 +15,6 @@ mqtt IN A 10.0.0.254
|
||||||
nix-cache IN A 10.0.0.209
|
nix-cache IN A 10.0.0.209
|
||||||
read IN A 10.0.0.207
|
read IN A 10.0.0.207
|
||||||
saga IN A 10.0.0.251
|
saga IN A 10.0.0.251
|
||||||
|
search IN A 10.0.0.214
|
||||||
vidz IN A 10.0.0.211
|
vidz IN A 10.0.0.211
|
||||||
unifi IN A 10.0.0.1
|
unifi IN A 10.0.0.1
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
$TTL 3600
|
$TTL 3600
|
||||||
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 17 3600 900 86400 1800
|
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 19 3600 900 86400 1800
|
||||||
|
|
||||||
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
|
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
|
||||||
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
|
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
|
||||||
|
@ -11,6 +11,7 @@ mqtt.datarift.nl. IN CNAME homeassistant.barn-beaver.ts.net.
|
||||||
nix-cache.datarift.nl. IN CNAME nix-cache.barn-beaver.ts.net.
|
nix-cache.datarift.nl. IN CNAME nix-cache.barn-beaver.ts.net.
|
||||||
read.datarift.nl. IN CNAME read.barn-beaver.ts.net.
|
read.datarift.nl. IN CNAME read.barn-beaver.ts.net.
|
||||||
saga.datarift.nl. IN CNAME saga.barn-beaver.ts.net.
|
saga.datarift.nl. IN CNAME saga.barn-beaver.ts.net.
|
||||||
|
search.datarift.nl. IN CNAME search.barn-beaver.ts.net.
|
||||||
vidz.datarift.nl. IN CNAME vidz.barn-beaver.ts.net.
|
vidz.datarift.nl. IN CNAME vidz.barn-beaver.ts.net.
|
||||||
heimdall.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
heimdall.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
||||||
meili.datarift.nl. IN CNAME meili.barn-beaver.ts.net.
|
meili.datarift.nl. IN CNAME meili.barn-beaver.ts.net.
|
||||||
|
@ -20,4 +21,4 @@ garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
||||||
factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
|
||||||
|
|
||||||
unifi.datarift.nl. IN A 10.0.0.1
|
unifi.datarift.nl. IN A 10.0.0.1
|
||||||
|
unifi.datarift.nl. IN AAAA fdcd:eae3:8553::1
|
||||||
|
|
Loading…
Reference in a new issue