Merge branch 'staging'

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1648942457,
+        "lastModified": 1652712410,
-        "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=",
+        "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01",
+        "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
         "type": "github"
       },
       "original": {
@@ -29,11 +29,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1648332543,
+        "lastModified": 1652972885,
-        "narHash": "sha256-9FWmFNLCOp4y0I8Yb4GvgGXxtDq3nBDSTI9qyCi2LJ4=",
+        "narHash": "sha256-OKTV5Mi0WyDGsF6GcTwWkgJPNRkskD5yqCZZmghZYHI=",
         "owner": "kamadorueda",
         "repo": "alejandra",
-        "rev": "5cbb3486c7959646f452830c0a223edc5db5b951",
+        "rev": "69d2075e432c562099965829d8bc4da701b10d20",
         "type": "github"
       },
       "original": {
@@ -67,7 +67,7 @@
       "locked": {
         "lastModified": 1638903228,
         "narHash": "sha256-mEbLD0A9gp159pFtdK4n1Yp2uFSE1T2nOr8BkfwgrC8=",
-        "ref": "master",
+        "ref": "refs/heads/master",
         "rev": "0d11e93f47be21051683e1b38f6b0dcb3f0a71cf",
         "revCount": 244,
         "type": "git",
@@ -86,11 +86,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1650900878,
+        "lastModified": 1653308769,
-        "narHash": "sha256-qhNncMBSa9STnhiLfELEQpYC1L4GrYHNIzyCZ/pilsI=",
+        "narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "d97df53b5ddaa1cfbea7cddbd207eb2634304733",
+        "rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
         "type": "github"
       },
       "original": {
@@ -114,11 +114,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1650924659,
+        "lastModified": 1653135531,
-        "narHash": "sha256-tWF0/yM+5yB5NSvc3NXAhkya4KSswKczzrTkFR6DucY=",
+        "narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
         "owner": "nix-community",
         "repo": "dream2nix",
-        "rev": "c93972bd52977de332812fcc97ff77f8b85bcf42",
+        "rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
         "type": "github"
       },
       "original": {
@@ -333,11 +333,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1651007090,
+        "lastModified": 1653340164,
-        "narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=",
+        "narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "778af87a981eb2bfa3566dff8c3fb510856329ef",
+        "rev": "e66f0ff69a6c0698b35034b842c4b68814440778",
         "type": "github"
       },
       "original": {
@@ -485,11 +485,11 @@
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1650040615,
+        "lastModified": 1652724099,
-        "narHash": "sha256-kUpPsz2XRBaXuJ/z9tAtL5TLTApdwrcHCmzzfmARn58=",
+        "narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
-        "ref": "master",
+        "ref": "refs/heads/master",
-        "rev": "0883a093d9d23401ddac12b3a94f38c8ed135428",
+        "rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
-        "revCount": 11896,
+        "revCount": 12055,
         "type": "git",
         "url": "https://git.privatevoid.net/max/nix-super-fork"
       },
@@ -606,11 +606,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1650998007,
+        "lastModified": 1653319070,
-        "narHash": "sha256-NcJnbGDBBN023x8s3ll3HZxBcQoPq1ry9E2sjg+4flc=",
+        "narHash": "sha256-Z3cv967iN6mXgxhq1cjOoPod23XgNttCWHXMnMZUq9E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a3917caedfead19f853aa5769de4c3ea4e4db584",
+        "rev": "1c813bbdc330b45fe922c642eb610902aecd5673",
         "type": "github"
       },
       "original": {
@@ -710,7 +710,24 @@
         "mms": "mms",
         "nar-serve": "nar-serve",
         "nix-super": "nix-super",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_6",
+        "unstable": "unstable"
+      }
+    },
+    "unstable": {
+      "locked": {
+        "lastModified": 1653315696,
+        "narHash": "sha256-7tLCnzCz/fq86NEoF9+g/NkQRA2J+nkgytc7l2HuWnY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c11d9597c1b3cdc4fb44cbab48deec2cfbaa5281",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "utils": {

flake.nix

@@ -3,6 +3,7 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
+    unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
 
     nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
     nix-super.inputs.nixpkgs.follows = "nixpkgs";
@@ -65,7 +66,7 @@
       mkDeployEffect = branch: name: host: let
         subdomain = host.enterprise.subdomain or "services";
         hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
-      in effects.runIf (branch == "master") (effects.runNixOS {
+      in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS {
         requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
         config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; };
         secretsMap.ssh = "deploy-ssh";

hosts/VEGAS/services/searxng/default.nix

@@ -0,0 +1,30 @@
+{ config, inputs, lib, pkgs, tools, ... }:
+let
+  port = config.portsStr.searxng;
+in
+{
+  reservePortsFor = [ "searxng" ];
+
+  age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age;
+  services.searx = {
+    enable = true;
+    runInUwsgi = true;
+    package = inputs.self.packages.${pkgs.system}.searxng;
+    environmentFile = config.age.secrets.searxng-secrets.path;
+    settings = {
+      server = {
+        secret_key = "@SEARXNG_SECRET@";
+      };
+    };
+    uwsgiConfig = {
+      http = "127.0.0.1:${port}";
+      cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1";
+      buffer-size = 65536;
+      env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"];
+      disable-logging = true;
+    };
+  };
+  services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") {
+    extraConfig = "access_log off;";
+  };
+}

hosts/VEGAS/system.nix

@@ -35,6 +35,7 @@
       ./services/nix/binary-cache.nix
       ./services/nix/nar-serve.nix
       ./services/object-storage
+      ./services/searxng
       ./services/sips
       ./services/sso
       ./services/uptime-kuma

packages/projects.nix

@@ -1,6 +1,7 @@
 { pkgs, inputs, system, ... }@args:
 let
   inherit (pkgs) lib;
+  inherit (inputs) unstable;
   dream2nix = inputs.dream2nix.lib2.init {
     systems = [ system ];
     config = {
@@ -13,9 +14,10 @@ let
   });
   
   mkShell = import lib/devshell.nix args;
+
 in
 {
-  packages = {
+  packages = rec {
     ghost = let
       version = "4.41.3";
       dream = dream2nix.makeFlakeOutputs {
@@ -53,6 +55,16 @@ in
       meta.mainProgram = "reflex";
     };
 
+    searxng = let
+      scope = pkgs.python3Packages.overrideScope (final: prev: let
+        pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
+          final.callPackage  "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
+        );
+      in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
+    in pkgs.callPackage ./web-apps/searxng rec {
+      python3Packages = scope;
+    };
+
     sips = pkgs.callPackage ./servers/sips { };
   };
 

packages/web-apps/searxng/default.nix

@@ -0,0 +1,55 @@
+{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }:
+
+with python3Packages;
+
+toPythonModule (buildPythonApplication rec {
+  pname = "searxng";
+  version = "20220520";
+
+  src = fetchFromGitHub {
+    owner = "searxng";
+    repo = "searxng";
+    rev = "61535a4c206aa247a6fa87697b70668048086e27";
+    sha256 = "sha256-Ek/YZ4YzXxA/spmEAgcqItSmsYa/aVTeOBZbFPqNpJ4=";
+  };
+
+  postPatch = ''
+    sed -i 's/==.*$//' requirements.txt
+  '';
+
+  preBuild = ''
+    export SEARX_DEBUG="true";
+  '';
+
+  propagatedBuildInputs = [
+    Babel
+    certifi
+    python-dateutil
+    flask
+    flaskbabel
+    brotli
+    jinja2
+    langdetect
+    lxml
+    h2
+    pygments
+    pyyaml
+    redis
+    uvloop
+    setproctitle
+    httpx
+    httpx-socks
+    markdown-it-py
+  ];
+
+  # tests try to connect to network
+  doCheck = false;
+
+  pythonImportsCheck = [ "searx" ];
+
+  postInstall = ''
+    # Create a symlink for easier access to static data
+    mkdir -p $out/share
+    ln -s ../${python3.sitePackages}/searx/static $out/share/
+  '';
+})

secrets/searxng-secrets.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A o9pCQmL63KDruN/Gg/HshjgwhLE+JTl2pf7LvUaTRgQ
+0ce3ziGDsBAQDWN2m/wcmhrG3Clwg2uAn5sWOISQRSU
+-> ssh-ed25519 5/zT0w 7knP/WouF96lob3C6d1Pbs7+UujopARgw4g5oFoAlwg
+lMCk97Hn+MwrgX1gpzyQwwSvcGAkoEqo7CDoDt52hL0
+-> ssh-ed25519 d3WGuA yy+s/ktB3e16m7vrvE9T8fWleEjdTVcBsnOFsalK+1A
+Xy4VSB8bJlKgCnm9XPdg7ntbD6shYVgMUH+OHcpfhHk
+-> 0l-grease KU= d*EvjiX8 ] >:U
+WYZYD6eSEKEVQPkb3XUVk/4EKnAxD9IQoMJmCtabDUkXsznlZxjbVvTIfyuermh2
+
+--- CB9M2EiC80aVNSFJWHQroQyqp07mryoDCOWv5PEKGjs
+½%MØõ‚‡ý:ç,¾.ϳ³/ä„!aÅeüž‘½ð¾õ¹Ò,¸>¥Sw[L}««Ø(ˆF’š&×÷œ,j…&ýð"£»uŠÙ<0C>´<><11>%=Y%¿ÀÍ”ÌkÕ±Z£l‚‚°ªÑóúΨâ¥+Sk‡¬Ñˆ]
ÞHµþ9‚á®ÅÂÈKQÄøg‚:áVÈ\§øÓsyÂú¿<C3BA>%	FÀ~vBâÕƒZemX;TÅ´

secrets/secrets.nix

@@ -35,6 +35,7 @@ in with hosts;
   "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];