From 749e60ae53ed472be89b40c085cf377c1f2cd529 Mon Sep 17 00:00:00 2001
From: Philipp <philipp@boehm.sh>
Date: Fri, 23 May 2025 16:31:44 +0200
Subject: [PATCH 1/3] add(searxng): configure searxng, with redlib
 implementation

fuck you reddit
---
 .sops.yaml                                 |  4 ++
 modules/nixos/services/searxng/default.nix | 55 ++++++++++++++++++++++
 secrets/blarm-searxng.env                  |  7 +++
 systems/x86_64-linux/blarm/default.nix     |  1 +
 4 files changed, 67 insertions(+)
 create mode 100644 modules/nixos/services/searxng/default.nix
 create mode 100644 secrets/blarm-searxng.env

diff --git a/.sops.yaml b/.sops.yaml
index f04d450..5de3f5d 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -17,3 +17,7 @@ creation_rules:
     key_groups:
       - age:
         - *primary
+  - path_regex: secrets/blarm-searxng.env
+    key_groups:
+      - age:
+        - *primary
diff --git a/modules/nixos/services/searxng/default.nix b/modules/nixos/services/searxng/default.nix
new file mode 100644
index 0000000..9dd3011
--- /dev/null
+++ b/modules/nixos/services/searxng/default.nix
@@ -0,0 +1,55 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.searxng;
+in
+{
+  options.${namespace}.services.searxng = with types; {
+    enable = mkBoolOpt false "SearXNG";
+    redlib = mkBoolOpt true "Whether or not to enable redlib.";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 1340 ];
+
+    services.searx = {
+      enable = true;
+      environmentFile = "/run/secrets/searxng";
+      settings.server = {
+        port = "1340";
+        bind_address = "0.0.0.0";
+        use_default_settings = true;
+        secret_key = "@secret_key@";
+      };
+    };
+
+    services.redlib = mkIf cfg.redlib {
+      enable = true;
+      address = "0.0.0.0";
+      port = 1341;
+      openFirewall = true;
+    };
+
+    services.searx.settings.searx = mkIf cfg.redlib {
+      plugins.hostnames.SXNGPlugin.active = true;
+    };
+
+    services.searx.settings.hostnames.replace = mkIf cfg.redlib {
+      "(.*\.)?reddit\.com$" = "reddit.monapona.dev";
+      "(.*\.)?redd\.it$" = "reddit.monapona.dev";
+    };
+
+    sops.secrets.searxng = {
+      format = "dotenv";
+      sopsFile = ../../../../secrets/blarm-searxng.env;
+    };
+
+  };
+
+}
diff --git a/secrets/blarm-searxng.env b/secrets/blarm-searxng.env
new file mode 100644
index 0000000..010cb58
--- /dev/null
+++ b/secrets/blarm-searxng.env
@@ -0,0 +1,7 @@
+secret_key=ENC[AES256_GCM,data:mKnJFcFhIQZ3pmbUP96XRaaYxYgEfqNqmUZU9OZpgEOvBvsoZeeZaEDVefMXWUHkSAwUwo2LRUVCe8ih18ogyg==,iv:x9RfQGcJRycVWbNVrSLy2FVPYvnym5BjZkLnq0CS/oI=,tag:lSQTYPu+gBfEVUX75TnuPA==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTkNDaEZCSEFPN3F6ZDAv\nRis1TlVpQ1BJUXdzZWU1WjU4MUlPYXpxL0hZCjlGTFRGQWpzMVBvV0tYUm4vaXJU\nSHdUVFhoWXpXcXZsRGhVOWF1L1ZGUHcKLS0tIEFnR0xiYktBNWx2OWx6Wlh3SkdC\ncXRUdzBhZmVzMXNHMC9zYXlGZGw3d0UKFIZwVmwkkzF+vCi1jPChFu1JZng+nTEb\nh7vNYyt+leo71isYfTz+zw06sCJxy5Tw0xsiWqLmlr6W4HEvCN9fjA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
+sops_lastmodified=2025-05-23T14:23:44Z
+sops_mac=ENC[AES256_GCM,data:pskgxqrL75uSgb2WEYheBsOMBtSDhkD6iwoqIMnp1Qv3w4rlkFwS1ixsCnPuROE4KK+rYQgIghN4jCdfrRMwaEC3mWM0jqi3IDM3FBgTUSdPjeI4m6EEY2LJa2RbQa5BqLSUl0XcjwHC6IpMiaThXtVcCHDmR5UE1h3I6RHexFU=,iv:jKT1YQ+nbLoQIyp+tVbPSWNJGYqSQHGRLHulNgT04Hc=,tag:bnCAZ4sxFOSdbX6gBLTk8A==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2
diff --git a/systems/x86_64-linux/blarm/default.nix b/systems/x86_64-linux/blarm/default.nix
index 62c6e56..3c35668 100644
--- a/systems/x86_64-linux/blarm/default.nix
+++ b/systems/x86_64-linux/blarm/default.nix
@@ -58,6 +58,7 @@ with lib.${namespace};
       restic = enabled;
       linkwarden = enabled;
       forgejo = enabled;
+      searxng = enabled;
     };
 
     #container.invidious = enabled;

From 8835d9f86983c24db67d425c2d669e5aa725218f Mon Sep 17 00:00:00 2001
From: Philipp <philipp@boehm.sh>
Date: Fri, 23 May 2025 16:32:17 +0200
Subject: [PATCH 2/3] add(eza): add aliasses for eza

---
 modules/home/cli-apps/fish/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/home/cli-apps/fish/default.nix b/modules/home/cli-apps/fish/default.nix
index 4ba9198..c91e43d 100644
--- a/modules/home/cli-apps/fish/default.nix
+++ b/modules/home/cli-apps/fish/default.nix
@@ -22,6 +22,8 @@ in
         nix-dns = "nixos-rebuild switch --flake .#dns --target-host dns-1 --use-remote-sudo && nixos-rebuild switch --flake .#dns --target-host dns-2 --use-remote-sudo";
         nix-blarm = "nixos-rebuild switch --flake .#blarm --target-host blarm --use-remote-sudo";
         cd = "z";
+        ls = "exa";
+        l = "exa --icons";
       };
       plugins = [
         {
@@ -47,6 +49,11 @@ in
       enable = true;
       enableFishIntegration = true;
     };
+
+    programs.eza = {
+      enable = true;
+      enableFishIntegration = true;
+    };
   };
 
 }

From 3203380b819c0fdabf7fabb5a899dddf93430da3 Mon Sep 17 00:00:00 2001
From: Philipp <philipp@boehm.sh>
Date: Fri, 23 May 2025 16:32:56 +0200
Subject: [PATCH 3/3] add(bodenheizung): enable ssh

---
 systems/x86_64-linux/bodenheizung/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/bodenheizung/default.nix b/systems/x86_64-linux/bodenheizung/default.nix
index f20d01f..7c7261e 100644
--- a/systems/x86_64-linux/bodenheizung/default.nix
+++ b/systems/x86_64-linux/bodenheizung/default.nix
@@ -38,7 +38,6 @@ with lib.${namespace};
     description = "Philipp Böhm";
     extraGroups = [
       "wheel"
-      "caddy"
       "audio"
     ];
   };
@@ -68,6 +67,7 @@ with lib.${namespace};
 
     services = {
       btrfs = enabled;
+      ssh = enabled;
     };
 
     system = {