From ed3e05dc9676f3f25696d335b98382a9bd898594 Mon Sep 17 00:00:00 2001 From: Matei Adriel Date: Thu, 18 Jan 2024 07:44:16 +0100 Subject: [PATCH] Set up initial whoogle config --- home/features/cli/ssh.nix | 3 +++ .../nixos/common/global/services/openssh.nix | 3 +++ .../nixos/common/global/wireless/default.nix | 4 +++ hosts/nixos/common/optional/podman.nix | 10 +++++++ hosts/nixos/lapetus/default.nix | 1 + hosts/nixos/lapetus/services/whoogle.nix | 26 +++++++++++++++++++ 6 files changed, 47 insertions(+) create mode 100644 hosts/nixos/common/optional/podman.nix create mode 100644 hosts/nixos/lapetus/services/whoogle.nix diff --git a/home/features/cli/ssh.nix b/home/features/cli/ssh.nix index a7c51d5..f702010 100644 --- a/home/features/cli/ssh.nix +++ b/home/features/cli/ssh.nix @@ -2,4 +2,7 @@ programs.ssh.enable = true; satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ]; + + # Makes it easy to copy ssh keys at install time without messing up permissions + systemd.user.tmpfiles.rules = [ "d /persist/state/home/adrielus/ssh/.ssh/etc/ssh" ]; } diff --git a/hosts/nixos/common/global/services/openssh.nix b/hosts/nixos/common/global/services/openssh.nix index 4ddae5e..e92aef7 100644 --- a/hosts/nixos/common/global/services/openssh.nix +++ b/hosts/nixos/common/global/services/openssh.nix @@ -62,4 +62,7 @@ in (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)) ]; }; + + # Makes it easy to copy host keys at install time without messing up permissions + systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ]; } diff --git a/hosts/nixos/common/global/wireless/default.nix b/hosts/nixos/common/global/wireless/default.nix index 3b71b5c..aa1404e 100644 --- a/hosts/nixos/common/global/wireless/default.nix +++ b/hosts/nixos/common/global/wireless/default.nix @@ -56,4 +56,8 @@ # TODO: investigate why this doesn't work # "/etc/wpa_supplicant.conf" ]; + + + # The service seems to fail if this file does not exist + systemd.tmpfiles.rules = [ "f /etc/wpa_supplicant.conf" ]; } diff --git a/hosts/nixos/common/optional/podman.nix b/hosts/nixos/common/optional/podman.nix new file mode 100644 index 0000000..36f96c5 --- /dev/null +++ b/hosts/nixos/common/optional/podman.nix @@ -0,0 +1,10 @@ +{ + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + }; + + oci-containers.backend = "podman"; + }; +} diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix index 5e5c2aa..14e59b1 100644 --- a/hosts/nixos/lapetus/default.nix +++ b/hosts/nixos/lapetus/default.nix @@ -5,6 +5,7 @@ ../common/optional/services/slambda.nix ./services/syncthing.nix + ./services/whoogle.nix ./filesystems ./hardware ]; diff --git a/hosts/nixos/lapetus/services/whoogle.nix b/hosts/nixos/lapetus/services/whoogle.nix new file mode 100644 index 0000000..9848682 --- /dev/null +++ b/hosts/nixos/lapetus/services/whoogle.nix @@ -0,0 +1,26 @@ +{ lib, ... }: +let + port = 8401; + websiteBlocklist = [ + "www.saashub.com/" + "slant.co" + "nix-united.com" + "libhunt.com" + ]; +in +{ + imports = [ ../../common/optional/podman.nix ]; + + networking.firewall.allowedTCPPorts = [ port ]; + virtualisation.oci-containers.whoogle-search = { + image = "benbusby/whoogle-search"; + autoStart = true; + ports = "${port}:5000"; # server:docker + environment = { + WHOOGLE_UPDATE_CHECK = 0; + WHOOGLE_CONFIG_DISABLE = 0; + WHOOGLE_CONFIG_BLOCK = lib.concatStringsSep websiteBlocklist; + WHOOGLE_CONFIG_THEME = "system"; + }; + }; +}