add(bodenheizung): enable ssh

fuck you reddit

.sops.yaml

@@ -17,3 +17,7 @@ creation_rules:
     key_groups:
       - age:
         - *primary
+  - path_regex: secrets/blarm-searxng.env
+    key_groups:
+      - age:
+        - *primary

modules/home/cli-apps/fish/default.nix

@@ -22,6 +22,8 @@ in
         nix-dns = "nixos-rebuild switch --flake .#dns --target-host dns-1 --use-remote-sudo && nixos-rebuild switch --flake .#dns --target-host dns-2 --use-remote-sudo";
         nix-blarm = "nixos-rebuild switch --flake .#blarm --target-host blarm --use-remote-sudo";
         cd = "z";
+        ls = "exa";
+        l = "exa --icons";
       };
       plugins = [
         {
@@ -47,6 +49,11 @@ in
       enable = true;
       enableFishIntegration = true;
     };
+
+    programs.eza = {
+      enable = true;
+      enableFishIntegration = true;
+    };
   };
 
 }

modules/nixos/services/searxng/default.nix

@@ -0,0 +1,55 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.searxng;
+in
+{
+  options.${namespace}.services.searxng = with types; {
+    enable = mkBoolOpt false "SearXNG";
+    redlib = mkBoolOpt true "Whether or not to enable redlib.";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 1340 ];
+
+    services.searx = {
+      enable = true;
+      environmentFile = "/run/secrets/searxng";
+      settings.server = {
+        port = "1340";
+        bind_address = "0.0.0.0";
+        use_default_settings = true;
+        secret_key = "@secret_key@";
+      };
+    };
+
+    services.redlib = mkIf cfg.redlib {
+      enable = true;
+      address = "0.0.0.0";
+      port = 1341;
+      openFirewall = true;
+    };
+
+    services.searx.settings.searx = mkIf cfg.redlib {
+      plugins.hostnames.SXNGPlugin.active = true;
+    };
+
+    services.searx.settings.hostnames.replace = mkIf cfg.redlib {
+      "(.*\.)?reddit\.com$" = "reddit.monapona.dev";
+      "(.*\.)?redd\.it$" = "reddit.monapona.dev";
+    };
+
+    sops.secrets.searxng = {
+      format = "dotenv";
+      sopsFile = ../../../../secrets/blarm-searxng.env;
+    };
+
+  };
+
+}

secrets/blarm-searxng.env

@@ -0,0 +1,7 @@
+secret_key=ENC[AES256_GCM,data:mKnJFcFhIQZ3pmbUP96XRaaYxYgEfqNqmUZU9OZpgEOvBvsoZeeZaEDVefMXWUHkSAwUwo2LRUVCe8ih18ogyg==,iv:x9RfQGcJRycVWbNVrSLy2FVPYvnym5BjZkLnq0CS/oI=,tag:lSQTYPu+gBfEVUX75TnuPA==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTkNDaEZCSEFPN3F6ZDAv\nRis1TlVpQ1BJUXdzZWU1WjU4MUlPYXpxL0hZCjlGTFRGQWpzMVBvV0tYUm4vaXJU\nSHdUVFhoWXpXcXZsRGhVOWF1L1ZGUHcKLS0tIEFnR0xiYktBNWx2OWx6Wlh3SkdC\ncXRUdzBhZmVzMXNHMC9zYXlGZGw3d0UKFIZwVmwkkzF+vCi1jPChFu1JZng+nTEb\nh7vNYyt+leo71isYfTz+zw06sCJxy5Tw0xsiWqLmlr6W4HEvCN9fjA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
+sops_lastmodified=2025-05-23T14:23:44Z
+sops_mac=ENC[AES256_GCM,data:pskgxqrL75uSgb2WEYheBsOMBtSDhkD6iwoqIMnp1Qv3w4rlkFwS1ixsCnPuROE4KK+rYQgIghN4jCdfrRMwaEC3mWM0jqi3IDM3FBgTUSdPjeI4m6EEY2LJa2RbQa5BqLSUl0XcjwHC6IpMiaThXtVcCHDmR5UE1h3I6RHexFU=,iv:jKT1YQ+nbLoQIyp+tVbPSWNJGYqSQHGRLHulNgT04Hc=,tag:bnCAZ4sxFOSdbX6gBLTk8A==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2

systems/x86_64-linux/blarm/default.nix

@@ -58,6 +58,7 @@ with lib.${namespace};
       restic = enabled;
       linkwarden = enabled;
       forgejo = enabled;
+      searxng = enabled;
     };
 
     #container.invidious = enabled;

systems/x86_64-linux/bodenheizung/default.nix

@@ -38,7 +38,6 @@ with lib.${namespace};
     description = "Philipp Böhm";
     extraGroups = [
       "wheel"
-      "caddy"
       "audio"
     ];
   };
@@ -68,6 +67,7 @@ with lib.${namespace};
 
     services = {
       btrfs = enabled;
+      ssh = enabled;
     };
 
     system = {