diff --git a/flake.lock b/flake.lock index 1aae649..c115766 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1648942457, - "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", + "lastModified": 1652712410, + "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", "owner": "ryantm", "repo": "agenix", - "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", + "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", "type": "github" }, "original": { @@ -29,11 +29,11 @@ ] }, "locked": { - "lastModified": 1648332543, - "narHash": "sha256-9FWmFNLCOp4y0I8Yb4GvgGXxtDq3nBDSTI9qyCi2LJ4=", + "lastModified": 1652972885, + "narHash": "sha256-OKTV5Mi0WyDGsF6GcTwWkgJPNRkskD5yqCZZmghZYHI=", "owner": "kamadorueda", "repo": "alejandra", - "rev": "5cbb3486c7959646f452830c0a223edc5db5b951", + "rev": "69d2075e432c562099965829d8bc4da701b10d20", "type": "github" }, "original": { @@ -67,7 +67,7 @@ "locked": { "lastModified": 1638903228, "narHash": "sha256-mEbLD0A9gp159pFtdK4n1Yp2uFSE1T2nOr8BkfwgrC8=", - "ref": "master", + "ref": "refs/heads/master", "rev": "0d11e93f47be21051683e1b38f6b0dcb3f0a71cf", "revCount": 244, "type": "git", @@ -86,11 +86,11 @@ ] }, "locked": { - "lastModified": 1650900878, - "narHash": "sha256-qhNncMBSa9STnhiLfELEQpYC1L4GrYHNIzyCZ/pilsI=", + "lastModified": 1653308769, + "narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=", "owner": "numtide", "repo": "devshell", - "rev": "d97df53b5ddaa1cfbea7cddbd207eb2634304733", + "rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548", "type": "github" }, "original": { @@ -114,11 +114,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1650924659, - "narHash": "sha256-tWF0/yM+5yB5NSvc3NXAhkya4KSswKczzrTkFR6DucY=", + "lastModified": 1653135531, + "narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=", "owner": "nix-community", "repo": "dream2nix", - "rev": "c93972bd52977de332812fcc97ff77f8b85bcf42", + "rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82", "type": "github" }, "original": { @@ -333,11 +333,11 @@ ] }, "locked": { - "lastModified": 1651007090, - "narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=", + "lastModified": 1653340164, + "narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=", "owner": "nix-community", "repo": "home-manager", - "rev": "778af87a981eb2bfa3566dff8c3fb510856329ef", + "rev": "e66f0ff69a6c0698b35034b842c4b68814440778", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1650040615, - "narHash": "sha256-kUpPsz2XRBaXuJ/z9tAtL5TLTApdwrcHCmzzfmARn58=", - "ref": "master", - "rev": "0883a093d9d23401ddac12b3a94f38c8ed135428", - "revCount": 11896, + "lastModified": 1652724099, + "narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=", + "ref": "refs/heads/master", + "rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527", + "revCount": 12055, "type": "git", "url": "https://git.privatevoid.net/max/nix-super-fork" }, @@ -606,11 +606,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1650998007, - "narHash": "sha256-NcJnbGDBBN023x8s3ll3HZxBcQoPq1ry9E2sjg+4flc=", + "lastModified": 1653319070, + "narHash": "sha256-Z3cv967iN6mXgxhq1cjOoPod23XgNttCWHXMnMZUq9E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a3917caedfead19f853aa5769de4c3ea4e4db584", + "rev": "1c813bbdc330b45fe922c642eb610902aecd5673", "type": "github" }, "original": { @@ -710,7 +710,24 @@ "mms": "mms", "nar-serve": "nar-serve", "nix-super": "nix-super", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_6", + "unstable": "unstable" + } + }, + "unstable": { + "locked": { + "lastModified": 1653315696, + "narHash": "sha256-7tLCnzCz/fq86NEoF9+g/NkQRA2J+nkgytc7l2HuWnY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c11d9597c1b3cdc4fb44cbab48deec2cfbaa5281", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" } }, "utils": { diff --git a/flake.nix b/flake.nix index bc6321d..e004e7f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small"; + unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork"; nix-super.inputs.nixpkgs.follows = "nixpkgs"; @@ -65,7 +66,7 @@ mkDeployEffect = branch: name: host: let subdomain = host.enterprise.subdomain or "services"; hostname = "${lib.toLower name}.${subdomain}.${meta.domain}"; - in effects.runIf (branch == "master") (effects.runNixOS { + in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS { requiredSystemFeatures = [ "hci-deploy-agent-nixos" ]; config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; }; secretsMap.ssh = "deploy-ssh"; diff --git a/hosts/VEGAS/services/searxng/default.nix b/hosts/VEGAS/services/searxng/default.nix new file mode 100644 index 0000000..0dc84ec --- /dev/null +++ b/hosts/VEGAS/services/searxng/default.nix @@ -0,0 +1,30 @@ +{ config, inputs, lib, pkgs, tools, ... }: +let + port = config.portsStr.searxng; +in +{ + reservePortsFor = [ "searxng" ]; + + age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age; + services.searx = { + enable = true; + runInUwsgi = true; + package = inputs.self.packages.${pkgs.system}.searxng; + environmentFile = config.age.secrets.searxng-secrets.path; + settings = { + server = { + secret_key = "@SEARXNG_SECRET@"; + }; + }; + uwsgiConfig = { + http = "127.0.0.1:${port}"; + cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1"; + buffer-size = 65536; + env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"]; + disable-logging = true; + }; + }; + services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") { + extraConfig = "access_log off;"; + }; +} diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix index a0a06ae..6bf0487 100644 --- a/hosts/VEGAS/system.nix +++ b/hosts/VEGAS/system.nix @@ -35,6 +35,7 @@ ./services/nix/binary-cache.nix ./services/nix/nar-serve.nix ./services/object-storage + ./services/searxng ./services/sips ./services/sso ./services/uptime-kuma diff --git a/packages/projects.nix b/packages/projects.nix index 1041fce..e25e5de 100644 --- a/packages/projects.nix +++ b/packages/projects.nix @@ -1,6 +1,7 @@ { pkgs, inputs, system, ... }@args: let inherit (pkgs) lib; + inherit (inputs) unstable; dream2nix = inputs.dream2nix.lib2.init { systems = [ system ]; config = { @@ -13,9 +14,10 @@ let }); mkShell = import lib/devshell.nix args; + in { - packages = { + packages = rec { ghost = let version = "4.41.3"; dream = dream2nix.makeFlakeOutputs { @@ -53,6 +55,16 @@ in meta.mainProgram = "reflex"; }; + searxng = let + scope = pkgs.python3Packages.overrideScope (final: prev: let + pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName: + final.callPackage "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {} + ); + in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]); + in pkgs.callPackage ./web-apps/searxng rec { + python3Packages = scope; + }; + sips = pkgs.callPackage ./servers/sips { }; }; diff --git a/packages/web-apps/searxng/default.nix b/packages/web-apps/searxng/default.nix new file mode 100644 index 0000000..131d069 --- /dev/null +++ b/packages/web-apps/searxng/default.nix @@ -0,0 +1,55 @@ +{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }: + +with python3Packages; + +toPythonModule (buildPythonApplication rec { + pname = "searxng"; + version = "20220520"; + + src = fetchFromGitHub { + owner = "searxng"; + repo = "searxng"; + rev = "61535a4c206aa247a6fa87697b70668048086e27"; + sha256 = "sha256-Ek/YZ4YzXxA/spmEAgcqItSmsYa/aVTeOBZbFPqNpJ4="; + }; + + postPatch = '' + sed -i 's/==.*$//' requirements.txt + ''; + + preBuild = '' + export SEARX_DEBUG="true"; + ''; + + propagatedBuildInputs = [ + Babel + certifi + python-dateutil + flask + flaskbabel + brotli + jinja2 + langdetect + lxml + h2 + pygments + pyyaml + redis + uvloop + setproctitle + httpx + httpx-socks + markdown-it-py + ]; + + # tests try to connect to network + doCheck = false; + + pythonImportsCheck = [ "searx" ]; + + postInstall = '' + # Create a symlink for easier access to static data + mkdir -p $out/share + ln -s ../${python3.sitePackages}/searx/static $out/share/ + ''; +}) diff --git a/secrets/searxng-secrets.age b/secrets/searxng-secrets.age new file mode 100644 index 0000000..7a95fb9 --- /dev/null +++ b/secrets/searxng-secrets.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 NO562A o9pCQmL63KDruN/Gg/HshjgwhLE+JTl2pf7LvUaTRgQ +0ce3ziGDsBAQDWN2m/wcmhrG3Clwg2uAn5sWOISQRSU +-> ssh-ed25519 5/zT0w 7knP/WouF96lob3C6d1Pbs7+UujopARgw4g5oFoAlwg +lMCk97Hn+MwrgX1gpzyQwwSvcGAkoEqo7CDoDt52hL0 +-> ssh-ed25519 d3WGuA yy+s/ktB3e16m7vrvE9T8fWleEjdTVcBsnOFsalK+1A +Xy4VSB8bJlKgCnm9XPdg7ntbD6shYVgMUH+OHcpfhHk +-> 0l-grease KU= d*EvjiX8 ] >:U +WYZYD6eSEKEVQPkb3XUVk/4EKnAxD9IQoMJmCtabDUkXsznlZxjbVvTIfyuermh2 + +--- CB9M2EiC80aVNSFJWHQroQyqp07mryoDCOWv5PEKGjs +%M: ,.ϳ/!ae,>Sw[L}(F&,j&"u %= Y%͔kձZlΨ+Skш] ÞH9KQg:V\sy% F~vBՃZemX;TŴ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f0fe63a..44803d2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -35,6 +35,7 @@ in with hosts; "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ]; + "searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];