feat: add shodan! (#119)

* feat: warning for adguard schema mismatch

* Auto lint/format

* fix: fix filtering

* chore: tweak automerge

* fix: whoogle

* hack

* hax

* hack

* feat: clean tmp on boot

* M E G A H A C K

* derp lel

* chore: name

* feat: add shodan!

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-04-24 15:50:08 +10:00 committed by GitHub
parent b8a523d13c
commit b6e2ee3155
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
27 changed files with 395 additions and 151 deletions

View file

@ -7,21 +7,20 @@ and copy into networking.hostId to ensure ZFS doesnt get borked on reboot
# Partitioning # Partitioning
parted /dev/nvme0n1 -- mklabel gpt parted /dev/sda -- mklabel gpt
parted /dev/nvme0n1 -- mkpart root ext4 512MB -8GB parted /dev/sda -- mkpart root ext4 512MB -8GB
parted /dev/nvme0n1 -- mkpart swap linux-swap -8GB 100% parted /dev/sda -- mkpart ESP fat32 1MB 512MB
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB parted /dev/sda -- set 2 esp on
parted /dev/nvme0n1 -- set 3 esp on
# Formatting # Formatting
mkswap -L swap /dev/nvme0n1p2 mkswap -L swap /dev/sdap2
swapon /dev/nvme0n1p2 swapon /dev/sdap2
mkfs.fat -F 32 -n boot /dev/nvme0n1p3 mkfs.fat -F 32 -n boot /dev/sdap3
# ZFS on root partition # ZFS on root partition
zpool create -O mountpoint=none rpool /dev/nvme0n1p1 zpool create -O mountpoint=none rpool /dev/sdap1
zfs create -p -o mountpoint=legacy rpool/local/root zfs create -p -o mountpoint=legacy rpool/local/root
@ -33,7 +32,7 @@ mount -t zfs rpool/local/root /mnt
# Boot partition # Boot partition
mkdir /mnt/boot mkdir /mnt/boot
mount /dev/nvme0n1p3 /mnt/boot mount /dev/sdap3 /mnt/boot
#mk nix #mk nix
zfs create -p -o mountpoint=legacy rpool/local/nix zfs create -p -o mountpoint=legacy rpool/local/nix

View file

@ -61,16 +61,23 @@
]; ];
in in
{ rec {
# Use nixpkgs-fmt for 'nix fmt' # Use nixpkgs-fmt for 'nix fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
# setup devshells against shell.nix # setup devshells against shell.nix
devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; }); devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
# extend lib with my custom functions
lib = nixpkgs.lib.extend (
final: prev: {
inherit inputs;
myLib = import ./nixos/lib { inherit inputs; lib = final; };
}
);
nixosConfigurations = nixosConfigurations =
# with self.lib; with self.lib;
let let
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
@ -107,7 +114,7 @@
, profileModules ? [ ] , profileModules ? [ ]
}: }:
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system; inherit system lib;
modules = baseModules ++ hardwareModules ++ profileModules; modules = baseModules ++ hardwareModules ++ profileModules;
specialArgs = { inherit self inputs nixpkgs; }; specialArgs = { inherit self inputs nixpkgs; };
# Add our overlays # Add our overlays
@ -217,6 +224,22 @@
]; ];
}; };
"shodan" = mkNixosConfig {
# lenovo tiny NAS
hostname = "shodan";
system = "x86_64-linux";
hardwareModules = [
./nixos/profiles/hw-generic-x86.nix
];
profileModules = [
./nixos/profiles/role-server.nix
./nixos/profiles/impermanence.nix
{ home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; }
];
};
}; };

27
nixos/hosts/bootstrap.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.openssh.enable = true;
users.users.truxnell = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
];
};
networking.hostId = "0a90730f";
system.stateVersion = "23.11";
}

View file

@ -20,9 +20,11 @@
tautulli.enable = true; tautulli.enable = true;
syncthing.enable = true; syncthing.enable = true;
searxng.enable = true; searxng.enable = true;
factorio.freight-forwarding.enable = true; factorio.freight-forwarding.enable = true; # the factory must grow
whoogle.enable = true; whoogle.enable = true;
redlib.enable = true;
}; };
mySystem.system.systemd.pushover-alerts.enable = false; mySystem.system.systemd.pushover-alerts.enable = false;
@ -32,11 +34,11 @@
mySystem.system.motd.networkInterfaces = [ "eno1" ]; mySystem.system.motd.networkInterfaces = [ "eno1" ];
# Dev machine # Dev machine
# mySystem.system.resticBackup = mySystem.system.resticBackup =
# { {
# local.enable = false; local.enable = false;
# remote.enable = false; remote.enable = false;
# }; };
boot = { boot = {

View file

@ -0,0 +1,74 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config
, lib
, pkgs
, ...
}: {
mySystem.purpose = "Homelab";
mySystem.services = {
openssh.enable = true;
podman.enable = true;
traefik.enable = true;
gatus.enable = true;
homepage.enable = true;
# backrest.enable = true;
plex.enable = true;
tautulli.enable = true;
syncthing.enable = true;
searxng.enable = true;
factorio.freight-forwarding.enable = true; # the factory must grow
whoogle.enable = true;
redlib.enable = true;
};
mySystem.nfs.nas.enable = true;
mySystem.persistentFolder = "/persistent";
mySystem.system.motd.networkInterfaces = [ "enp1s0" ];
boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
# for managing/mounting ntfs
supportedFilesystems = [ "ntfs" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# why not ensure we can memtest workstatons easily?
# TODO check whether this is actually working, cant see it in grub?
grub.memtest86.enable = true;
};
};
networking.hostName = "durandal"; # Define your hostname.
networking.hostId = "0a90730f";
networking.useDHCP = lib.mkDefault true;
fileSystems."/" =
{
device = "/dev/disk/by-uuid/2e843998-f409-4ccc-bc7c-07099ee0e936";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/0ae2765b-f3f4-4b1a-8ea6-599f37504d70"; }];
}

111
nixos/lib/default.nix Normal file
View file

@ -0,0 +1,111 @@
{ inputs, lib, ... }:
with lib;
rec {
firstOrDefault = first: default: if !isNull first then first else default;
existsOrDefault = x: set: default: if builtins.hasAttr x set then builtins.getAttr x set else default;
# Will be v. useful when i grok
# https://github.com/ahbk/my-nixos/blob/5fe1521b11422c66fd823b442393b3b044a5a5b8/nix#L5
# pick a list of attributes from an attrSet
# mySystem.pick = attrNames: attrSet: filterAttrs (name: value: elem name attrNames) attrSet;
# create an env-file (package) that can be sourced to set environment variables
# mySystem.mkEnv = name: value: pkgs.writeText "${name}-env" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n}=${v}") value));
# loop over an attrSet and merge the attrSets returned from f into one (latter override the former in case of conflict)
# mySystem.mergeAttrs = f: attrs: builtins.foldlAttrs (acc: name: value: (recursiveUpdate acc (f name value))) { } attrs;
# main service builder
mkService = options: (
let
user = existsOrDefault "user" options "568";
group = existsOrDefault "group" options "568";
envFiles = existsOrDefault "envFiles" options [ ];
addTraefikLabels = if (builtins.hasAttr "container" options) && (builtins.hasAttr "addTraefikLabels" options.container) then options.container.addTraefikLabels else false;
homepageIcon = if (builtins.hasAttr "homepage" options) && (builtins.hasAttr "icon" options.homepage) then options.homepage.icon else "${options.app}.svg";
host = existsOrDefault "host" options "${options.app}.${options.domain}";
# nix doesnt have an exhausive list of options for oci
# so here i try to get a robust list of security options for containers
# because everyone needs more tinfoild hat right? RIGHT?
containerExtraOptions = [ ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs ${folders}") tmpfsFolders) ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt no-new-privileges" ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop ALL" ]
;
in
{
virtualisation.oci-containers.containers.${options.app} = {
image = "${options.image}";
user = "${user}:${group}";
environment = {
TZ = options.timeZone;
} // options.container.env;
environmentFiles = [ ] ++ envFiles;
volumes = [
"/etc/localtime:/etc/localtime:ro"
];
labels = mkIf addTraefikLabels (mkTraefikLabels {
name = options.app;
port = options.port;
domain = options.domain;
url = host;
});
extraOptions = containerExtraOptions;
};
mySystem.services.homepage.media-services = mkIf options.addToHomepage [
{
${options.app} = {
icon = homepageIcon;
href = host;
host = host;
description = options.description;
};
}
];
}
);
# build up traefik docker labels
mkTraefikLabels = options: (
let
inherit (options) name;
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
host = existsOrDefault "host" options "${options.name}.${options.domain}";
# created if port is specified
service = if builtins.hasAttr "service" options then options.service else options.name;
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
in
{
"traefik.enable" = "true";
"traefik.http.routers.${name}.rule" = "Host(`${host}`)";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.middlewares" = "${middleware}";
} // attrsets.optionalAttrs (builtins.hasAttr "port" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
} // attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
} // attrsets.optionalAttrs (builtins.hasAttr "service" options) {
"traefik.http.routers.${name}.service" = service;
}
);
}

View file

@ -53,8 +53,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -51,8 +51,10 @@ in
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -53,8 +53,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -52,8 +52,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -55,8 +55,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -45,8 +45,10 @@ in
"${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw" "${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -11,5 +11,6 @@
./searxng ./searxng
./factorio ./factorio
./whoogle ./whoogle
./redlib
]; ];
} }

View file

@ -41,8 +41,10 @@ in
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ (builtins.toString port) ]; # expose port ports = [ (builtins.toString port) ]; # expose port
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -129,8 +129,10 @@ in
"${configFile}:/config/config.yaml:ro" "${configFile}:/config/config.yaml:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };

View file

@ -282,8 +282,10 @@ in
# "traefik.http.routers.${app}.middlewares" = "local-ip-only@file"; # "traefik.http.routers.${app}.middlewares" = "local-ip-only@file";
# "traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}"; # "traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
# }; # };
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
# not using docker socket for discovery, just # not using docker socket for discovery, just

View file

@ -40,8 +40,10 @@ in
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ (builtins.toString port) ]; # expose port ports = [ (builtins.toString port) ]; # expose port
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -44,8 +44,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -0,0 +1,65 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.services.redlib;
in
{
options.mySystem.services.redlib.enable = mkEnableOption "redlib";
# fuck /u/spez
config =
myLib.mkService
{
app = "Redlib";
description = "Reddit alternate frontend";
image = "quay.io/redlib/redlib@sha256:7fa92bb9b5a281123ee86a0b77a443939c2ccdabba1c12595dcd671a84cd5a64";
port = 8080;
user = "nobody";
group = "nobody";
timeZone = config.time.timeZone;
domain = config.networking.domain;
addToHomepage = true;
homepage.icon = "libreddit.svg";
container = {
env = {
REDLIB_DEFAULT_SHOW_NSFW = "on";
REDLIB_DEFAULT_USE_HLS = "on";
REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION = "on";
};
addTraefikLabels = true;
caps = {
readOnly = true;
noNewPrivileges = true;
dropAll = true;
};
};
};
# mkService
# app: App Name, string, required
# appUrl: App url, string, default "https://APP.DOMAIN"
# description: App Description, string, required
# image: Container IMage, string, required
# port: port, int
# timeZone: timezone, required
# domain: domain of app, required
# addToHomepage: Flag to add to homepage, bool, default false
## HOMEPAGE
# homepage.icon: Icon for homepage listing, string, default "app.svg"
# user: user to run as, string, default 568
# group: group to run as, string, default 568
# envFiles, files to add as env, list of string, default [ TZ = timeZone ]
## CONTAINER
# container.env, env vars for container, attrset, default { }
# container.addTraefikLabels, flag for adding traefik exposing labels, default true
# caps.privileged: privileged pod, grant pod high privs, defualt SUPER false. SUPER DOOPER FALSE
# caps.readOnly: readonly pod (outside mounted paths etc). default false
#
}

View file

@ -38,8 +38,10 @@ in
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -37,8 +37,10 @@ in
SEARXNG_BASE_URL = "https://searxng.${config.mySystem.domain}/"; SEARXNG_BASE_URL = "https://searxng.${config.mySystem.domain}/";
SEARXNG_URL = "https://searxng.${config.mySystem.domain}"; SEARXNG_URL = "https://searxng.${config.mySystem.domain}";
}; };
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
extraOptions = [ extraOptions = [
@ -54,7 +56,7 @@ in
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [ mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
{ {
Tautulli = { Searxng = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.mySystem.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}"; ping = "https://${app}.${config.mySystem.domain}";

View file

@ -1,70 +0,0 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
app = "searxng";
image = "docker.io/searxng/searxng:2023.11.1-b5a8ddfec";
user = "568"; #string
group = "568"; #string
port = 8080; #int
cfg = config.mySystem.services.${app};
appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
config = { use_default_settings = { engines = { keep_only = [ "arch linux wiki" "google" "google images" "google news" "google videos" "google scholar" "google play apps" "duckduckgo" "brave" "startpage" "gitlab" "github" "codeberg" "sourcehut" "bitbucket" "apple app store" "wikipedia" "currency" "docker hub" "ddg definitions" "duckduckgo images" "bandcamp" "deviantart" "tineye" "apple maps" "fdroid" "flickr" "free software directory" "z-library" "lobste.rs" "azlyrics" "openstreetmap" "npm" "pypi" "lib.rs" "nyaa" "reddit" "sepiasearch" "soundcloud" "stackoverflow" "askubuntu" "superuser" "searchcode code" "unsplash" "youtube" "wolframalpha" "mojeek" ]; }; }; engines = [{ name = "brave"; disabled = false; } { name = "startpage"; disabled = false; } { name = "apple app store"; disabled = false; } { name = "ddg definitions"; disabled = false; } { name = "tineye"; disabled = false; } { name = "apple maps"; disabled = false; } { name = "duckduckgo images"; disabled = false; } { name = "fdroid"; disabled = false; } { name = "free software directory"; disabled = false; } { name = "bitbucket"; disabled = false; } { name = "gitlab"; disabled = false; } { name = "codeberg"; disabled = false; } { name = "google play apps"; disabled = false; } { name = "lobste.rs"; disabled = false; } { name = "azlyrics"; disabled = false; } { name = "npm"; disabled = false; } { name = "nyaa"; disabled = false; categories = "videos"; } { name = "searchcode code"; disabled = false; } { name = "mojeek"; disabled = false; } { name = "lib.rs"; disabled = false; } { name = "sourcehut"; disabled = false; }]; general = { instance_name = "NatFlix Search"; enable_metrics = false; }; brand = { new_issue_url = ""; docs_url = ""; public_instances = ""; wiki_url = ""; issue_url = ""; }; search = { safe_search = 0; autocomplete = "duckduckgo"; autocomplete_min = 2; default_lang = "en"; max_page = 0; }; server = { base_url = "https://searxng.\${EXTERNAL_DOMAIN}/"; image_proxy = true; http_protocol_version = "1.1"; method = "GET"; }; ui = { static_use_hash = true; infinite_scroll = true; default_theme = "simple"; theme_args = { simple_style = "dark"; }; }; enabled_plugins = [ "Hash plugin" "Search on category select" "Self Information" "Tracker URL remover" "Open Access DOI rewrite" "Vim-like hotkeys" ]; };
in
{
options.mySystem.services.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${app} = {
image = "${image}";
user = "${user}:${group}";
volumes = [
"${configFile}:/etc/searxng/settings.yml:ro"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
TZ = "${config.time.timeZone}";
SEARXNG_BASE_URL = "https://searxng.${config.mySystem.domain}/";
SEARXNG_URL = "https://searxng.${config.mySystem.domain}";
};
labels = config.lib.mySystem.mkTraefikLabels {
name = app;
inherit port;
};
extraOptions = [
"--read-only"
"--tmpfs=/etc/searxng/"
];
};
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
{
Searxng = {
icon = "${app}.svg";
href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Private Search Engine";
};
}
];
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app;
group = "services";
url = "https://${app}.${config.mySystem.domain}";
interval = "1m";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}];
};
}

View file

@ -36,8 +36,10 @@ in
"${config.mySystem.nasFolder}/backup/kubernetes/apps/tautulli:/config/backup:rw" "${config.mySystem.nasFolder}/backup/kubernetes/apps/tautulli:/config/backup:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -7,8 +7,8 @@ with lib;
let let
app = "whoogle"; app = "whoogle";
image = "ghcr.io/benbusby/whoogle-search:0.8.4@sha256:93977c3aec8a039df94745a6e960d1b590a897e451b874c90ce484fbdbc3630f"; image = "ghcr.io/benbusby/whoogle-search:0.8.4@sha256:93977c3aec8a039df94745a6e960d1b590a897e451b874c90ce484fbdbc3630f";
user = "568"; #string user = "927"; #string
group = "568"; #string group = "927"; #string
port = 5000; #int port = 5000; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
appFolder = "containers/${app}"; appFolder = "containers/${app}";
@ -27,8 +27,31 @@ in
image = "${image}"; image = "${image}";
user = "${user}:${group}"; user = "${user}:${group}";
ports = [ (builtins.toString port) ]; # expose port ports = [ (builtins.toString port) ]; # expose port
labels = config.lib.mySystem.mkTraefikLabels { environment = {
TZ = "${config.time.timeZone}";
WHOOGLE_ALT_TW = "nitter.${config.networking.domain}";
WHOOGLE_ALT_YT = "invidious.${config.networking.domain}";
WHOOGLE_ALT_IG = "imginn.com";
WHOOGLE_ALT_RD = "redlib.${config.networking.domain}";
WHOOGLE_ALT_MD = "scribe.${config.networking.domain}";
WHOOGLE_ALT_TL = "";
WHOOGLE_ALT_IMG = "bibliogram.art";
WHOOGLE_ALT_IMDB = "";
WHOOGLE_ALT_WIKI = "";
WHOOGLE_ALT_QUORA = "";
WHOOGLE_CONFIG_ALTS = "1";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_URL = "https://search.${config.networking.domain}";
WHOOGLE_CONFIG_GET_ONLY = "1";
WHOOGLE_CONFIG_COUNTRY = "AU";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_DISABLE = "1";
};
labels = lib.myLib.mkTraefikLabels {
name = app; name = app;
domain = config.networking.domain;
inherit port; inherit port;
}; };
}; };

View file

@ -2,31 +2,6 @@
with lib; with lib;
{ {
# build up traefik docker labesl
lib.mySystem.mkTraefikLabels = options: (
let
inherit (options) name;
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
# created if port is specified
service = if builtins.hasAttr "service" options then options.service else options.name;
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
in
{
"traefik.enable" = "true";
"traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.mySystem.domain}`)";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.middlewares" = "${middleware}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) {
"traefik.http.routers.${name}.service" = service;
}
);
# build a restic restore set for both local and remote # build a restic restore set for both local and remote
lib.mySystem.mkRestic = options: ( lib.mySystem.mkRestic = options: (
@ -76,25 +51,7 @@ with lib;
} }
); );
# Will be v. useful when i grok
# https://github.com/ahbk/my-nixos/blob/5fe1521b11422c66fd823b442393b3b044a5a5b8/lib.nix#L5
# pick a list of attributes from an attrSet
lib.mySystem.pick = attrNames: attrSet: lib.filterAttrs (name: value: lib.elem name attrNames) attrSet;
# create an env-file (package) that can be sourced to set environment variables
lib.mySystem.mkEnv = name: value: pkgs.writeText "${name}-env" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n}=${v}") value));
# loop over an attrSet and merge the attrSets returned from f into one (latter override the former in case of conflict)
lib.mySystem.mergeAttrs = f: attrs: foldlAttrs (acc: name: value: (recursiveUpdate acc (f name value))) { } attrs;
# Iterate all attrs in base and return
# the merged set from all iterated keys in base from
# return path
# lib.mySystem.mkMergeMap = base: return: builtins.concatMap (cfg: (cfg.return)) (builtins.attrValues base);
} }
# # useful?
# foldlAttrs
# # attrbypath?
# let

View file

@ -179,7 +179,7 @@ in
mySystem.services.homepage.infrastructure-services = [ mySystem.services.homepage.infrastructure-services = [
{ {
Traefik = { "Traefik ${config.networking.hostName}" = {
icon = "traefik.png"; icon = "traefik.png";
href = "https://traefik-${config.networking.hostName}.${config.mySystem.domain}/dashboard/"; href = "https://traefik-${config.networking.hostName}.${config.mySystem.domain}/dashboard/";

View file

@ -25,7 +25,11 @@ with lib;
}; };
}; };
config = { config = {
boot.tmp.cleanOnBoot = true;
mySystem = { mySystem = {
# basics for all devices # basics for all devices