diff --git a/README.md b/README.md index 677971c..32b2a22 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- home assistant virtual machine -- searxng docker +- searxng - nextcloud ??? - samba mounts - firefox declarative??? diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3e6464..7d44a14 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -84,6 +84,18 @@ default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; + searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "search"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that searx will be hosted at"; + default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -92,6 +104,9 @@ "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; virtualisation = { @@ -234,8 +249,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns_config.base_domain = config.apps.base_domain; + # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -274,6 +289,18 @@ }; }; + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + base_url = config.apps.searx.hostname; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -300,6 +327,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; + ${config.apps.searx.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + }; }; }; }; @@ -309,8 +341,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081 and 8082 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; + # TODO: remove 8081, 8082, 8083 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 9f0181a..0e62de9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1728659696, - "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1728650932, - "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", + "lastModified": 1729321331, + "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", "owner": "nix-community", "repo": "home-manager", - "rev": "65ae9c147349829d3df0222151f53f79821c5134", + "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1728179514, - "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", + "lastModified": 1729302344, + "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", + "rev": "a2a26f1bada2202572599346eb952bd3e130af66", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1729333370, + "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1727152771, - "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "lastModified": 1729353554, + "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", "ref": "main", - "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", - "revCount": 2, + "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", + "revCount": 3, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, diff --git a/secrets b/secrets index 46172e9..73b4f30 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 +Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb