faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

small update

Browse source
This commit is contained in:
Bloxx12 2025-07-13 22:51:22 +02:00
commit b1490ec9a8
Signed by: faukah
SSH key fingerprint: SHA256:Uj2AXqvtdCA4hn5Hq0ZonhIAyUqI1q4w2sMG3Z1TH7E
100 changed files with 187 additions and 1695 deletions
Download patch file Download diff file Expand all files Collapse all files

0
modules/services/acme/module.nix → modules/services/acme.mod.nix
View file

0
modules/services/greetd/module.nix → modules/services/greetd.mod.nix
View file

0
modules/services/locate/module.nix → modules/services/locate.mod.nix
View file

0
modules/services/mako/module.nix → modules/services/mako.mod.nix
View file

0
modules/services/mpd/module.nix → modules/services/mpd.mod.nix
View file

0
modules/services/nginx/module.nix → modules/services/nginx.mod.nix
View file

17
modules/services/owncloud/module.nix → modules/services/owncloud.mod.nix
View file

@ -26,23 +26,6 @@ in {
ExecStart = "${getExe' pkgs.owncloud-client "owncloud"}";
Restart = "always";
RestartSec = 30;
# User = "cr";
# Group = "cr";
# Keyringmode = "shared";
# DevicePolicy = "closed";
# PrivateDevices = true;
# PrivateTmp = true;
# ProtectClock = true;
# ProtectControlGroups = true;
# ProtectControlGroup = true;
# ProtectKernelLogs = true;
# ProtectKernelModules = true;
# ProtectKernelTunables = true;
# ProtectSystem = "strict";
# SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
};
};
};

0
modules/services/pipewire/module.nix → modules/services/pipewire.mod.nix
View file

39
modules/services/plausible/module.nix
View file

@ -1,39 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.services.plausible;
port = 4030;
domain = "analytics.copeberg.org";
in {
options.modules.system.services.plausible.enable = mkEnableOption "Plausible, an analytics service";
config = mkIf cfg.enable {
services.plausible = {
enable = true;
server = {
baseUrl = "http://${domain}";
secretKeybaseFile = "/run/secrets/plausible-secret-key-base";
disableRegistration = false;
};
database.postgres = {
dbname = "plausible";
};
};
services.nginx = {
enable = true;
virtualHosts.${domain} = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
};
};
}

0
modules/services/postgresql/module.nix → modules/services/postgresql.mod.nix
View file

0
modules/services/printing/module.nix → modules/services/printing.mod.nix
View file

119
modules/services/searxng/module.nix
View file

@ -1,119 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.options) mkEnableOption;
inherit (lib.modules) mkIf;
inherit (builtins) toString;
cfg = config.modules.services.searxng;
port = 4021;
in {
options.modules.services.searxng.enable = mkEnableOption "SearXNG, a private search engine";
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [port];
services = {
nginx.enable = true;
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = "/srv/data/searxng/super_secret_file";
settings = {
general = {
name = "Copesearch";
privacypolicy_url = false;
debug = false;
enable_metrics = false;
};
search = {
safe_search = 1;
formats = ["html" "json" "rss"];
autocomplete = "google"; # "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang = "en";
};
ui = {
query_in_title = true;
theme_args.simple_style = "dark"; # auto, dark, light
results_on_new_tab = false;
};
server = {
inherit port;
limiter = false;
image_proxy = false;
# taken from https://github.com/searx/searx/issues/715
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
# shamelessly stolen from NotAShelf
engines = [
{
name = "wikipedia";
engine = "wikipedia";
shortcut = "w";
base_url = "https://wikipedia.org/";
}
{
name = "duckduckgo";
engine = "duckduckgo";
shortcut = "ddg";
}
{
name = "google";
engine = "google";
shortcut = "g";
use_mobile_ui = false;
}
{
name = "archwiki";
engine = "archlinux";
shortcut = "aw";
}
{
name = "github";
engine = "github";
categories = "it";
shortcut = "gh";
}
{
name = "nixpkgs";
shortcut = "nx";
engine = "elasticsearch";
categories = "dev,nix";
base_url = "https://nixos-search-5886075189.us-east-1.bonsaisearch.net:443";
index = "latest-31-nixos-unstable";
query_type = "match";
}
];
};
};
nginx.virtualHosts."search.copeberg.org" = {
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
extraConfig = ''
access_log /dev/null;
error_log /dev/null;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
'';
quic = true;
forceSSL = true;
enableACME = true;
};
};
};
}

17
modules/services/spotifyd.mod.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
lib,
...
}: let
inherit (lib.modules) mkIf;
inherit (config.modules.system) isGraphical;
in {
# TODO: setup
services.spotifyd = mkIf isGraphical {
enable = true;
settings = {
};
config = {
};
};
}

0
modules/services/ssh/module.nix → modules/services/ssh.mod.nix
View file

0
modules/services/stalwart/module.nix → modules/services/stalwart.mod.nix
View file

0
modules/services/usbguard/module.nix → modules/services/usbguard.mod.nix
View file

0
modules/services/uwsm/module.nix → modules/services/uwsm.mod.nix
View file

0
modules/services/wayneko/module.nix → modules/services/wayneko.mod.nix
View file