From c21d55a02837bfb62e160f3f72d18fece4e16116 Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Sun, 22 Mar 2026 13:28:12 -0400 Subject: [PATCH 1/2] dont custom build lasuite --- .../docs/enable-languages.patch | 13 -- clients/quadraticserver/lasuite-docs.nix | 139 ++++++++++++++++++ 2 files changed, 139 insertions(+), 13 deletions(-) delete mode 100644 clients/quadraticserver/docs/enable-languages.patch create mode 100644 clients/quadraticserver/lasuite-docs.nix diff --git a/clients/quadraticserver/docs/enable-languages.patch b/clients/quadraticserver/docs/enable-languages.patch deleted file mode 100644 index f607294..0000000 --- a/clients/quadraticserver/docs/enable-languages.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py -index 9059dd29..010cc524 100755 ---- a/impress/settings.py -+++ b/impress/settings.py -@@ -248,6 +248,9 @@ class Base(Configuration): - ("de-de", "Deutsch"), - ("nl-nl", "Nederlands"), - ("es-es", "Español"), -+ ("br-fr", "Brezhoneg"), -+ ("uk-ua", "Українська"), -+ ("ru-ru", "Русский"), - ) - ) \ No newline at end of file diff --git a/clients/quadraticserver/lasuite-docs.nix b/clients/quadraticserver/lasuite-docs.nix new file mode 100644 index 0000000..33842ec --- /dev/null +++ b/clients/quadraticserver/lasuite-docs.nix @@ -0,0 +1,139 @@ +{ + inputs, + config, + pkgs, + ... +}: +let + s3Domain = "http://127.0.0.1${config.services.minio.listenAddress}"; + cfg = config.services.lasuite-docs; +in +{ + disabledModules = [ + "services/web-apps/lasuite-docs.nix" + ]; + imports = [ + inputs.lasuite-docs-proxy.nixosModules.default + "${inputs.nixpkgs-custom}/nixos/modules/services/web-apps/lasuite-docs.nix" + ]; + + systemd.services = { + lasuite-docs-collaboration-server.serviceConfig = { + EnvironmentFile = cfg.environmentFile; + Restart = "always"; + }; + + lasuite-docs-celery.serviceConfig.Restart = "always"; + lasuite-docs.serviceConfig.Restart = "always"; + }; + + services = + let + proxySocket = "/var/run/lasuite-docs-proxy/socket"; + authDomain = "auth.federated.nexus"; + domain = "docs.federated.nexus"; + s3Url = "${s3Domain}/lasuite-docs"; + socket = "/run/lasuite-docs/socket"; + in + { + lasuite-docs-proxy = { + enable = true; + args = [ + "--socket" + proxySocket + "--authUri" + "https://docs.federated.nexus/api/v1.0/documents/media-auth/" + "--minioUri" + s3Url + ]; + group = "caddy"; + }; + lasuite-docs = { + enable = true; + enableNginx = false; + redis.createLocally = true; + postgresql.createLocally = true; + frontendPackage = pkgs.lasuite-docs-frontend.overrideAttrs { + NEXT_PUBLIC_PUBLISH_AS_MIT = "false"; + }; + bind = "unix:${socket}"; + inherit s3Url domain; + + settings = { + OIDC_OP_AUTHORIZATION_ENDPOINT = "https://federated.nexus/login"; + OIDC_OP_TOKEN_ENDPOINT = "https://${authDomain}/token"; + OIDC_OP_USER_ENDPOINT = "https://${authDomain}/userinfo"; + OIDC_RP_SIGN_ALGO = "HS256"; + + COLLABORATION_API_URL = "https://${domain}/collaboration/api/"; + LOGIN_REDIRECT_URL = "https://${domain}"; + + AWS_S3_ENDPOINT_URL = s3Domain; + AWS_S3_ACCESS_KEY_ID = "minioadmin"; + AWS_STORAGE_BUCKET_NAME = "lasuite-docs"; + MEDIA_BASE_URL = "https://${domain}"; + + DJANGO_ALLOWED_HOSTS = domain; + DJANGO_LANGUAGES = "en-us,English;fr-fr,Français;nl-nl,Nederlands;es-es,Español;uk-ua,Українська;ru-ru,Русский"; + }; + + environmentFile = config.age.secrets."lasuiteSecrets.age".path; + }; + + minio = { + enable = true; + rootCredentialsFile = config.age.secrets."minioCredentials.age".path; + }; + + caddy.virtualHosts."${domain}".extraConfig = + let + collabUrl = "http://localhost:${toString cfg.collaborationServer.port}"; + in + '' + handle_errors { + rewrite * /{http.error.status_code} + file_server + } + + redir /api/v1.0/logout/None / + + root * ${cfg.frontendPackage} + file_server + + @uuidDocs path_regexp uuidDocs ^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$ + rewrite @uuidDocs /docs/[id]/index.html + + reverse_proxy /static/admin/* unix/${socket} + reverse_proxy /api/* unix/${socket} + reverse_proxy /admin* unix/${socket} + + reverse_proxy /collaboration/ws/* ${collabUrl} + reverse_proxy /collaboration/api/* ${collabUrl} + + reverse_proxy /api/v1.0/documents/media-auth/ unix/${socket} + + reverse_proxy /media/* unix/${proxySocket} + ''; + }; + + systemd.services.minio-init = { + description = "Create MinIO bucket"; + after = [ "minio.service" ]; + requires = [ "minio.service" ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + getent + minio-client + ]; + + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = config.age.secrets."minioCredentials.age".path; + ExecStart = pkgs.writeShellScript "init-minio" '' + mc alias set minio ${s3Domain} "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" --api s3v4 + mc mb --ignore-existing minio/lasuite-docs + mc anonymous get minio/lasuite-docs + ''; + }; + }; +} From 8d647a598ec7d3cea0de4b28f59732978a11926c Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Sun, 22 Mar 2026 13:28:22 -0400 Subject: [PATCH 2/2] rotate ipv6 for searxng --- clients/quadraticserver/docs/default.nix | 147 ----------------------- clients/quadraticserver/network.nix | 1 + clients/quadraticserver/searxng.nix | 12 +- 3 files changed, 9 insertions(+), 151 deletions(-) delete mode 100644 clients/quadraticserver/docs/default.nix diff --git a/clients/quadraticserver/docs/default.nix b/clients/quadraticserver/docs/default.nix deleted file mode 100644 index 0aae7f3..0000000 --- a/clients/quadraticserver/docs/default.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - inputs, - config, - pkgs, - ... -}: -let - s3Domain = "http://127.0.0.1${config.services.minio.listenAddress}"; - cfg = config.services.lasuite-docs; -in -{ - disabledModules = [ - "services/web-apps/lasuite-docs.nix" - ]; - imports = [ - inputs.lasuite-docs-proxy.nixosModules.default - "${inputs.nixpkgs-custom}/nixos/modules/services/web-apps/lasuite-docs.nix" - ]; - - systemd.services = { - lasuite-docs-collaboration-server.serviceConfig = { - EnvironmentFile = cfg.environmentFile; - Restart = "always"; - }; - - lasuite-docs-celery.serviceConfig.Restart = "always"; - lasuite-docs.serviceConfig.Restart = "always"; - }; - - services = - let - proxySocket = "/var/run/lasuite-docs-proxy/socket"; - authDomain = "auth.federated.nexus"; - domain = "docs.federated.nexus"; - s3Url = "${s3Domain}/lasuite-docs"; - socket = "/run/lasuite-docs/socket"; - in - { - lasuite-docs-proxy = { - enable = true; - args = [ - "--socket" - proxySocket - "--authUri" - "https://docs.federated.nexus/api/v1.0/documents/media-auth/" - "--minioUri" - s3Url - ]; - group = "caddy"; - }; - lasuite-docs = { - enable = true; - enableNginx = false; - redis.createLocally = true; - postgresql.createLocally = true; - backendPackage = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs.overrideAttrs - (old: { - patches = (old.patches or [ ]) ++ [ ./enable-languages.patch ]; - }); - frontendPackage = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs-frontend.overrideAttrs - { - NEXT_PUBLIC_PUBLISH_AS_MIT = "false"; - }; - collaborationServer.package = - inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.lasuite-docs-collaboration-server; - bind = "unix:${socket}"; - inherit s3Url domain; - - settings = { - OIDC_OP_AUTHORIZATION_ENDPOINT = "https://federated.nexus/login"; - OIDC_OP_TOKEN_ENDPOINT = "https://${authDomain}/token"; - OIDC_OP_USER_ENDPOINT = "https://${authDomain}/userinfo"; - OIDC_RP_SIGN_ALGO = "HS256"; - - COLLABORATION_API_URL = "https://${domain}/collaboration/api/"; - LOGIN_REDIRECT_URL = "https://${domain}"; - - AWS_S3_ENDPOINT_URL = s3Domain; - AWS_S3_ACCESS_KEY_ID = "minioadmin"; - AWS_STORAGE_BUCKET_NAME = "lasuite-docs"; - MEDIA_BASE_URL = "https://${domain}"; - - DJANGO_ALLOWED_HOSTS = domain; - }; - - environmentFile = config.age.secrets."lasuiteSecrets.age".path; - }; - - minio = { - enable = true; - rootCredentialsFile = config.age.secrets."minioCredentials.age".path; - }; - - caddy.virtualHosts."${domain}".extraConfig = - let - collabUrl = "http://localhost:${toString cfg.collaborationServer.port}"; - in - '' - handle_errors { - rewrite * /{http.error.status_code} - file_server - } - - redir /api/v1.0/logout/None / - - root * ${cfg.frontendPackage} - file_server - - @uuidDocs path_regexp uuidDocs ^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$ - rewrite @uuidDocs /docs/[id]/index.html - - reverse_proxy /static/admin/* unix/${socket} - reverse_proxy /api/* unix/${socket} - reverse_proxy /admin* unix/${socket} - - reverse_proxy /collaboration/ws/* ${collabUrl} - reverse_proxy /collaboration/api/* ${collabUrl} - - reverse_proxy /api/v1.0/documents/media-auth/ unix/${socket} - - reverse_proxy /media/* unix/${proxySocket} - ''; - }; - - systemd.services.minio-init = { - description = "Create MinIO bucket"; - after = [ "minio.service" ]; - requires = [ "minio.service" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - getent - minio-client - ]; - - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = config.age.secrets."minioCredentials.age".path; - ExecStart = pkgs.writeShellScript "init-minio" '' - mc alias set minio ${s3Domain} "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" --api s3v4 - mc mb --ignore-existing minio/lasuite-docs - mc anonymous get minio/lasuite-docs - ''; - }; - }; -} diff --git a/clients/quadraticserver/network.nix b/clients/quadraticserver/network.nix index 7707281..6364345 100644 --- a/clients/quadraticserver/network.nix +++ b/clients/quadraticserver/network.nix @@ -8,6 +8,7 @@ address = [ "91.99.155.129/32" + "2a01:4f8:c012:d202::1/64" ] # Assign 64 IPv6 addresses ++ builtins.genList (i: "2a01:4f8:c012:d202::${builtins.toString (i + 1)}/64") 64; diff --git a/clients/quadraticserver/searxng.nix b/clients/quadraticserver/searxng.nix index 91b12cf..a8e0c58 100644 --- a/clients/quadraticserver/searxng.nix +++ b/clients/quadraticserver/searxng.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, config, ... }: { services = let @@ -12,8 +12,7 @@ let enginesByCategory = { general = { - duckduckgo = { }; - startpage = { }; + brave.disabled = false; }; "social media" = { @@ -65,7 +64,7 @@ { general = { instance_name = "Federated Nexus Search"; - contact_url = "mailto:henry@henryhiles.com"; + contact_url = "mailto:info@federated.nexus"; }; search = { @@ -91,6 +90,11 @@ "searx.plugins.tracker_url_remover.SXNGPlugin".active = true; }; + outgoing = { + source_ips = config.systemd.network.networks."30-wan".address; + retries = 32; + }; + categories_as_tabs = builtins.listToAttrs ( map (category: { name = category;