diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-11-30 21:00:04 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-11-30 21:44:42 +0100 |
| commit | 307591d1ef64e2053994185c4173b8391f6ef96f (patch) | |
| tree | bb566dd465446c48113222132e9f889b235f9583 | |
| parent | 72ea5118e6dcc93d53053df09a009fd5bc824bec (diff) | |
nixos 25.05 -> 25.11
- tests: enable isNspawnContainer
- searx: remove morty (deprecated)
Flake lock file updates:
• Updated input 'my-nixpkgs':
'github:qaristote/my-nixpkgs/c032f4c09c83feb933d520ccce80e70a1516ca35' (2025-11-21)
→ 'github:qaristote/my-nixpkgs/e6d25dc678fa289ba488907e3cd49f2f8c330680' (2025-11-30)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/1c8ba8d3f7634acac4a2094eef7c32ad9106532c' (2025-11-24)
→ 'github:NixOS/nixpkgs/d542db745310b6929708d9abea513f3ff19b1341' (2025-11-30)
| -rw-r--r-- | config/default.nix | 5 | ||||
| -rw-r--r-- | config/services/web/searx/default.nix | 51 | ||||
| -rw-r--r-- | config/services/web/searx/morty/default.nix | 20 | ||||
| -rw-r--r-- | config/services/web/searx/searx/default.nix | 31 | ||||
| -rw-r--r-- | flake.lock | 14 | ||||
| -rw-r--r-- | flake.nix | 70 | ||||
| -rw-r--r-- | tests/configuration.nix | 5 | ||||
| -rwxr-xr-x | tests/run-tests.sh | 2 |
8 files changed, 100 insertions, 98 deletions
diff --git a/config/default.nix b/config/default.nix index c4a8277..a0b61aa 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,4 +1,5 @@ -{modulesPath, ...}: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/headless.nix") (modulesPath + "/profiles/minimal.nix") @@ -17,5 +18,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "25.05"; # Did you read the comment? + system.stateVersion = "25.11"; # Did you read the comment? } diff --git a/config/services/web/searx/default.nix b/config/services/web/searx/default.nix index 5998068..da4cf88 100644 --- a/config/services/web/searx/default.nix +++ b/config/services/web/searx/default.nix @@ -1,35 +1,40 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + ... +}: let cfg = { searx = config.services.searx; filtron = config.services.filtron; }; -in { - imports = [ ./searx ./filtron ./morty ]; +in +{ + imports = [ + ./searx + ./filtron + ]; - services.nginx.virtualHosts.searx = - lib.mkIf (cfg.searx.enable && cfg.filtron.enable) { - serverName = "searx.${config.networking.domain}"; - locations = { - "/" = { - proxyPass = "http://${cfg.filtron.listen.address}:${ - toString cfg.filtron.listen.port - }"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - # proxy_set_header X-Script-Name /; - ''; - }; - "/static/".alias = "${cfg.searx.package}/share/static/"; + services.nginx.virtualHosts.searx = lib.mkIf (cfg.searx.enable && cfg.filtron.enable) { + serverName = "searx.${config.networking.domain}"; + locations = { + "/" = { + proxyPass = "http://${cfg.filtron.listen.address}:${toString cfg.filtron.listen.port}"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + # proxy_set_header X-Script-Name /; + ''; }; - forceSSL = true; - enableACME = true; + "/static/".alias = "${cfg.searx.package}/share/static/"; }; + forceSSL = true; + enableACME = true; + }; systemd.services.uwsgi.personal.monitor = true; } diff --git a/config/services/web/searx/morty/default.nix b/config/services/web/searx/morty/default.nix deleted file mode 100644 index af48fda..0000000 --- a/config/services/web/searx/morty/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: - -let cfg = config.services.morty; -in { - services.nginx.virtualHosts.searx.locations = - lib.mkIf cfg.enable { - "/morty/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - ''; - }; - }; - - services.morty = { enable = false; }; -} diff --git a/config/services/web/searx/searx/default.nix b/config/services/web/searx/searx/default.nix index f109258..003e7dc 100644 --- a/config/services/web/searx/searx/default.nix +++ b/config/services/web/searx/searx/default.nix @@ -1,24 +1,26 @@ -{ config, lib, pkgs, ... }: +{ + config, + pkgs, + ... +}: let - cfg = { - morty = config.services.morty; - filtron = config.services.filtron; - }; -in { + cfg.filtron = config.services.filtron; +in +{ imports = [ ./engines.nix ]; services.searx = { enable = true; package = pkgs.searxng; - runInUwsgi = true; + configureUwsgi = true; uwsgiConfig = { cache2 = "name=searxcache,items=2000,blocks=2000,blocksize=4096,bitmap=1"; http = ":${toString cfg.filtron.target.port}"; }; - environmentFile = /etc/searx/secrets; + environmentFile = "/etc/searx/secrets"; settings = { use_default_settings = true; general = { @@ -29,7 +31,10 @@ in { search = { autocomplete = "wikipedia"; default_lang = "all"; - formats = [ "html" "json" ]; + formats = [ + "html" + "json" + ]; }; server = { secret_key = "@SECRET_KEY@"; @@ -37,10 +42,10 @@ in { http_protocol_version = "1.0"; method = "GET"; }; - ui = { theme_args = { oscar_style = "pointhi"; }; }; - result_proxy = lib.mkIf cfg.morty.enable { - url = "http://searx.${config.networking.domain}/morty"; - key = ''!!binary | "${cfg.morty.key}"''; + ui = { + theme_args = { + oscar_style = "pointhi"; + }; }; enabled_plugins = [ "Open Access DOI rewrite" @@ -270,11 +270,11 @@ "nur": "nur" }, "locked": { - "lastModified": 1763716547, - "narHash": "sha256-Gd9/8JGP8O6t0cZRv8dwPi0oYzbNUdG9WkpalseEo7c=", + "lastModified": 1764534782, + "narHash": "sha256-mk+5T/pgFqDrPyxdH2zhxZNKMdpyeuCTUMgrmK/nzcw=", "owner": "qaristote", "repo": "my-nixpkgs", - "rev": "c032f4c09c83feb933d520ccce80e70a1516ca35", + "rev": "e6d25dc678fa289ba488907e3cd49f2f8c330680", "type": "github" }, "original": { @@ -496,16 +496,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1764494334, + "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "d542db745310b6929708d9abea513f3ff19b1341", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -5,39 +5,47 @@ inputs.nixpkgs.follows = "/nixpkgs"; }; my-nixpkgs.url = "github:qaristote/my-nixpkgs"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; }; - outputs = { - nixpkgs, - my-nixpkgs, - personal-webpage, - ... - }: { - nixosConfigurations = let - system = "x86_64-linux"; - commonModules = [ - my-nixpkgs.nixosModules.personal - ({...}: { - nixpkgs.overlays = [ - (self: _: {personal = {inherit (personal-webpage.packages."${self.system}") webpage;};}) - # TODO the order shouldn't matter, yet this overlay doesn't work - # if it comes first - my-nixpkgs.overlays.personal + outputs = + { + nixpkgs, + my-nixpkgs, + personal-webpage, + ... + }: + { + nixosConfigurations = + let + system = "x86_64-linux"; + commonModules = [ + my-nixpkgs.nixosModules.personal + ( + { ... }: + { + nixpkgs.overlays = [ + (self: _: { personal = { inherit (personal-webpage.packages."${self.system}") webpage; }; }) + # TODO the order shouldn't matter, yet this overlay doesn't work + # if it comes first + my-nixpkgs.overlays.personal + ]; + } + ) ]; - }) - ]; - in { - hermes = nixpkgs.lib.nixosSystem { - inherit system; - modules = - commonModules - ++ [./config ./config/hardware]; - }; - hermes-test = nixpkgs.lib.nixosSystem { - inherit system; - modules = commonModules ++ [./tests/configuration.nix]; - }; + in + { + hermes = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules ++ [ + ./config + ./config/hardware + ]; + }; + hermes-test = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules ++ [ ./tests/configuration.nix ]; + }; + }; }; - }; } diff --git a/tests/configuration.nix b/tests/configuration.nix index 22c76c2..dc64463 100644 --- a/tests/configuration.nix +++ b/tests/configuration.nix @@ -23,7 +23,10 @@ in { imports = [ ../config ]; - boot.isContainer = true; + boot = { + isContainer = true; + isNspawnContainer = true; + }; networking = lib.mkForce { domain = "aristote.vm"; diff --git a/tests/run-tests.sh b/tests/run-tests.sh index 26843f2..6b9a84a 100755 --- a/tests/run-tests.sh +++ b/tests/run-tests.sh @@ -37,7 +37,7 @@ do then echo "Connection failed." else - echo "Up and running at $URL !" + echo "Up and running at $URL !" fi done echo Done. |