hosts/architect/backup.nix

@@ -15,7 +15,7 @@
         "--keep-yearly 3"
       ];
       timerConfig = {
-        OnCalendar = "monday 09:00";
+        OnCalendar = "monday 03:00";
         RandomizedDelaySec = "1h";
       };
     };

hosts/architect/ccache.nix

@@ -0,0 +1,6 @@
+{
+  programs.ccache.enable = true;
+  nix.extraOptions = ''
+    extra-sandbox-paths = /nix/var/cache/ccache
+  '';
+}

hosts/architect/default.nix

@@ -29,6 +29,7 @@ in
     ./prowlarr.nix
     ./libreddit.nix
     ./invidious.nix
+    ./nitter.nix
     ./lidarr.nix
     #    ./navidrome.nix
     ./jellyfin.nix
@@ -40,6 +41,7 @@ in
     ./lezzo.nix
     ./runas.nix
     ./tailscale.nix
+    ./searx.nix
   ];
 
   time.timeZone = "Europe/Rome";

hosts/architect/githubrunner.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  services.github-runner = {
+    enable = true;
+    url = "https://github.com/ropfuscator";
+    tokenFile = "/secrets/github-runner/token";
+    replace = true;
+  };
+
+  nix.extraOptions = ''
+    tarball-ttl = 0
+    access-tokens = github.com=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
+  '';
+}

hosts/architect/nitter.nix

@@ -0,0 +1,35 @@
+{ lib, pkgs, ... }:
+
+let
+  domain = "tweet.giugl.io";
+  network = import ./network.nix;
+in
+{
+  services = {
+    nitter = {
+      enable = true;
+      redisCreateLocally = false;
+      server = {
+        port = 9093;
+        hostname = domain;
+        staticDir = "${pkgs.unstablePkgs.nitter}/share/nitter/public";
+      };
+      preferences = {
+        replaceYouTube = "tube.giugl.io";
+        replaceTwitter = "tweet.giugl.io";
+      };
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = { proxyPass = "http://127.0.0.1:9093"; };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+    ${network.architect-ts} ${domain}
+  '';
+}

hosts/architect/overseerr.nix

@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  virtualisation.oci-containers.containers."overseerr" = {
+    image = "sctx/overseerr:latest";
+    volumes = [ "/var/lib/overseerr:/app/config" ];
+    environment = {
+      "LOG_LEVEL" = "debug";
+      "TZ" = "Europe/Rome";
+    };
+    #ports = [ "5055:5055" ];
+  };
+}

hosts/architect/searx.nix

@@ -0,0 +1,65 @@
+{ mach-nix, lib, config, pkgs, ... }:
+
+let
+  domain = "gugol.giugl.io";
+  network = import ./network.nix;
+in
+{
+  services = {
+    redis.servers."searx" = { enable = true; port = 4456; };
+    searx = {
+      enable = true;
+      package = pkgs.searxng;
+      #            package = mach-nix.buildPythonPackage "https://github.com/searxng/searxng/commit/2cf1425e8bc5d3143b6e001e82a034a794e8a206https://github.com/searxng/searxng/commit/2cf1425e8bc5d3143b6e001e82a034a794e8a206";
+
+      environmentFile = /secrets/searx/env;
+      settings = {
+        server = {
+          secret_key = "@SEARX_SECRET_KEY@";
+          port = 4455;
+        };
+
+        general = {
+          instance_name = "Pepe's Gugol";
+          contact_url = "mailto:gugol@depasquale.giugl.io";
+          enable_metrics = false;
+        };
+
+        search = {
+          safe_search = 0;
+          autocomplete = "duckduckgo";
+          prefer_configured_language = false;
+        };
+
+        ui = {
+          infinite_scroll = true;
+        };
+
+        redis.url = "127.0.0.1:${toString config.services.redis.servers."searx".port}";
+
+        engines = [
+          { name = "google"; disabled = false; }
+          { name = "bing"; disabled = false; }
+          { name = "qwant"; disabled = false; }
+          { name = "duckduckgo"; disabled = false; }
+          { name = "yahoo"; disabled = false; }
+        ];
+      };
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+    ${network.architect-ts} ${domain}
+  '';
+}

hosts/architect/transmission.nix

@@ -0,0 +1,45 @@
+{ lib, config, ... }:
+
+let
+  domain = "httra.giugl.io";
+  network = import ./network.nix;
+in
+{
+  services = {
+    transmission = {
+      enable = true;
+      group = "media";
+      settings = {
+        download-dir = "/media/transmission";
+        incomplete-dir = "/media/transmission/.incomplete";
+        rpc-host-whitelist = "${domain}";
+        encryption = 2;
+        speed-limit-up = 10;
+        speed-limit-up-enabled = true;
+        peer-port = 51413;
+      };
+      performanceNetParameters = true;
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:9091";
+        extraConfig = ''
+          allow 10.0.0.0/24;
+          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices}
+          deny all;
+        '';
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+    ${network.architect-ts} ${domain}
+  '';
+
+  users.groups.media.members = [ "transmission" ];
+}