From 8d647a598ec7d3cea0de4b28f59732978a11926c Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Sun, 22 Mar 2026 13:28:22 -0400 Subject: [PATCH] rotate ipv6 for searxng --- clients/quadraticserver/docs/default.nix | 147 ----------------------- clients/quadraticserver/network.nix | 1 + clients/quadraticserver/searxng.nix | 12 +- 3 files changed, 9 insertions(+), 151 deletions(-) delete mode 100644 clients/quadraticserver/docs/default.nix diff --git a/clients/quadraticserver/docs/default.nix b/clients/quadraticserver/docs/default.nix deleted file mode 100644 index 0aae7f3..0000000 --- a/clients/quadraticserver/docs/default.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - inputs, - config, - pkgs, - ... -}: -let - s3Domain = "http://127.0.0.1${config.services.minio.listenAddress}"; - cfg = config.services.lasuite-docs; -in -{ - disabledModules = [ - "services/web-apps/lasuite-docs.nix" - ]; - imports = [ - inputs.lasuite-docs-proxy.nixosModules.default - "${inputs.nixpkgs-custom}/nixos/modules/services/web-apps/lasuite-docs.nix" - ]; - - systemd.services = { - lasuite-docs-collaboration-server.serviceConfig = { - EnvironmentFile = cfg.environmentFile; - Restart = "always"; - }; - - lasuite-docs-celery.serviceConfig.Restart = "always"; - lasuite-docs.serviceConfig.Restart = "always"; - }; - - services = - let - proxySocket = "/var/run/lasuite-docs-proxy/socket"; - authDomain = "auth.federated.nexus"; - domain = "docs.federated.nexus"; - s3Url = "${s3Domain}/lasuite-docs"; - socket = "/run/lasuite-docs/socket"; - in - { - lasuite-docs-proxy = { - enable = true; - args = [ - "--socket" - proxySocket - "--authUri" - "https://docs.federated.nexus/api/v1.0/documents/media-auth/" - "--minioUri" - s3Url - ]; - group = "caddy"; - }; - lasuite-docs = { - enable = true; - enableNginx = false; - redis.createLocally = true; - postgresql.createLocally = true; - backendPackage = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs.overrideAttrs - (old: { - patches = (old.patches or [ ]) ++ [ ./enable-languages.patch ]; - }); - frontendPackage = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs-frontend.overrideAttrs - { - NEXT_PUBLIC_PUBLISH_AS_MIT = "false"; - }; - collaborationServer.package = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs-collaboration-server; - bind = "unix:${socket}"; - inherit s3Url domain; - - settings = { - OIDC_OP_AUTHORIZATION_ENDPOINT = "https://federated.nexus/login"; - OIDC_OP_TOKEN_ENDPOINT = "https://${authDomain}/token"; - OIDC_OP_USER_ENDPOINT = "https://${authDomain}/userinfo"; - OIDC_RP_SIGN_ALGO = "HS256"; - - COLLABORATION_API_URL = "https://${domain}/collaboration/api/"; - LOGIN_REDIRECT_URL = "https://${domain}"; - - AWS_S3_ENDPOINT_URL = s3Domain; - AWS_S3_ACCESS_KEY_ID = "minioadmin"; - AWS_STORAGE_BUCKET_NAME = "lasuite-docs"; - MEDIA_BASE_URL = "https://${domain}"; - - DJANGO_ALLOWED_HOSTS = domain; - }; - - environmentFile = config.age.secrets."lasuiteSecrets.age".path; - }; - - minio = { - enable = true; - rootCredentialsFile = config.age.secrets."minioCredentials.age".path; - }; - - caddy.virtualHosts."${domain}".extraConfig = - let - collabUrl = "http://localhost:${toString cfg.collaborationServer.port}"; - in - '' - handle_errors { - rewrite * /{http.error.status_code} - file_server - } - - redir /api/v1.0/logout/None / - - root * ${cfg.frontendPackage} - file_server - - @uuidDocs path_regexp uuidDocs ^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$ - rewrite @uuidDocs /docs/[id]/index.html - - reverse_proxy /static/admin/* unix/${socket} - reverse_proxy /api/* unix/${socket} - reverse_proxy /admin* unix/${socket} - - reverse_proxy /collaboration/ws/* ${collabUrl} - reverse_proxy /collaboration/api/* ${collabUrl} - - reverse_proxy /api/v1.0/documents/media-auth/ unix/${socket} - - reverse_proxy /media/* unix/${proxySocket} - ''; - }; - - systemd.services.minio-init = { - description = "Create MinIO bucket"; - after = [ "minio.service" ]; - requires = [ "minio.service" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - getent - minio-client - ]; - - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = config.age.secrets."minioCredentials.age".path; - ExecStart = pkgs.writeShellScript "init-minio" '' - mc alias set minio ${s3Domain} "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" --api s3v4 - mc mb --ignore-existing minio/lasuite-docs - mc anonymous get minio/lasuite-docs - ''; - }; - }; -} diff --git a/clients/quadraticserver/network.nix b/clients/quadraticserver/network.nix index 7707281..6364345 100644 --- a/clients/quadraticserver/network.nix +++ b/clients/quadraticserver/network.nix @@ -8,6 +8,7 @@ address = [ "91.99.155.129/32" + "2a01:4f8:c012:d202::1/64" ] # Assign 64 IPv6 addresses ++ builtins.genList (i: "2a01:4f8:c012:d202::${builtins.toString (i + 1)}/64") 64; diff --git a/clients/quadraticserver/searxng.nix b/clients/quadraticserver/searxng.nix index 91b12cf..a8e0c58 100644 --- a/clients/quadraticserver/searxng.nix +++ b/clients/quadraticserver/searxng.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, config, ... }: { services = let @@ -12,8 +12,7 @@ let enginesByCategory = { general = { - duckduckgo = { }; - startpage = { }; + brave.disabled = false; }; "social media" = { @@ -65,7 +64,7 @@ { general = { instance_name = "Federated Nexus Search"; - contact_url = "mailto:henry@henryhiles.com"; + contact_url = "mailto:info@federated.nexus"; }; search = { @@ -91,6 +90,11 @@ "searx.plugins.tracker_url_remover.SXNGPlugin".active = true; }; + outgoing = { + source_ips = config.systemd.network.networks."30-wan".address; + retries = 32; + }; + categories_as_tabs = builtins.listToAttrs ( map (category: { name = category;