Compare commits

...

7 commits

Author SHA1 Message Date
e451ed6a20
odin: Remove obsolete Incus UI definition 2024-12-23 17:11:09 +01:00
04f7785457
Add searchnx container 2024-12-23 17:10:40 +01:00
8ea7d8cfb3
Update: flake.lock flake.nix
Flake lock file updates:

• Updated input 'colmena':
    'github:pks-t/colmena/caabefa41eacd8a9062cbeba09a4e970b2c671b2?narHash=sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk%3D' (2024-12-16)
  → 'github:zhaofengli/colmena/a6b51f5feae9bfb145daa37fd0220595acb7871e?narHash=sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk%3D' (2024-12-22)
• Updated input 'disko':
    'github:nix-community/disko/a08bfe06b39e94eec98dd089a2c1b18af01fef19?narHash=sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU%3D' (2024-12-16)
  → 'github:nix-community/disko/2ee76c861af3b895b3b104bae04777b61397485b?narHash=sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk%3D' (2024-12-20)
• Updated input 'eww':
    'github:elkowar/eww/a8dd2f251fdb05f20a4275f2ef53057e13177ac8?narHash=sha256-6yPd%2B8FHEhYR5i4hYeE6IoqLC5IYt6qvuUjQRw6u6xU%3D' (2024-12-11)
  → 'github:elkowar/eww/f2b687043e555da681f465c54f0802d34f3488a5?narHash=sha256-1R7%2BB72EDpy9YwdF/ENZTZdOkEGqKnJ8p1MeBWw4xmg%3D' (2024-12-21)
• Updated input 'home-manager':
    'github:nix-community/home-manager/1395379a7a36e40f2a76e7b9936cc52950baa1be?narHash=sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI%3D' (2024-12-19)
  → 'github:nix-community/home-manager/8264bfe3a064d704c57df91e34b795b6ac7bad9e?narHash=sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU%3D' (2024-12-23)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b12e314726a4226298fe82776b4baeaa7bcf3dcd?narHash=sha256-mfv%2BJ/vO4nqmIOlq8Y1rRW8hVsGH3M%2BI2ESMjhuebDs%3D' (2024-12-16)
  → 'github:NixOS/nixos-hardware/def1d472c832d77885f174089b0d34854b007198?narHash=sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl%2Bfk%3D' (2024-12-23)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33?narHash=sha256-cHar1vqHOOyC7f1%2BtVycPoWTfKIaqkoe1Q6TnKzuti4%3D' (2024-12-17)
  → 'github:nixos/nixpkgs/d70bd19e0a38ad4790d3913bf08fcbfc9eeca507?narHash=sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ%3D' (2024-12-19)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d?narHash=sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig%3D' (2024-12-17)
  → 'github:cachix/git-hooks.nix/f0f0dc4920a903c3e08f5bdb9246bb572fcae498?narHash=sha256-ulZN7ps8nBV31SE%2BdwkDvKIzvN6hroRY8sYOT0w%2BE28%3D' (2024-12-21)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/573c674a3ad06e8a525263185ebef336a411d1d5?narHash=sha256-BxQ/4JuHEi0zRjF0P8B5xnbXOLulgsK2gfwVRXGZ4a4%3D' (2024-12-19)
  → 'github:oxalica/rust-overlay/b070e6030118680977bc2388868c4b3963872134?narHash=sha256-bm8V%2BCu8rWJA%2BvKQnc94mXTpSDgvedyoDKxTVi/uJfw%3D' (2024-12-22)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/76159fc74eeac0599c3618e3601ac2b980a29263?narHash=sha256-/QceWozrNg915Db9x/Ie5k67n9wKgGdTFng%2BZ1Qw0kE%3D' (2024-12-18)
  → 'github:numtide/treefmt-nix/65712f5af67234dad91a5a4baee986a8b62dbf8f?narHash=sha256-MMi74%2BWckoyEWBRcg/oaGRvXC9BVVxDZNRMpL%2B72wBI%3D' (2024-12-20)
2024-12-23 16:44:15 +01:00
64f15e8711
flake: Switch colmena to PR-branch to fix nix-eval-jobs patch 2024-12-20 11:20:40 +01:00
77a11a2d7a
bsky: add backup task 2024-12-20 11:20:02 +01:00
7574ca53e6
pds/pdsadmin: 0.4.67 -> 0.4.74 2024-12-20 11:19:26 +01:00
5c3d222de9
Update: flake.lock
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/83ecd50915a09dca928971139d3a102377a8d242?narHash=sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA%3D' (2024-12-16)
  → 'github:nix-community/home-manager/1395379a7a36e40f2a76e7b9936cc52950baa1be?narHash=sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI%3D' (2024-12-19)
• Updated input 'nixos-facter-modules':
    'github:numtide/nixos-facter-modules/862648589993a96480c2255197a28feea712f68f?narHash=sha256-zSQ2cR%2BNRJfHUVfkv%2BO6Wi53wXfzX8KHiO8fRfnvc0M%3D' (2024-11-22)
  → 'github:numtide/nixos-facter-modules/536472754982bf03079b4b4e0261838a760587c0?narHash=sha256-MRqwVAe3gsb88u4ME1UidmZFVCx%2BFEnoob0zkpO9DMY%3D' (2024-12-19)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5?narHash=sha256-AKU6qqskl0yf2%2BJdRdD0cfxX4b9x3KKV5RqA6wijmPM%3D' (2024-12-13)
  → 'github:nixos/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33?narHash=sha256-cHar1vqHOOyC7f1%2BtVycPoWTfKIaqkoe1Q6TnKzuti4%3D' (2024-12-17)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/b2e385f8e5c1d7c0d9ce738d650955c2e94555ae?narHash=sha256-dKBBZr2pw7KDI/7GeiN5qPccqqtvnK2jqAMcMo4rVvU%3D' (2024-12-18)
  → 'github:oxalica/rust-overlay/573c674a3ad06e8a525263185ebef336a411d1d5?narHash=sha256-BxQ/4JuHEi0zRjF0P8B5xnbXOLulgsK2gfwVRXGZ4a4%3D' (2024-12-19)
• Updated input 'sops':
    'github:Mic92/sops-nix/2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004?narHash=sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs%3D' (2024-12-12)
  → 'github:Mic92/sops-nix/ed091321f4dd88afc28b5b4456e0a15bd8374b4d?narHash=sha256-6OvJbqQ6qPpNw3CA%2BW8Myo5aaLhIJY/nNFDk3zMXLfM%3D' (2024-12-18)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/0ce9d149d99bc383d1f2d85f31f6ebd146e46085?narHash=sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ%3D' (2024-12-09)
  → 'github:numtide/treefmt-nix/76159fc74eeac0599c3618e3601ac2b980a29263?narHash=sha256-/QceWozrNg915Db9x/Ie5k67n9wKgGdTFng%2BZ1Qw0kE%3D' (2024-12-18)
2024-12-19 22:54:44 +01:00
15 changed files with 441 additions and 62 deletions

View file

@ -16,6 +16,7 @@ keys:
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
- &read age193v7jejqu7dxk4xejs9cfcatz7605wf4fmytxst424xel2e4z48qj8fflj
- &saga age10advysga7fpkh7uuv9a7phs77c5khswf5c9q9txvrauxtqr4yu0sk2r75v
- &search age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
- &valkyrie age139zg5z02dx3j70tl6sn2l9kq0nfz2ddkffx0grlh7gg28dafhq6qd2sj6f
creation_rules:
- path_regex: machines/loki/[^/]+\.yaml$
@ -96,6 +97,12 @@ creation_rules:
- *erwin
- *erwin_horus
- *saga
- path_regex: machines/search/[^/]+\.ya?ml$
key_groups:
- age:
- *erwin
- *erwin_horus
- *search
- path_regex: machines/valkyrie/[^/]+\.ya?ml$
key_groups:
- age:

View file

@ -74,11 +74,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1731527002,
"narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
"lastModified": 1734897875,
"narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
"rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e",
"type": "github"
},
"original": {
@ -150,11 +150,11 @@
]
},
"locked": {
"lastModified": 1734343412,
"narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=",
"lastModified": 1734701201,
"narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=",
"owner": "nix-community",
"repo": "disko",
"rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19",
"rev": "2ee76c861af3b895b3b104bae04777b61397485b",
"type": "github"
},
"original": {
@ -196,11 +196,11 @@
]
},
"locked": {
"lastModified": 1733943836,
"narHash": "sha256-6yPd+8FHEhYR5i4hYeE6IoqLC5IYt6qvuUjQRw6u6xU=",
"lastModified": 1734796596,
"narHash": "sha256-1R7+B72EDpy9YwdF/ENZTZdOkEGqKnJ8p1MeBWw4xmg=",
"owner": "elkowar",
"repo": "eww",
"rev": "a8dd2f251fdb05f20a4275f2ef53057e13177ac8",
"rev": "f2b687043e555da681f465c54f0802d34f3488a5",
"type": "github"
},
"original": {
@ -430,11 +430,11 @@
]
},
"locked": {
"lastModified": 1734344598,
"narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
"lastModified": 1734944412,
"narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83ecd50915a09dca928971139d3a102377a8d242",
"rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e",
"type": "github"
},
"original": {
@ -536,11 +536,11 @@
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1732288619,
"narHash": "sha256-zSQ2cR+NRJfHUVfkv+O6Wi53wXfzX8KHiO8fRfnvc0M=",
"lastModified": 1734596637,
"narHash": "sha256-MRqwVAe3gsb88u4ME1UidmZFVCx+FEnoob0zkpO9DMY=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "862648589993a96480c2255197a28feea712f68f",
"rev": "536472754982bf03079b4b4e0261838a760587c0",
"type": "github"
},
"original": {
@ -551,11 +551,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1734352517,
"narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=",
"lastModified": 1734954597,
"narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd",
"rev": "def1d472c832d77885f174089b0d34854b007198",
"type": "github"
},
"original": {
@ -566,11 +566,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"lastModified": 1734649271,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
"type": "github"
},
"original": {
@ -694,11 +694,11 @@
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1734425854,
"narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=",
"lastModified": 1734797603,
"narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d",
"rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
"type": "github"
},
"original": {
@ -742,11 +742,11 @@
]
},
"locked": {
"lastModified": 1734489114,
"narHash": "sha256-dKBBZr2pw7KDI/7GeiN5qPccqqtvnK2jqAMcMo4rVvU=",
"lastModified": 1734834660,
"narHash": "sha256-bm8V+Cu8rWJA+vKQnc94mXTpSDgvedyoDKxTVi/uJfw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "b2e385f8e5c1d7c0d9ce738d650955c2e94555ae",
"rev": "b070e6030118680977bc2388868c4b3963872134",
"type": "github"
},
"original": {
@ -762,11 +762,11 @@
]
},
"locked": {
"lastModified": 1733965552,
"narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=",
"lastModified": 1734546875,
"narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004",
"rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
"type": "github"
},
"original": {
@ -859,11 +859,11 @@
]
},
"locked": {
"lastModified": 1733761991,
"narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
"lastModified": 1734704479,
"narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
"rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
"type": "github"
},
"original": {

View file

@ -271,6 +271,7 @@
devShells.default =
with pkgs;
mkShell {
name = "dotfiles";
packages = [
@ -302,7 +303,6 @@
python3Packages.websocket-client
ssh-to-age
taplo
# vscode-langservers-extracted
yj
inputs'.disko.packages.disko

39
machines/bsky/backup.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, config, ... }:
let
borgJob = name: {
environment = {
BORG_RSH = "ssh -i ${config.sops.secrets.bsky-backup-ssh-key.path}";
};
repo = "ssh://zh2088@zh2088.rsync.net/./backups/bsky/${name}";
compression = "zstd,10";
startAt = "*-*-* 2:30:00";
extraInitArgs = "--make-parent-dirs";
archiveBaseName = name;
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.bsky-backup-pass.path}";
};
prune = {
keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
in
{
services = {
borgbackup.jobs = {
bsky-pds = borgJob "bsky-pds" // {
paths = [ "/var/lib/pds" ];
};
};
};
environment.systemPackages = [ pkgs.borgbackup ];
}

View file

@ -12,6 +12,7 @@
../../users/root
../../users/erwin
./backup.nix
];
eboskma = {
@ -98,6 +99,8 @@
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
pds-env = { };
bsky-backup-ssh-key = { };
bsky-backup-pass = { };
};
system.stateVersion = "25.05";

View file

@ -1,4 +1,6 @@
pds-env: ENC[AES256_GCM,data:7igflP/eh4Mvz15Xh1B3R4WcZ51LTCcjBNYiBCu92ZaQvOTalquJqGdLRpaBx425NZjPGGAt6xibMLnbaXOrXpouVW3A+xPj0TzTO+K2ZObFAZgaFfLCDIUPgkc1PUGvvwg/jfU8xMaUvLRlaAQDo1SDfNbmszQrxZRTAJYL4doPHFGnUAKgAW36RQ3PmQKcDGC3Rdaf3Bzi5rU7PIgYmJKaQWDSsDBgD9z5oPd1w/1k1RgoTblHM4u7lk0d0itUeS0TYMkVL4w5+soye6R00wwQBXyIkwQ8fikJUa3GnbhPx67RSzPkwKg3tRIxAZyRfBHC9Cb52RhhhFmZG5AWdG3FLXGpelPO/fMhEZGhCbkDo3dJtDz+Ce567R/ud5cQCpwvTuHQoH1n7/IcROxAy5sf60bgV7eyhA==,iv:8b/U6vv/MHnr/U03vMxN8sr9csgPbpBBALrcehPop/A=,tag:bejYU4f4IA+TVcEfyFhkMA==,type:str]
bsky-backup-ssh-key: ENC[AES256_GCM,data:Mdo1HHWtr/4QrTqEiRievi5qZ04hw+9/XnnqBF39Q61SO760LvDjD7DRszrFMReHpN4UbLnG9KaeaujZbure83aCTDxoc+P3VJ/HYrfaIh1zhxuOGg0D/gz42zOHHI1DOTIqIqB4ILf0ZLLRegmbSvEVq9/k9Wh+nTr4NklJqmWdI8pkPU79nycUFcOQPWUDslse0Q1uqCz3YACKpTp/efbFGbSr++bXxJQ9iEbB0v98AzGta2eypP6sUrH/iQn909dzwThCwHx9S6v5qxOXomLawiKm2zJMgNFnIemMWcpU2rWKL8sWwpj2UdDMByeIJ9YJFSj5vX9n9+4JY5i06h7QyPSbZX2k1K5nK8bY2S1J9Aq7UOAXUynZuxBDGfRW3iQulZ9mgk+9wYQGT05Y6cxBep7zkeNheeqr009u219MwwnYwU1Fw55TgA5zj2VX6qnfAXTLDqC9lehvOYVUiPQtpSdKJn5jQ4N53IvqZNT6kXhzT8HHB1ZdCuX2AOtmlR2TDv2NwOuQw4t23nBV,iv:URYCUXTHmc6iWvGZ+qCKUJa6eTOhGpf6ZGibZtq60nE=,tag:RClxYGvsfM2AvrLzpGJ5+Q==,type:str]
bsky-backup-pass: ENC[AES256_GCM,data:pIwYD6GIudgTj0a8WYHOpGV74aixSbd+Anwr/20hyDWxjBn3W5UtkoRBQG7LCuZn4B/Ht3/kgKb45wTm56jJYRfyNjO6I1skGNh52ybfr/wFRnxzlufrexTcy0K/uhRpHJUtTkuLCcmGeZysFNPDOKVlxAbzz16rwGsxg702ZEo=,iv:M8B98X0DMPH7vWdP9ypCvyT7AtOCabYMdBlnlFxEyMY=,tag:cSwSXDD4zAzJjPDw3VzorA==,type:str]
sops:
kms: []
gcp_kms: []
@ -32,8 +34,8 @@ sops:
TFRvdGkyb1czc21weVMyRHJGUlR3WEkKQPEoBJPPLijNmpGo8jngBfWUrkZZJwcg
zdi6Wukj6tTS/rKyK0cCC8noyBVc0lLnpUMAemX9xs1dWkFrUBVQiw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-03T21:01:23Z"
mac: ENC[AES256_GCM,data:rjymp5a273Wx2K5WE8yVMRiJDyzz7y3UDLliJvAtUJLg72nx3KXbWFvHjio8BaEQxbobRxnLuPYyAXrGVwIdA14JJVBGFSc4jiJWFsVoX7Kh/7Iui4xkPO/3veoIVkvIzBYyRkPjB249ZwKbLaVR+NlraK7uHvL+Z9wFR+AY67E=,iv:hs6OUurXAApby6s7P0jr1Txplu8TC6DejvWT/87yrMA=,tag:L8+ZVgcwJZc67zd4NitXtQ==,type:str]
lastmodified: "2024-12-20T09:50:48Z"
mac: ENC[AES256_GCM,data:u+vDui46AnPiOaxPGovgAz4IcbDyqhVJm0su2IYlL1lN3TTJsEVjOmjYxD9Cb+OYpMupFHDuSLZVw3j5wp5o9vx4VGAtw0cmrUKq9hu48iGXBk0+zLVTImy5gZ82Bx0fy5rsHulM+QPKWio5zJqaq8Sy4ohib4bQSERR5i8vEFw=,iv:2jXWVmXVYLqRfuN7NH43S1XXvlnzbAd6L4T1YRJigQk=,tag:0eXDlb06a/qFA8+8ASNRdA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.2

View file

@ -124,6 +124,15 @@ inputs: {
tags = [ "container" ];
};
};
search = {
config = import ./search/configuration.nix inputs;
deploy = {
# host = "10.0.0.214";
host = "search.barn-beaver.ts.net";
targetUser = "erwin";
tags = [ "container" ];
};
};
thor = {
system = "aarch64-linux";
config = import ./thor/configuration.nix inputs;

View file

@ -122,9 +122,6 @@
pkgs.e2fsprogs
pkgs.kmod
];
# environment = {
# INCUS_UI = pkgs.incus-ui;
# };
};
incus-preseed = {
path = [ pkgs.lvm2 ];

View file

@ -0,0 +1,118 @@
{ self, ... }:
{
modulesPath,
pkgs,
config,
lib,
...
}:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
./searxng.nix
# ./backup.nix
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
rust-motd.enable = true;
tailscale.enable = true;
};
boot = {
isContainer = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "search";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd = {
services.logrotate-checkconf.enable = false;
network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.214/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
};
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g=";
};
virtualHosts = {
"search.datarift.nl" = {
extraConfig = ''
reverse_proxy 127.0.0.1:${config.services.searx.settings.server.port or "8888"}
tls {
dns cloudflare {env.CF_API_TOKEN}
resolvers 1.1.1.1
}
'';
};
};
};
systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
caddy-env = { };
searxng-env = { };
search-backup-ssh-key = { };
search-backup-pass = { };
};
system.stateVersion = "25.05";
}

132
machines/search/searxng.nix Normal file
View file

@ -0,0 +1,132 @@
{ config, ... }:
{
services.searx = {
enable = true;
environmentFile = config.sops.secrets.searxng-env.path;
settings = {
general = {
instance_name = "Search";
};
search = {
safe_search = 0;
autocomplete = "google";
favicon_resolver = "google";
};
server = {
bind_address = "0.0.0.0";
base_url = "https://search.datarift.nl";
image_proxy = true;
http_protocol_version = "1.1";
method = "GET";
};
ui = {
static_use_hash = true;
results_on_new_tab = true;
};
enabled_plugins = [
"Basic Calculator"
"Hash plugin"
"Open Access DOI rewrite"
"Self Information"
"Tracker URL remover"
"Unit converter plugin"
];
engines = [
{
name = "bing";
disabled = true;
}
{
name = "cppreference";
disabled = false;
}
{
name = "tineye";
disabled = false;
}
{
name = "codeberg";
disabled = false;
}
{
name = "google videos";
disabled = true;
}
{
name = "crates.io";
disabled = false;
}
{
name = "hoogle";
disabled = true;
}
{
name = "kickass";
disabled = true;
}
{
name = "lobste.rs";
disabled = false;
}
{
name = "pinterest";
disabled = true;
}
{
name = "piratebay";
disabled = true;
}
{
name = "reddit";
disabled = false;
}
{
name = "solidtorrents";
disabled = true;
}
{
name = "torch";
disabled = true;
}
{
name = "youtube";
disabled = true;
}
{
name = "dailymotion";
disabled = true;
}
{
name = "vimeo";
disabled = true;
}
{
name = "brave";
disabled = true;
}
{
name = "brave.images";
disabled = true;
}
{
name = "brave.videos";
disabled = true;
}
{
name = "brave.news";
disabled = true;
}
{
name = "sourcehut";
disabled = false;
}
];
};
};
}

View file

@ -0,0 +1,42 @@
searxng-env: ENC[AES256_GCM,data:3Z4LI4440Uk84h+xdr1/CqIkHph5nhXnaEtX4QKUkZkVZHZC/XufFtnVWHcR0tJ8b3zXAXWqfz2yC1+RMOFICq4/eF9AamvXOVJ9GsiRFzXZFS00t3TAy7ZEP0g3mm3Yir1e/TgfyEWynUEVa+Y9FPMjjm2QZbi2KL45Zsk6ZrLqI9/0Lol8JnT/A4oB2NY=,iv:5SRBUWOLZP1KaHbJa9B8qlTNsSQeFBrOy8glxDD1fsk=,tag:xmbN0QFv+2PKrqFGwYTQDQ==,type:str]
search-backup-ssh-key: ""
search-backup-pass: ""
caddy-env: ENC[AES256_GCM,data:7tiP85SblV7T/9yiHyiJOc/ESaNWIySfSkpjzHhRHqEXFvaz/drj/HSj6eN+6FpTSrtoBSQ=,iv:i3In19LnAbfTkxDVeEAZ6h3lx9KPAXKVdim16DVTE68=,tag:RNouu7g6FdPOoO51Wby0HQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRR243TTZNaVNpS0F4WjlD
L2I3Y3RKKy9oN2JYMmM2UkM1V2JRMEZEMWc4CjRJY3pvTGhzR2NJRkY1VzhOaVNk
UDQ5VlAzajZ6YTN6SityV25CR0pNSDgKLS0tIHBCSExNMXhVTmpnanUvVzdBdzJm
YU8zRU5Db2ZkSGovRmxpRGI4T2ZnelkKV0oLDxdkmB5r6Y/HTX82CFRA4vjV0BIL
7cRA35icYl/OAMgcIzK/ev8QP9nue4sm1mZGqK6+4Q8Lxad9m9lIKw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYU5XamVjY3UvQ0xhemp0
OUNzY1MwSHBUcENyNzBuNUZwWUlmMkxCMWx3CnkxdHhVb3BONFBOcmxVMmMwMWpj
aGh6dW56ZEJtNm1idWFYUHhpeXZOUncKLS0tIFo4T2ZLT202NDlwbDVVS1ZUTVd0
TDlWMkZmWU1xeEJ0YlZzOHA3UkFva3cK33Jw/17ZVitgOPBs+bNrKuhU6UdnCaCt
zbWj3XZtkeD0gwY4tPpbK0sqBtu1O0MCKqUgN6hXcaQvIlRyIBdjwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vxxy66vw8tqqw27xtp7l4np5xstfla7ck7sr29rhhr9fysxj547qdtm6vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYmZuMTJhSkJXZEpQYVUr
Y2tTdk1XTURtME5OQXhha0lOd21UcHVoeEVvCmQ0VlU1RDJBNE1NQjN2cmhacDNM
bndrS1FBbHpxeGRTRXlMWSs5KzZYR2sKLS0tIDdxcUJOM25qL2ZMUi9RMXZEVGtt
Qk1CR281SUJLbXRrS1JxM3R5UE5yT1EKFu+yaUvdD29UZQM5JWc73RzwqCwtADmQ
Wj55pyifNKJ49582R5Az7Dbyfa9ONmMMl/rHoHY4MlezOvKWn46/Ow==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-20T14:08:51Z"
mac: ENC[AES256_GCM,data:8bvJf7Jr8js+KgdE5paRWo8PwJjEoXDNiA9CxKRrKv9x66+QGTkYoNVrYr9eBDZsHv/UpPpyPYUKG6BGk4ZKQhnduR6+YuFagzypy781mX1IlIVZ6E3yNrA7bbJiOGMrnOEOzhu/41CN65nM8DkJVvzri+wuBQDFroury7ebwCg=,iv:81ddHQ7lteiHo0oS4LMTE+tIRijXpjxdlJxjcaP89Jc=,tag:nCB+yjQy1+EhzddO6RmmYQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

View file

@ -1,6 +1,6 @@
$ORIGIN datarift.nl.
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 8 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 9 3600 900 86400 1800
home IN A 10.0.0.251
factorio IN A 159.69.211.175
@ -15,6 +15,6 @@ mqtt IN A 10.0.0.254
nix-cache IN A 10.0.0.209
read IN A 10.0.0.207
saga IN A 10.0.0.251
search IN A 10.0.0.214
vidz IN A 10.0.0.211
unifi IN A 10.0.0.1

View file

@ -1,5 +1,5 @@
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 17 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 19 3600 900 86400 1800
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
@ -11,6 +11,7 @@ mqtt.datarift.nl. IN CNAME homeassistant.barn-beaver.ts.net.
nix-cache.datarift.nl. IN CNAME nix-cache.barn-beaver.ts.net.
read.datarift.nl. IN CNAME read.barn-beaver.ts.net.
saga.datarift.nl. IN CNAME saga.barn-beaver.ts.net.
search.datarift.nl. IN CNAME search.barn-beaver.ts.net.
vidz.datarift.nl. IN CNAME vidz.barn-beaver.ts.net.
heimdall.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
meili.datarift.nl. IN CNAME meili.barn-beaver.ts.net.
@ -20,4 +21,4 @@ garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
unifi.datarift.nl. IN A 10.0.0.1
unifi.datarift.nl. IN AAAA fdcd:eae3:8553::1

View file

@ -1,10 +1,16 @@
{
stdenv,
makeBinaryWrapper,
removeReferencesTo,
srcOnly,
python3,
pnpm,
fetchFromGitHub,
nodejs,
buildNpmPackage,
vips,
pkg-config,
writeShellApplication,
bash,
xxd,
openssl,
nixosTests,
@ -27,38 +33,59 @@ let
echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)"
'';
};
nodeSources = srcOnly nodejs;
customPython3 = python3.withPackages (p: [ p.setuptools ]);
in
# NOTE: Package comes with `pnpm-lock.yaml` but we cannot use `pnpm.fetchDeps` here because it
# does not work with `sharp` NPM dependency that needs `vips` and `pkg-config`
# Regenerate `package-lock.json` with `npm i --package-lock-only`
# Next release should have bumped `sharp` with pre-built binaries
buildNpmPackage rec {
stdenv.mkDerivation (finalAttrs: {
pname = "pds";
version = "0.4.67";
version = "0.4.74";
src = fetchFromGitHub {
owner = "bluesky-social";
repo = "pds";
rev = "v${version}";
hash = "sha256-dEB5u++Zx+F4TH5q44AF/tuwAhLEyYT+U5/18viT4sw=";
rev = "v${finalAttrs.version}";
hash = "sha256-kNHsQ6funmo8bnkFBNWHQ0Fmd5nf/uh+x9buaRJMZnM=";
};
sourceRoot = "${src.name}/service";
sourceRoot = "${finalAttrs.src.name}/service";
npmDepsHash = "sha256-uQKhODaVHLj+JEq6LYiJ/zXuu7kDCLmpxOs/VCc0GqQ=";
postPatch = ''
cp ${./package-lock.json} package-lock.json
'';
nativeBuildInputs = [
makeBinaryWrapper
nodejs
customPython3
pkg-config
pnpm.configHook
];
# Required for `sharp` NPM dependency
nativeBuildInputs = [ pkg-config ];
buildInputs = [ vips ];
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs)
pname
version
src
sourceRoot
;
hash = "sha256-oU4dwlBdsMmgAUv1ICaOqaqucmg/TjKOZxjnxpm0qL8=";
};
buildPhase = ''
runHook preBuild
for f in $(find -path '*/node_modules/better-sqlite3' -type d); do
(cd "$f" && (
npm run build-release --offline --nodedir=${nodeSources}
find build -type f -exec \
${lib.getExe removeReferencesTo} \
-t "${nodeSources}" {} \;
))
done
makeWrapper "${lib.getExe nodejs}" "$out/bin/pds" \
--add-flags --enable-source-maps \
--add-flags "$out/lib/pds/index.js" \
@ -95,4 +122,4 @@ buildNpmPackage rec {
platforms = lib.platforms.unix;
mainProgram = "pds";
};
}
})

View file

@ -15,13 +15,15 @@ stdenvNoCC.mkDerivation (finalAttrs: {
patches = [ ./pdsadmin-offline.patch ];
nativeBuildInputs = [
makeBinaryWrapper
];
buildInputs = [
bash
];
nativeBuildInputs = [
makeBinaryWrapper
];
strictDeps = true;
buildPhase = ''
runHook preBuild