users/foo-dogsquared/services/archivebox: init as Podman quadlet

2025-02-07 06:19:00 +00:00 · 2024-12-05 20:54:22 +08:00 · 2024-12-05 20:54:22 +08:00 · 29ff34ef88
commit 29ff34ef88
parent b05e18cf0c
5 changed files with 129 additions and 1 deletions
--- a/configs/home-manager/foo-dogsquared/modules/default.nix
+++ b/configs/home-manager/foo-dogsquared/modules/default.nix
@ -16,6 +16,7 @@
    ./programs/terminal-multiplexer.nix
    ./programs/terminal-emulator.nix
    ./programs/vs-code.nix
+    ./services/archivebox
    ./services/backup

    ./setups/business.nix
--- a/configs/home-manager/foo-dogsquared/modules/services/archivebox/config/sonic/sonic.cfg
+++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/config/sonic/sonic.cfg
@ -0,0 +1,45 @@
+[server]
+log_level = "warn"
+
+[channel]
+inet = "0.0.0.0:1491"
+tcp_timeout = 300
+auth_password = "${env.SEARCH_BACKEND_PASSWORD}"
+
+[channel.search]
+query_limit_default = 65535
+query_limit_maximum = 65535
+query_alternates_try = 10
+
+suggest_limit_default = 5
+suggest_limit_maximum = 20
+
+
+[store]
+[store.kv]
+path = "/var/lib/sonic/store/kv/"
+retain_word_objects = 100000
+
+[store.kv.pool]
+inactive_after = 1800
+
+[store.kv.database]
+flush_after = 900
+compress = true
+parallelism = 2
+max_files = 100
+max_compactions = 1
+max_flushes = 1
+write_buffer = 16384
+write_ahead_log = true
+
+[store.fst]
+path = "/var/lib/sonic/store/fst/"
+
+[store.fst.pool]
+inactive_after = 300
+
+[store.fst.graph]
+consolidate_after = 180
+max_size = 2048
+max_words = 250000
--- a/configs/home-manager/foo-dogsquared/modules/services/archivebox/default.nix
+++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/default.nix
@ -0,0 +1,57 @@
+{ config, lib, pkgs, foodogsquaredLib, ... }:
+
+let
+  hostCfg = config.users.foo-dogsquared;
+  cfg = hostCfg.services.archivebox;
+
+  inherit (config.home) homeDirectory;
+  port = config.state.ports.archivebox.value;
+in
+{
+  options.users.foo-dogsquared.services.archivebox.enable =
+    lib.mkEnableOption "ArchiveBox web UI server (through Podman)";
+
+  config = lib.mkIf cfg.enable {
+    state.ports = {
+      archivebox.value = 8932;
+      sonic.value = 9141;
+    };
+
+    sops.secrets = foodogsquaredLib.sops.getSecrets ./secrets.yaml {
+      "archivebox/env" = { };
+      "sonic/env" = { };
+    };
+
+    services.podman.containers.archivebox-webui = {
+      image = "archivebox/archivebox:latest";
+      description = "ArchiveBox web server";
+      ports = [ "${port}:${port}" ];
+      volumes = [
+        "${config.xdg.userDirs.documents}/ArchiveBox:/data"
+      ];
+      autoUpdate = "registry";
+      exec = "archivebox server localhost:${port}";
+      environmentFile = [ "${config.sops.secrets."archivebox/env".path}" ];
+      environment = {
+        SEARCH_BACKEND_ENGINE = "sonic";
+        SEARCH_BACKEND_HOST_NAME = "sonic";
+        PUBLIC_SNAPSHOTS = false;
+        PUBLIC_INDEX = false;
+        PUBLIC_ADD_VIEW = false;
+      };
+    };
+
+    services.podman.containers.archivebox-sonic-search = {
+      image = "archivebox/sonic:latest";
+      description = "Sonic search instance for ArchiveBox";
+      ports = let
+        port = config.state.ports.sonic.value;
+      in [ "${port}:${port}" ];
+      environmentFile = [ "${config.sops.secrets."sonic/env".path}" ];
+      volumes = [
+        "${config.xdg.userDirs.documents}/ArchiveBox/Sonic:/var/lib/sonic/store"
+        "${./config/sonic/sonic.cfg}:/etc/sonic.cfg:ro"
+      ];
+    };
+  };
+}
--- a/configs/home-manager/foo-dogsquared/modules/services/archivebox/secrets.yaml
+++ b/configs/home-manager/foo-dogsquared/modules/services/archivebox/secrets.yaml
@ -0,0 +1,24 @@
+archivebox:
+    env: ENC[AES256_GCM,data:eva/+sV5JKFgUpgzaEbtqvE55bzRvTTxRDwdowEdssDL6aKohPXLinXEvMzRNegyTVV3x20LGKwIfPUVniu4Bxdrw9DvRqc9+wIwxthquQmkQE0HyMJv5RfZ9nRc2qWU6abd5eWkwtGPC7eotxx+TpK9D416Yjoi1sa0SB0vaixGgu+551pHBm0kneo6n9wnzxtTmc+QXcjSi1Y2uDOaU/uE7DeH3RXmvmdLKLaiZ6MePzaQ5R1jzWTXXtx5iOMNYutTYgTH+y4zfRDnoyRdQfqIyhCDc52Dc58fPvIUl02nl+mGi/FGvyyx97xHAoQCNK0n,iv:HPS9EMLM4vie3FW1S7TCsnnF1HguO40ApSNAEUhwwEc=,tag:9/9f/iKMsmRnHgtVO+wdTw==,type:str]
+sonic:
+    env: ENC[AES256_GCM,data:cZp4+ZxAvynxHIdFa5wjwHJt3HyKnm/fVmtU6twbjLt6hB1k63h2M8XqQiiZW0tnRBc9bMqidrLZbGSFaBEGbDcSRiqs,iv:MPOBl1wnEAWbOy6GqjR9j3X6Pfw+zy/uaN47P7z/vT4=,tag:+MWtE44FHj40AK0r3o85Kg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17he74we2sm7q7ufv6x26n83hs42v6gkj984m6kwf9xtjduyccqmqtpv37q
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TUFUd1hLRERXOWxTMzNl
+            bzEwelEvUEVNM3lkMzVFaFo5TTJjUHRtbjNRClRLckFVZkxROUZ0S0NkVlhBRzFt
+            UnhkS2IrNUtYOGFsNVFkVE05Yy9EYjQKLS0tIER2cCtRb3cxUWJPekYwSytHK1I3
+            blZoNlB3VHZnVWltQUxvbXU5SzJEdHcKKaWgYj4zNHQHRKN5dVQH6ihnAkdYo4Ww
+            ajRgm1Dd/CjpdiUzRQDWuSa+S6NhkEyuMsPE+InYmNQDFM4d+Avbfg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-05T12:50:39Z"
+    mac: ENC[AES256_GCM,data:kFkxmbD/qqdxVB5/f0Yrsa7Ewvt+yMEY63ZGxv94j1y2BfOmxbPjtlKLvgDS8Nf8tUziq9zf6JtcKeqTODxwigbbYJALmF+/EDbTntnovkyX7vSx8uMeYHKzLE93986C9huwOLuq6/483Um9w/qnGb5yaioteK5mktTK8FGr3Kw=,iv:Iq4arYKgZzEyZUbTHVpoMVGk9gF21vu9KDVUytO7/TM=,tag:Ov9bcwibw6VA/Rg82WguNw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/configs/home-manager/foo-dogsquared/modules/setups/research.nix
+++ b/configs/home-manager/foo-dogsquared/modules/setups/research.nix
@ -12,9 +12,10 @@ in
    {
      state.ports.syncthing.value = 8384;

+      users.foo-dogsquared.services.archivebox.enable = true;
+
      home.packages = with pkgs; [
        anki # Rise, rinse, and repeat.
-        #archivebox # The ultimate archiving solution created by a pirate!
        curl # The general purpose downloader.
        fanficfare # It's for the badly written fanfics.
        gallery-dl # More potential for your image collection.