diff --git a/configs/home-manager/foo-dogsquared/modules/default.nix b/configs/home-manager/foo-dogsquared/modules/default.nix index 10f420be..d539f3be 100644 --- a/configs/home-manager/foo-dogsquared/modules/default.nix +++ b/configs/home-manager/foo-dogsquared/modules/default.nix @@ -16,6 +16,7 @@ ./programs/terminal-multiplexer.nix ./programs/terminal-emulator.nix ./programs/vs-code.nix + ./services/archivebox ./services/backup ./setups/business.nix diff --git a/configs/home-manager/foo-dogsquared/modules/services/archivebox/config/sonic/sonic.cfg b/configs/home-manager/foo-dogsquared/modules/services/archivebox/config/sonic/sonic.cfg new file mode 100644 index 00000000..362672ec --- /dev/null +++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/config/sonic/sonic.cfg @@ -0,0 +1,45 @@ +[server] +log_level = "warn" + +[channel] +inet = "0.0.0.0:1491" +tcp_timeout = 300 +auth_password = "${env.SEARCH_BACKEND_PASSWORD}" + +[channel.search] +query_limit_default = 65535 +query_limit_maximum = 65535 +query_alternates_try = 10 + +suggest_limit_default = 5 +suggest_limit_maximum = 20 + + +[store] +[store.kv] +path = "/var/lib/sonic/store/kv/" +retain_word_objects = 100000 + +[store.kv.pool] +inactive_after = 1800 + +[store.kv.database] +flush_after = 900 +compress = true +parallelism = 2 +max_files = 100 +max_compactions = 1 +max_flushes = 1 +write_buffer = 16384 +write_ahead_log = true + +[store.fst] +path = "/var/lib/sonic/store/fst/" + +[store.fst.pool] +inactive_after = 300 + +[store.fst.graph] +consolidate_after = 180 +max_size = 2048 +max_words = 250000 diff --git a/configs/home-manager/foo-dogsquared/modules/services/archivebox/default.nix b/configs/home-manager/foo-dogsquared/modules/services/archivebox/default.nix new file mode 100644 index 00000000..fc29c1ea --- /dev/null +++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/default.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, foodogsquaredLib, ... }: + +let + hostCfg = config.users.foo-dogsquared; + cfg = hostCfg.services.archivebox; + + inherit (config.home) homeDirectory; + port = config.state.ports.archivebox.value; +in +{ + options.users.foo-dogsquared.services.archivebox.enable = + lib.mkEnableOption "ArchiveBox web UI server (through Podman)"; + + config = lib.mkIf cfg.enable { + state.ports = { + archivebox.value = 8932; + sonic.value = 9141; + }; + + sops.secrets = foodogsquaredLib.sops.getSecrets ./secrets.yaml { + "archivebox/env" = { }; + "sonic/env" = { }; + }; + + services.podman.containers.archivebox-webui = { + image = "archivebox/archivebox:latest"; + description = "ArchiveBox web server"; + ports = [ "${port}:${port}" ]; + volumes = [ + "${config.xdg.userDirs.documents}/ArchiveBox:/data" + ]; + autoUpdate = "registry"; + exec = "archivebox server localhost:${port}"; + environmentFile = [ "${config.sops.secrets."archivebox/env".path}" ]; + environment = { + SEARCH_BACKEND_ENGINE = "sonic"; + SEARCH_BACKEND_HOST_NAME = "sonic"; + PUBLIC_SNAPSHOTS = false; + PUBLIC_INDEX = false; + PUBLIC_ADD_VIEW = false; + }; + }; + + services.podman.containers.archivebox-sonic-search = { + image = "archivebox/sonic:latest"; + description = "Sonic search instance for ArchiveBox"; + ports = let + port = config.state.ports.sonic.value; + in [ "${port}:${port}" ]; + environmentFile = [ "${config.sops.secrets."sonic/env".path}" ]; + volumes = [ + "${config.xdg.userDirs.documents}/ArchiveBox/Sonic:/var/lib/sonic/store" + "${./config/sonic/sonic.cfg}:/etc/sonic.cfg:ro" + ]; + }; + }; +} diff --git a/configs/home-manager/foo-dogsquared/modules/services/archivebox/secrets.yaml b/configs/home-manager/foo-dogsquared/modules/services/archivebox/secrets.yaml new file mode 100644 index 00000000..91a7f06d --- /dev/null +++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/secrets.yaml @@ -0,0 +1,24 @@ +archivebox: + env: ENC[AES256_GCM,data:eva/+sV5JKFgUpgzaEbtqvE55bzRvTTxRDwdowEdssDL6aKohPXLinXEvMzRNegyTVV3x20LGKwIfPUVniu4Bxdrw9DvRqc9+wIwxthquQmkQE0HyMJv5RfZ9nRc2qWU6abd5eWkwtGPC7eotxx+TpK9D416Yjoi1sa0SB0vaixGgu+551pHBm0kneo6n9wnzxtTmc+QXcjSi1Y2uDOaU/uE7DeH3RXmvmdLKLaiZ6MePzaQ5R1jzWTXXtx5iOMNYutTYgTH+y4zfRDnoyRdQfqIyhCDc52Dc58fPvIUl02nl+mGi/FGvyyx97xHAoQCNK0n,iv:HPS9EMLM4vie3FW1S7TCsnnF1HguO40ApSNAEUhwwEc=,tag:9/9f/iKMsmRnHgtVO+wdTw==,type:str] +sonic: + env: ENC[AES256_GCM,data:cZp4+ZxAvynxHIdFa5wjwHJt3HyKnm/fVmtU6twbjLt6hB1k63h2M8XqQiiZW0tnRBc9bMqidrLZbGSFaBEGbDcSRiqs,iv:MPOBl1wnEAWbOy6GqjR9j3X6Pfw+zy/uaN47P7z/vT4=,tag:+MWtE44FHj40AK0r3o85Kg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17he74we2sm7q7ufv6x26n83hs42v6gkj984m6kwf9xtjduyccqmqtpv37q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TUFUd1hLRERXOWxTMzNl + bzEwelEvUEVNM3lkMzVFaFo5TTJjUHRtbjNRClRLckFVZkxROUZ0S0NkVlhBRzFt + UnhkS2IrNUtYOGFsNVFkVE05Yy9EYjQKLS0tIER2cCtRb3cxUWJPekYwSytHK1I3 + blZoNlB3VHZnVWltQUxvbXU5SzJEdHcKKaWgYj4zNHQHRKN5dVQH6ihnAkdYo4Ww + ajRgm1Dd/CjpdiUzRQDWuSa+S6NhkEyuMsPE+InYmNQDFM4d+Avbfg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-05T12:50:39Z" + mac: ENC[AES256_GCM,data:kFkxmbD/qqdxVB5/f0Yrsa7Ewvt+yMEY63ZGxv94j1y2BfOmxbPjtlKLvgDS8Nf8tUziq9zf6JtcKeqTODxwigbbYJALmF+/EDbTntnovkyX7vSx8uMeYHKzLE93986C9huwOLuq6/483Um9w/qnGb5yaioteK5mktTK8FGr3Kw=,iv:Iq4arYKgZzEyZUbTHVpoMVGk9gF21vu9KDVUytO7/TM=,tag:Ov9bcwibw6VA/Rg82WguNw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/configs/home-manager/foo-dogsquared/modules/setups/research.nix b/configs/home-manager/foo-dogsquared/modules/setups/research.nix index 14f6f879..c866d547 100644 --- a/configs/home-manager/foo-dogsquared/modules/setups/research.nix +++ b/configs/home-manager/foo-dogsquared/modules/setups/research.nix @@ -12,9 +12,10 @@ in { state.ports.syncthing.value = 8384; + users.foo-dogsquared.services.archivebox.enable = true; + home.packages = with pkgs; [ anki # Rise, rinse, and repeat. - #archivebox # The ultimate archiving solution created by a pirate! curl # The general purpose downloader. fanficfare # It's for the badly written fanfics. gallery-dl # More potential for your image collection.