From ed3e05dc9676f3f25696d335b98382a9bd898594 Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Thu, 18 Jan 2024 07:44:16 +0100
Subject: [PATCH] Set up initial whoogle config

---
 home/features/cli/ssh.nix                     |  3 +++
 .../nixos/common/global/services/openssh.nix  |  3 +++
 .../nixos/common/global/wireless/default.nix  |  4 +++
 hosts/nixos/common/optional/podman.nix        | 10 +++++++
 hosts/nixos/lapetus/default.nix               |  1 +
 hosts/nixos/lapetus/services/whoogle.nix      | 26 +++++++++++++++++++
 6 files changed, 47 insertions(+)
 create mode 100644 hosts/nixos/common/optional/podman.nix
 create mode 100644 hosts/nixos/lapetus/services/whoogle.nix

diff --git a/home/features/cli/ssh.nix b/home/features/cli/ssh.nix
index a7c51d5..f702010 100644
--- a/home/features/cli/ssh.nix
+++ b/home/features/cli/ssh.nix
@@ -2,4 +2,7 @@
   programs.ssh.enable = true;
 
   satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];
+
+  # Makes it easy to copy ssh keys at install time without messing up permissions
+  systemd.user.tmpfiles.rules = [ "d /persist/state/home/adrielus/ssh/.ssh/etc/ssh" ];
 }
diff --git a/hosts/nixos/common/global/services/openssh.nix b/hosts/nixos/common/global/services/openssh.nix
index 4ddae5e..e92aef7 100644
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@@ -62,4 +62,7 @@ in
         (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
     ];
   };
+
+  # Makes it easy to copy host keys at install time without messing up permissions
+  systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ];
 }
diff --git a/hosts/nixos/common/global/wireless/default.nix b/hosts/nixos/common/global/wireless/default.nix
index 3b71b5c..aa1404e 100644
--- a/hosts/nixos/common/global/wireless/default.nix
+++ b/hosts/nixos/common/global/wireless/default.nix
@@ -56,4 +56,8 @@
     # TODO: investigate why this doesn't work
     # "/etc/wpa_supplicant.conf"
   ];
+
+
+  # The service seems to fail if this file does not exist
+  systemd.tmpfiles.rules = [ "f /etc/wpa_supplicant.conf" ];
 }
diff --git a/hosts/nixos/common/optional/podman.nix b/hosts/nixos/common/optional/podman.nix
new file mode 100644
index 0000000..36f96c5
--- /dev/null
+++ b/hosts/nixos/common/optional/podman.nix
@@ -0,0 +1,10 @@
+{
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerCompat = true;
+    };
+
+    oci-containers.backend = "podman";
+  };
+}
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index 5e5c2aa..14e59b1 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -5,6 +5,7 @@
     ../common/optional/services/slambda.nix
 
     ./services/syncthing.nix
+    ./services/whoogle.nix
     ./filesystems
     ./hardware
   ];
diff --git a/hosts/nixos/lapetus/services/whoogle.nix b/hosts/nixos/lapetus/services/whoogle.nix
new file mode 100644
index 0000000..9848682
--- /dev/null
+++ b/hosts/nixos/lapetus/services/whoogle.nix
@@ -0,0 +1,26 @@
+{ lib, ... }:
+let
+  port = 8401;
+  websiteBlocklist = [
+    "www.saashub.com/"
+    "slant.co"
+    "nix-united.com"
+    "libhunt.com"
+  ];
+in
+{
+  imports = [ ../../common/optional/podman.nix ];
+
+  networking.firewall.allowedTCPPorts = [ port ];
+  virtualisation.oci-containers.whoogle-search = {
+    image = "benbusby/whoogle-search";
+    autoStart = true;
+    ports = "${port}:5000"; # server:docker
+    environment = {
+      WHOOGLE_UPDATE_CHECK = 0;
+      WHOOGLE_CONFIG_DISABLE = 0;
+      WHOOGLE_CONFIG_BLOCK = lib.concatStringsSep websiteBlocklist;
+      WHOOGLE_CONFIG_THEME = "system";
+    };
+  };
+}