add searx and fix caddy cloudflare stuff
This commit is contained in:
parent
72303fd21c
commit
f8ac4c667d
SSH key fingerprint:
SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
8 changed files with 85 additions and 7 deletions
|
|
@ -118,3 +118,9 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *cy
|
- *cy
|
||||||
|
|
||||||
|
- path_regex: secrets/services/searx.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *chunk
|
||||||
|
- *cy
|
||||||
|
|
@ -60,6 +60,9 @@
|
||||||
"zipline/env" = {
|
"zipline/env" = {
|
||||||
sopsFile = ../../secrets/services/zipline.yaml;
|
sopsFile = ../../secrets/services/zipline.yaml;
|
||||||
};
|
};
|
||||||
|
"searx/env" = {
|
||||||
|
sopsFile = ../../secrets/services/searx.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
@ -197,4 +200,5 @@
|
||||||
|
|
||||||
my.roundcube.enable = true;
|
my.roundcube.enable = true;
|
||||||
my.zipline.enable = true;
|
my.zipline.enable = true;
|
||||||
|
my.searx.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -353,7 +353,7 @@
|
||||||
|
|
||||||
services.ollama.enable = false;
|
services.ollama.enable = false;
|
||||||
|
|
||||||
services.trezord.enable = false;
|
services.trezord.enable = true;
|
||||||
|
|
||||||
programs.niri.enable = false;
|
programs.niri.enable = false;
|
||||||
programs.niri.package = pkgs.niri-unstable;
|
programs.niri.package = pkgs.niri-unstable;
|
||||||
|
|
|
||||||
|
|
@ -29,10 +29,11 @@ in
|
||||||
(common) {
|
(common) {
|
||||||
encode zstd gzip
|
encode zstd gzip
|
||||||
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||||
|
tls {
|
||||||
|
dns cloudflare {$CLOUDFLARE_KEY}
|
||||||
|
resolvers 1.1.1.1 8.8.8.8
|
||||||
|
}
|
||||||
}
|
}
|
||||||
'';
|
|
||||||
globalConfig = ''
|
|
||||||
acme_dns cloudflare {$CLOUDFLARE_KEY}
|
|
||||||
'';
|
'';
|
||||||
environmentFile = config.sops.secrets."caddy/env".path;
|
environmentFile = config.sops.secrets."caddy/env".path;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,6 @@
|
||||||
./zipline.nix
|
./zipline.nix
|
||||||
./containerization.nix
|
./containerization.nix
|
||||||
./vaultwarden.nix
|
./vaultwarden.nix
|
||||||
|
./searx.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
35
modules/searx.nix
Normal file
35
modules/searx.nix
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.my.searx;
|
||||||
|
sockPath = "/run/searx/searx.sock";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.my.searx = {
|
||||||
|
enable = lib.mkEnableOption "searx";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.searx = {
|
||||||
|
enable = true;
|
||||||
|
runInUwsgi = true;
|
||||||
|
uwsgiConfig = {
|
||||||
|
disable-logging = true;
|
||||||
|
http = "127.0.0.1:8090";
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
# get secret from env
|
||||||
|
server.secret_key = "@SEARX_SECRET_KEY@";
|
||||||
|
};
|
||||||
|
environmentFile = config.sops.secrets."searx/env".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."x.cy7.sh".extraConfig = ''
|
||||||
|
import common
|
||||||
|
reverse_proxy 127.0.0.1:8090
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
caddy:
|
caddy:
|
||||||
env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str]
|
env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -33,8 +33,8 @@ sops:
|
||||||
Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
|
Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
|
||||||
AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
|
AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-01-30T17:26:39Z"
|
lastmodified: "2025-03-08T21:05:07Z"
|
||||||
mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str]
|
mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.4
|
version: 3.9.4
|
||||||
|
|
|
||||||
31
secrets/services/searx.yaml
Normal file
31
secrets/services/searx.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
searx:
|
||||||
|
env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD
|
||||||
|
Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP
|
||||||
|
WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR
|
||||||
|
d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg
|
||||||
|
XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx
|
||||||
|
cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy
|
||||||
|
OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3
|
||||||
|
ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL
|
||||||
|
W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-03-08T20:52:15Z"
|
||||||
|
mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.4
|
||||||
Loading…
Add table
Reference in a new issue