privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

Merge branch 'staging'

Browse source
This commit is contained in:
Max Headroom 2022-05-25 20:45:29 +02:00
commit 9a6ad0b080
8 changed files with 156 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
flake.lock
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1648942457,
"narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=",
"lastModified": 1652712410,
"narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
"owner": "ryantm",
"repo": "agenix",
"rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01",
"rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
"type": "github"
},
"original": {
@ -29,11 +29,11 @@
]
},
"locked": {
"lastModified": 1648332543,
"narHash": "sha256-9FWmFNLCOp4y0I8Yb4GvgGXxtDq3nBDSTI9qyCi2LJ4=",
"lastModified": 1652972885,
"narHash": "sha256-OKTV5Mi0WyDGsF6GcTwWkgJPNRkskD5yqCZZmghZYHI=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "5cbb3486c7959646f452830c0a223edc5db5b951",
"rev": "69d2075e432c562099965829d8bc4da701b10d20",
"type": "github"
},
"original": {
@ -67,7 +67,7 @@
"locked": {
"lastModified": 1638903228,
"narHash": "sha256-mEbLD0A9gp159pFtdK4n1Yp2uFSE1T2nOr8BkfwgrC8=",
"ref": "master",
"ref": "refs/heads/master",
"rev": "0d11e93f47be21051683e1b38f6b0dcb3f0a71cf",
"revCount": 244,
"type": "git",
@ -86,11 +86,11 @@
]
},
"locked": {
"lastModified": 1650900878,
"narHash": "sha256-qhNncMBSa9STnhiLfELEQpYC1L4GrYHNIzyCZ/pilsI=",
"lastModified": 1653308769,
"narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
"owner": "numtide",
"repo": "devshell",
"rev": "d97df53b5ddaa1cfbea7cddbd207eb2634304733",
"rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
"type": "github"
},
"original": {
@ -114,11 +114,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1650924659,
"narHash": "sha256-tWF0/yM+5yB5NSvc3NXAhkya4KSswKczzrTkFR6DucY=",
"lastModified": 1653135531,
"narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "c93972bd52977de332812fcc97ff77f8b85bcf42",
"rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
"type": "github"
},
"original": {
@ -333,11 +333,11 @@
]
},
"locked": {
"lastModified": 1651007090,
"narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=",
"lastModified": 1653340164,
"narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "778af87a981eb2bfa3566dff8c3fb510856329ef",
"rev": "e66f0ff69a6c0698b35034b842c4b68814440778",
"type": "github"
},
"original": {
@ -485,11 +485,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1650040615,
"narHash": "sha256-kUpPsz2XRBaXuJ/z9tAtL5TLTApdwrcHCmzzfmARn58=",
"ref": "master",
"rev": "0883a093d9d23401ddac12b3a94f38c8ed135428",
"revCount": 11896,
"lastModified": 1652724099,
"narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
"ref": "refs/heads/master",
"rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
"revCount": 12055,
"type": "git",
"url": "https://git.privatevoid.net/max/nix-super-fork"
},
@ -606,11 +606,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1650998007,
"narHash": "sha256-NcJnbGDBBN023x8s3ll3HZxBcQoPq1ry9E2sjg+4flc=",
"lastModified": 1653319070,
"narHash": "sha256-Z3cv967iN6mXgxhq1cjOoPod23XgNttCWHXMnMZUq9E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a3917caedfead19f853aa5769de4c3ea4e4db584",
"rev": "1c813bbdc330b45fe922c642eb610902aecd5673",
"type": "github"
},
"original": {
@ -710,7 +710,24 @@
"mms": "mms",
"nar-serve": "nar-serve",
"nix-super": "nix-super",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_6",
"unstable": "unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1653315696,
"narHash": "sha256-7tLCnzCz/fq86NEoF9+g/NkQRA2J+nkgytc7l2HuWnY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c11d9597c1b3cdc4fb44cbab48deec2cfbaa5281",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {

3
flake.nix
View file

@ -3,6 +3,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
nix-super.inputs.nixpkgs.follows = "nixpkgs";
@ -65,7 +66,7 @@
mkDeployEffect = branch: name: host: let
subdomain = host.enterprise.subdomain or "services";
hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
in effects.runIf (branch == "master") (effects.runNixOS {
in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS {
requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
config = self.nixosConfigurations.${name}.config // { outPath = "wtfwtfwtfwtfwtfwtf"; };
secretsMap.ssh = "deploy-ssh";

30
hosts/VEGAS/services/searxng/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, inputs, lib, pkgs, tools, ... }:
let
port = config.portsStr.searxng;
in
{
reservePortsFor = [ "searxng" ];
age.secrets.searxng-secrets.file = ../../../../secrets/searxng-secrets.age;
services.searx = {
enable = true;
runInUwsgi = true;
package = inputs.self.packages.${pkgs.system}.searxng;
environmentFile = config.age.secrets.searxng-secrets.path;
settings = {
server = {
secret_key = "@SEARXNG_SECRET@";
};
};
uwsgiConfig = {
http = "127.0.0.1:${port}";
cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=65536,bitmap=1";
buffer-size = 65536;
env = ["SEARXNG_SETTINGS_PATH=/run/searx/settings.yml"];
disable-logging = true;
};
};
services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") {
extraConfig = "access_log off;";
};
}

1
hosts/VEGAS/system.nix
View file

@ -35,6 +35,7 @@
./services/nix/binary-cache.nix
./services/nix/nar-serve.nix
./services/object-storage
./services/searxng
./services/sips
./services/sso
./services/uptime-kuma

14
packages/projects.nix
View file

@ -1,6 +1,7 @@
{ pkgs, inputs, system, ... }@args:
let
inherit (pkgs) lib;
inherit (inputs) unstable;
dream2nix = inputs.dream2nix.lib2.init {
systems = [ system ];
config = {
@ -13,9 +14,10 @@ let
});
mkShell = import lib/devshell.nix args;
in
{
packages = {
packages = rec {
ghost = let
version = "4.41.3";
dream = dream2nix.makeFlakeOutputs {
@ -53,6 +55,16 @@ in
meta.mainProgram = "reflex";
};
searxng = let
scope = pkgs.python3Packages.overrideScope (final: prev: let
pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
final.callPackage "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
);
in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
in pkgs.callPackage ./web-apps/searxng rec {
python3Packages = scope;
};
sips = pkgs.callPackage ./servers/sips { };
};

55
packages/web-apps/searxng/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ lib, nixosTests, python3, python3Packages, fetchFromGitHub, fetchpatch }:
with python3Packages;
toPythonModule (buildPythonApplication rec {
pname = "searxng";
version = "20220520";
src = fetchFromGitHub {
owner = "searxng";
repo = "searxng";
rev = "61535a4c206aa247a6fa87697b70668048086e27";
sha256 = "sha256-Ek/YZ4YzXxA/spmEAgcqItSmsYa/aVTeOBZbFPqNpJ4=";
};
postPatch = ''
sed -i 's/==.*$//' requirements.txt
'';
preBuild = ''
export SEARX_DEBUG="true";
'';
propagatedBuildInputs = [
Babel
certifi
python-dateutil
flask
flaskbabel
brotli
jinja2
langdetect
lxml
h2
pygments
pyyaml
redis
uvloop
setproctitle
httpx
httpx-socks
markdown-it-py
];
# tests try to connect to network
doCheck = false;
pythonImportsCheck = [ "searx" ];
postInstall = ''
# Create a symlink for easier access to static data
mkdir -p $out/share
ln -s ../${python3.sitePackages}/searx/static $out/share/
'';
})

12
secrets/searxng-secrets.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A o9pCQmL63KDruN/Gg/HshjgwhLE+JTl2pf7LvUaTRgQ
0ce3ziGDsBAQDWN2m/wcmhrG3Clwg2uAn5sWOISQRSU
-> ssh-ed25519 5/zT0w 7knP/WouF96lob3C6d1Pbs7+UujopARgw4g5oFoAlwg
lMCk97Hn+MwrgX1gpzyQwwSvcGAkoEqo7CDoDt52hL0
-> ssh-ed25519 d3WGuA yy+s/ktB3e16m7vrvE9T8fWleEjdTVcBsnOFsalK+1A
Xy4VSB8bJlKgCnm9XPdg7ntbD6shYVgMUH+OHcpfhHk
-> 0l-grease KU= d*EvjiX8 ] >:U
WYZYD6eSEKEVQPkb3XUVk/4EKnAxD9IQoMJmCtabDUkXsznlZxjbVvTIfyuermh2
--- CB9M2EiC80aVNSFJWHQroQyqp07mryoDCOWv5PEKGjs
½%MØõ‡ý:ç ,¾.ϳ³/ä„!aÅeüž‘½ð¾õ¹Ò,¸>¥Sw[L}««Ø(ˆFš&×÷œ,j…&ýð"£»uŠÙ <0C>´<><11>%= Y%¿ÀÍ”ÌkÕ±Z£l°ªÑóúΨâ¥+Sk‡¬Ñˆ] ÞHµþ9á®ÅÂÈKQÄøg:áVÈ\§øÓsyÂú¿<C3BA>% FÀ~vBâÕƒZemX;TÅ´

1
secrets/secrets.nix
View file

@ -35,6 +35,7 @@ in with hosts;
"nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];