diff --git a/machines/beagle/configuration.nix b/machines/beagle/configuration.nix index d144a3c..75f6542 100644 --- a/machines/beagle/configuration.nix +++ b/machines/beagle/configuration.nix @@ -2,6 +2,7 @@ imports = [ ./modules/kanidm.nix ./modules/matrix.nix + ./modules/searx.nix ./modules/reverse-proxy.nix ]; } diff --git a/machines/beagle/modules/reverse-proxy.nix b/machines/beagle/modules/reverse-proxy.nix index fea3844..040a328 100644 --- a/machines/beagle/modules/reverse-proxy.nix +++ b/machines/beagle/modules/reverse-proxy.nix @@ -50,6 +50,15 @@ ''; }; }; + + "searx.peprolinbot.com" = { + forceSSL = true; + enableACME = true; + + # Rest of configuration done in services.searx.configreNginx + + }; + }; }; } diff --git a/machines/beagle/modules/searx.nix b/machines/beagle/modules/searx.nix new file mode 100644 index 0000000..ef66d2b --- /dev/null +++ b/machines/beagle/modules/searx.nix @@ -0,0 +1,27 @@ +{ config, ... }: +{ + clan.core.vars.generators.searx = { + prompts.secret-key = { + description = "SearX server.secret_key"; + type = "hidden"; + }; + + files.environment-file.secret = true; + script = '' + cat < $out/environment-file + SEARX_SECRET_KEY=$(<$prompts/secret-key) + EOL + ''; + }; + + services.searx = { + enable = true; + domain = "searx.peprolinbot.com"; + configureNginx = true; + redisCreateLocally = true; + environmentFile = config.clan.core.vars.generators.searx.files.environment-file.path; + settings = { + server.secret_key = "$SEARX_SECRET_KEY"; + }; + }; +} diff --git a/vars/per-machine/beagle/searx/environment-file/machines/beagle b/vars/per-machine/beagle/searx/environment-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/searx/environment-file/secret b/vars/per-machine/beagle/searx/environment-file/secret new file mode 100644 index 0000000..8110177 --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:r1WBkckhbqVdTY/xQ2spdJABHu2htdWebhgk5UYt7/ZXjzyoyk79sHxPZd/f1QRqUv9og9d+XHwhbBeazRhNvnrn2VflBAS8Oi2MnrDvnMbDPJtWHD+r2r0cLW97hRXKfnyjhyg02bSlwAHqvrPSTTklt+uOq6sc6m/8JWBPfPyYCJbxiX23M35J/SK3b8RDUC4=,iv:4FG2RYZWCoL44JxFwln0+xO7XJs99mcrjwCAwCvo+C4=,tag:qkqkYDFHGHZ03sZ86e9HsQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TTZVd1F6cUJEK0ZNM0lU\ndVZUSlI4ZnZQcW9QV1lNa2ZvemR5QjFmb2pjCm55QmExdHpDR0pyZk5LR3R2Vm1h\nRGp0bUlBdHgvblJoc1NCZmNUTTZkdjgKLS0tIGtNVzMyVE9IcUM5b0IxZjFiQnhB\nKzhvYTlnSGpzdlNrQkVDMS90ZzFZanMKGoaZX8gLBeLzVO2XOb0COS/C/zsDd/cO\nKqQoes2MDC8seFaccHSQuQg2zSXx8c4yoeoZEbmCfqoZ8CPmy4e1gA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSWd5T0FLczFqekhGeUpD\nTHozRk9LeG0wVFdxVysrdjVvK3lOSzJadjM4CnkzQkdPWW9ReVU3UlFBWGJOc01S\nbUhqTSt2ZGtYY2NlYjlKcEQ4MkxtWjAKLS0tIGszVzJoSjB5U0o4eDZZakZZZ0Z0\ncU5NYmFLc1MyQTZiM2NwNjN5eHU0UDgKj3g/36vy/+YVhznJxVXwldiGl51P1Sj4\nlS1gu2i3I6r+XvBh8f/V0dEKiyvU+CaE5gkdVvWNWPriGt0kI9VAcg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd1Y3SmRKMmtDZlk0L01r\nVXZ1WEhUcTZveUwxWkdIZUdhVlJPRWl2ZGdnCmIrYXFwMnFXS0pIT1dpaml3U0NL\naTJiZkhNNzhMTmR1SGpzMEZ3WlRXOGsKLS0tIC9GbU85NjR5VDJxL21OWlNRL0U3\nUldQZEZubGZpZlJ6ZysyOGFLMTFoVnMKFvwUrIkgz9NeL+3gUj1p2DKhjKIB05QR\n/j6HXHxRMvyNhd/mxVwwng4QLmPpTiX6BczOFwCHJf6w41dJAQDexQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-12-27T13:09:50Z", + "mac": "ENC[AES256_GCM,data:0opYF8mB+AEXHsoOspbwpGDhF7M4i8cWOoJW1JC9kPSpV8Q1Y4PU8+OscYhjxq2+rtRPexvTbi/Kz/HCYSdNiiFlmm88yos17DQbOlQuE4kcu1A3vcayxYCNj7LUQI6LM/MPx9vPzrz812yWp5et2AKJr3ukJxtFuIce2uF3r28=,iv:GxbtKpPjkGpxLNzjslsTOTZcvLktVSE2h+5Y/GJN9+c=,tag:0Z6bVBpKn0+iA09kbBve7w==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/searx/environment-file/users/pedro b/vars/per-machine/beagle/searx/environment-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file