From 1ea3e3d2eb90ab0a794ac190aae94e5287482894 Mon Sep 17 00:00:00 2001 From: Pedro Rey Anca Date: Sat, 27 Dec 2025 14:06:12 +0100 Subject: [PATCH 1/3] Update vars via generator searx for machine beagle --- .../searx/credentials-file/machines/beagle | 1 + .../beagle/searx/credentials-file/secret | 22 +++++++++++++++++++ .../beagle/searx/credentials-file/users/pedro | 1 + 3 files changed, 24 insertions(+) create mode 120000 vars/per-machine/beagle/searx/credentials-file/machines/beagle create mode 100644 vars/per-machine/beagle/searx/credentials-file/secret create mode 120000 vars/per-machine/beagle/searx/credentials-file/users/pedro diff --git a/vars/per-machine/beagle/searx/credentials-file/machines/beagle b/vars/per-machine/beagle/searx/credentials-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/searx/credentials-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/searx/credentials-file/secret b/vars/per-machine/beagle/searx/credentials-file/secret new file mode 100644 index 0000000..88f6009 --- /dev/null +++ b/vars/per-machine/beagle/searx/credentials-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:6ChD8x6SoPaXkbRiOhPtLQi7Re+dXkPyIylpCRKbIU3MLkUgt4qlNKQPOpLH8Kqm2bvUQ6m0eKlMfIdxW7hfZmZnJJ0xqjeaAtlsOQkLrGOiGINd7AIQR/JzcxNAPhUy7kDOxJpu/tL3emG+AC7SSM41isUmFWJUOlokBFOIcah4gdFRqtIpH4RoLEEOTI61XWc=,iv:pycKyu8DbOIpNVMSk+fxbD4q9HlvcvZ29hO5ZKt/nCE=,tag:WsaHkmyIlGThsaUSIlpvHA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VkJCNlVSNUFBWTRxTGha\nYjg2SEIwREEzY3dJU1EvUUNLc0pPTG54ZmxRCndNbThWako3cm11VDd3Zlkzd2RK\ndVlEYzNraTJSK3lLYjh0K1VMUUxGVFEKLS0tIEN5ODQ2SkVnNGIrcVlpVVRHZHIx\nbVpvbFphQVdmTXFxMTMrMkdEaVg5Z0kKWPbjeciIjsNPIExBMvRHvfUhaDibDWet\nP94LhgEdwP0P81fEY+kXBcSDpSvpBlOmy+5irJnnycZxbcUo7APSQA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc1NaeUlxYnQyV1QrcmU3\neEsxZmc4dEJJS3BrNkZzV3h0eUdEWU5ZZXlzCjYwbVRJMzFFS0pYVjZEcjdUQzFR\nL1dZRTBCWlNlbjV3YWQyQksreE1BZDAKLS0tIGxlekJERWVBUW5sNCtmMGpBTUhq\ndEhXMThxWWpSeW5CZWpPZ3NhdmxHVE0KLcumlX/WnKeUA1IGljYEl0p8bOZumTxo\nWxKTUV5noeNFStsyZM3t7nnrb61c7LbDPhw5iMeRCCTg5h8lDHobWg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdzJxNFRPaFpBK1RtNDdn\nVXhMNm52V2p1WXFqVGMwN1JyRFRyczZ0N3dNClY1YU5KNkNPWGJwK3NieWhvZzNU\neWlkQUJsZFJrdE90TXZjS3IzUEhRTTQKLS0tIHJCRWdEQmhlaTNiNUMzMDBLY3Q3\nMzgyUlBaaThxeGdGSmdxVEtwdE5rcFkKN0jk27yKXmsAF1p9Yd5ovWCZX6UAHUcd\nIF0tguoT1QgkFDO8ur9FbJCLwJeB2Cn+tPktpWZoxZ6XfepcSQosUA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-12-27T13:06:12Z", + "mac": "ENC[AES256_GCM,data:wvtVJx1mXIpvJsn3d1wP6n/D8U5N1BD19XGGVCg/DOUlauoi9HWycBF85zINg1qgksgJLDL/j5dsAz+guRxW7XuW0a5mWgtWs5W1G2Lp7DhHznUyA6y1LBzmD2RdSO5ZQl3ma0w+Zyl4KI4/CI/VNy/Yy1K8lqW2u6xG31eoOgo=,iv:J3uCdT2ZKPvEwUD/ERK4VK3hAnvNe/0wzJDGLf9aOz0=,tag:Sap5JOCrZElahv6JvZ/YUg==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/searx/credentials-file/users/pedro b/vars/per-machine/beagle/searx/credentials-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/searx/credentials-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file From 6540e7e33f7e0dfe7c60b4b5e1463535762b21f6 Mon Sep 17 00:00:00 2001 From: Pedro Rey Anca Date: Sat, 27 Dec 2025 14:09:50 +0100 Subject: [PATCH 2/3] Update vars via generator searx for machine beagle --- .../searx/environment-file/machines/beagle | 1 + .../beagle/searx/environment-file/secret | 22 +++++++++++++++++++ .../beagle/searx/environment-file/users/pedro | 1 + 3 files changed, 24 insertions(+) create mode 120000 vars/per-machine/beagle/searx/environment-file/machines/beagle create mode 100644 vars/per-machine/beagle/searx/environment-file/secret create mode 120000 vars/per-machine/beagle/searx/environment-file/users/pedro diff --git a/vars/per-machine/beagle/searx/environment-file/machines/beagle b/vars/per-machine/beagle/searx/environment-file/machines/beagle new file mode 120000 index 0000000..ad4f57d --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/machines/beagle @@ -0,0 +1 @@ +../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/searx/environment-file/secret b/vars/per-machine/beagle/searx/environment-file/secret new file mode 100644 index 0000000..8110177 --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/secret @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:r1WBkckhbqVdTY/xQ2spdJABHu2htdWebhgk5UYt7/ZXjzyoyk79sHxPZd/f1QRqUv9og9d+XHwhbBeazRhNvnrn2VflBAS8Oi2MnrDvnMbDPJtWHD+r2r0cLW97hRXKfnyjhyg02bSlwAHqvrPSTTklt+uOq6sc6m/8JWBPfPyYCJbxiX23M35J/SK3b8RDUC4=,iv:4FG2RYZWCoL44JxFwln0+xO7XJs99mcrjwCAwCvo+C4=,tag:qkqkYDFHGHZ03sZ86e9HsQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TTZVd1F6cUJEK0ZNM0lU\ndVZUSlI4ZnZQcW9QV1lNa2ZvemR5QjFmb2pjCm55QmExdHpDR0pyZk5LR3R2Vm1h\nRGp0bUlBdHgvblJoc1NCZmNUTTZkdjgKLS0tIGtNVzMyVE9IcUM5b0IxZjFiQnhB\nKzhvYTlnSGpzdlNrQkVDMS90ZzFZanMKGoaZX8gLBeLzVO2XOb0COS/C/zsDd/cO\nKqQoes2MDC8seFaccHSQuQg2zSXx8c4yoeoZEbmCfqoZ8CPmy4e1gA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSWd5T0FLczFqekhGeUpD\nTHozRk9LeG0wVFdxVysrdjVvK3lOSzJadjM4CnkzQkdPWW9ReVU3UlFBWGJOc01S\nbUhqTSt2ZGtYY2NlYjlKcEQ4MkxtWjAKLS0tIGszVzJoSjB5U0o4eDZZakZZZ0Z0\ncU5NYmFLc1MyQTZiM2NwNjN5eHU0UDgKj3g/36vy/+YVhznJxVXwldiGl51P1Sj4\nlS1gu2i3I6r+XvBh8f/V0dEKiyvU+CaE5gkdVvWNWPriGt0kI9VAcg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd1Y3SmRKMmtDZlk0L01r\nVXZ1WEhUcTZveUwxWkdIZUdhVlJPRWl2ZGdnCmIrYXFwMnFXS0pIT1dpaml3U0NL\naTJiZkhNNzhMTmR1SGpzMEZ3WlRXOGsKLS0tIC9GbU85NjR5VDJxL21OWlNRL0U3\nUldQZEZubGZpZlJ6ZysyOGFLMTFoVnMKFvwUrIkgz9NeL+3gUj1p2DKhjKIB05QR\n/j6HXHxRMvyNhd/mxVwwng4QLmPpTiX6BczOFwCHJf6w41dJAQDexQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-12-27T13:09:50Z", + "mac": "ENC[AES256_GCM,data:0opYF8mB+AEXHsoOspbwpGDhF7M4i8cWOoJW1JC9kPSpV8Q1Y4PU8+OscYhjxq2+rtRPexvTbi/Kz/HCYSdNiiFlmm88yos17DQbOlQuE4kcu1A3vcayxYCNj7LUQI6LM/MPx9vPzrz812yWp5et2AKJr3ukJxtFuIce2uF3r28=,iv:GxbtKpPjkGpxLNzjslsTOTZcvLktVSE2h+5Y/GJN9+c=,tag:0Z6bVBpKn0+iA09kbBve7w==,type:str]", + "version": "3.11.0" + } +} diff --git a/vars/per-machine/beagle/searx/environment-file/users/pedro b/vars/per-machine/beagle/searx/environment-file/users/pedro new file mode 120000 index 0000000..ae0c694 --- /dev/null +++ b/vars/per-machine/beagle/searx/environment-file/users/pedro @@ -0,0 +1 @@ +../../../../../../sops/users/pedro \ No newline at end of file From cf5fbef43c1f13e0e7e6a3f7a322789e3419b211 Mon Sep 17 00:00:00 2001 From: Pedro Rey Anca Date: Sat, 27 Dec 2025 14:17:24 +0100 Subject: [PATCH 3/3] beagle: setup SearX(NG) --- machines/beagle/configuration.nix | 1 + machines/beagle/modules/reverse-proxy.nix | 9 +++++++ machines/beagle/modules/searx.nix | 27 +++++++++++++++++++ .../searx/credentials-file/machines/beagle | 1 - .../beagle/searx/credentials-file/secret | 22 --------------- .../beagle/searx/credentials-file/users/pedro | 1 - 6 files changed, 37 insertions(+), 24 deletions(-) create mode 100644 machines/beagle/modules/searx.nix delete mode 120000 vars/per-machine/beagle/searx/credentials-file/machines/beagle delete mode 100644 vars/per-machine/beagle/searx/credentials-file/secret delete mode 120000 vars/per-machine/beagle/searx/credentials-file/users/pedro diff --git a/machines/beagle/configuration.nix b/machines/beagle/configuration.nix index d144a3c..75f6542 100644 --- a/machines/beagle/configuration.nix +++ b/machines/beagle/configuration.nix @@ -2,6 +2,7 @@ imports = [ ./modules/kanidm.nix ./modules/matrix.nix + ./modules/searx.nix ./modules/reverse-proxy.nix ]; } diff --git a/machines/beagle/modules/reverse-proxy.nix b/machines/beagle/modules/reverse-proxy.nix index fea3844..040a328 100644 --- a/machines/beagle/modules/reverse-proxy.nix +++ b/machines/beagle/modules/reverse-proxy.nix @@ -50,6 +50,15 @@ ''; }; }; + + "searx.peprolinbot.com" = { + forceSSL = true; + enableACME = true; + + # Rest of configuration done in services.searx.configreNginx + + }; + }; }; } diff --git a/machines/beagle/modules/searx.nix b/machines/beagle/modules/searx.nix new file mode 100644 index 0000000..ef66d2b --- /dev/null +++ b/machines/beagle/modules/searx.nix @@ -0,0 +1,27 @@ +{ config, ... }: +{ + clan.core.vars.generators.searx = { + prompts.secret-key = { + description = "SearX server.secret_key"; + type = "hidden"; + }; + + files.environment-file.secret = true; + script = '' + cat < $out/environment-file + SEARX_SECRET_KEY=$(<$prompts/secret-key) + EOL + ''; + }; + + services.searx = { + enable = true; + domain = "searx.peprolinbot.com"; + configureNginx = true; + redisCreateLocally = true; + environmentFile = config.clan.core.vars.generators.searx.files.environment-file.path; + settings = { + server.secret_key = "$SEARX_SECRET_KEY"; + }; + }; +} diff --git a/vars/per-machine/beagle/searx/credentials-file/machines/beagle b/vars/per-machine/beagle/searx/credentials-file/machines/beagle deleted file mode 120000 index ad4f57d..0000000 --- a/vars/per-machine/beagle/searx/credentials-file/machines/beagle +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/beagle \ No newline at end of file diff --git a/vars/per-machine/beagle/searx/credentials-file/secret b/vars/per-machine/beagle/searx/credentials-file/secret deleted file mode 100644 index 88f6009..0000000 --- a/vars/per-machine/beagle/searx/credentials-file/secret +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:6ChD8x6SoPaXkbRiOhPtLQi7Re+dXkPyIylpCRKbIU3MLkUgt4qlNKQPOpLH8Kqm2bvUQ6m0eKlMfIdxW7hfZmZnJJ0xqjeaAtlsOQkLrGOiGINd7AIQR/JzcxNAPhUy7kDOxJpu/tL3emG+AC7SSM41isUmFWJUOlokBFOIcah4gdFRqtIpH4RoLEEOTI61XWc=,iv:pycKyu8DbOIpNVMSk+fxbD4q9HlvcvZ29hO5ZKt/nCE=,tag:WsaHkmyIlGThsaUSIlpvHA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VkJCNlVSNUFBWTRxTGha\nYjg2SEIwREEzY3dJU1EvUUNLc0pPTG54ZmxRCndNbThWako3cm11VDd3Zlkzd2RK\ndVlEYzNraTJSK3lLYjh0K1VMUUxGVFEKLS0tIEN5ODQ2SkVnNGIrcVlpVVRHZHIx\nbVpvbFphQVdmTXFxMTMrMkdEaVg5Z0kKWPbjeciIjsNPIExBMvRHvfUhaDibDWet\nP94LhgEdwP0P81fEY+kXBcSDpSvpBlOmy+5irJnnycZxbcUo7APSQA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc1NaeUlxYnQyV1QrcmU3\neEsxZmc4dEJJS3BrNkZzV3h0eUdEWU5ZZXlzCjYwbVRJMzFFS0pYVjZEcjdUQzFR\nL1dZRTBCWlNlbjV3YWQyQksreE1BZDAKLS0tIGxlekJERWVBUW5sNCtmMGpBTUhq\ndEhXMThxWWpSeW5CZWpPZ3NhdmxHVE0KLcumlX/WnKeUA1IGljYEl0p8bOZumTxo\nWxKTUV5noeNFStsyZM3t7nnrb61c7LbDPhw5iMeRCCTg5h8lDHobWg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdzJxNFRPaFpBK1RtNDdn\nVXhMNm52V2p1WXFqVGMwN1JyRFRyczZ0N3dNClY1YU5KNkNPWGJwK3NieWhvZzNU\neWlkQUJsZFJrdE90TXZjS3IzUEhRTTQKLS0tIHJCRWdEQmhlaTNiNUMzMDBLY3Q3\nMzgyUlBaaThxeGdGSmdxVEtwdE5rcFkKN0jk27yKXmsAF1p9Yd5ovWCZX6UAHUcd\nIF0tguoT1QgkFDO8ur9FbJCLwJeB2Cn+tPktpWZoxZ6XfepcSQosUA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-12-27T13:06:12Z", - "mac": "ENC[AES256_GCM,data:wvtVJx1mXIpvJsn3d1wP6n/D8U5N1BD19XGGVCg/DOUlauoi9HWycBF85zINg1qgksgJLDL/j5dsAz+guRxW7XuW0a5mWgtWs5W1G2Lp7DhHznUyA6y1LBzmD2RdSO5ZQl3ma0w+Zyl4KI4/CI/VNy/Yy1K8lqW2u6xG31eoOgo=,iv:J3uCdT2ZKPvEwUD/ERK4VK3hAnvNe/0wzJDGLf9aOz0=,tag:Sap5JOCrZElahv6JvZ/YUg==,type:str]", - "version": "3.11.0" - } -} diff --git a/vars/per-machine/beagle/searx/credentials-file/users/pedro b/vars/per-machine/beagle/searx/credentials-file/users/pedro deleted file mode 120000 index ae0c694..0000000 --- a/vars/per-machine/beagle/searx/credentials-file/users/pedro +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/pedro \ No newline at end of file