Cleanup services

common/server/default.nix

@@ -16,5 +16,7 @@
     ./owncast.nix
     ./mailserver.nix
     ./nextcloud.nix
+    ./iodine.nix
+    ./searx.nix
   ];
 }

common/server/iodine.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.iodine.server;
+in {
+  config = lib.mkIf cfg.enable {
+    # iodine DNS-based vpn
+    services.iodine.server = {
+      ip = "192.168.99.1";
+      domain = "tun.neet.dev";
+      passwordFile = "/run/agenix/iodine";
+    };
+    age.secrets.iodine.file = ../../secrets/iodine.age;
+    networking.firewall.allowedUDPPorts = [ 53 ];
+
+    networking.nat.internalInterfaces = [
+      "dns0" # iodine
+    ];
+  };
+}

common/server/searx.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.searx;
+in {
+  config = lib.mkIf cfg.enable {
+    services.searx = {
+      environmentFile = "/run/agenix/searx";
+      settings = {
+        server.port = 43254;
+        server.secret_key = "@SEARX_SECRET_KEY@";
+        engines = [ {
+          name = "wolframalpha";
+          shortcut = "wa";
+          api_key = "@WOLFRAM_API_KEY@";
+          engine = "wolframalpha_api";
+        } ];
+      };
+    };
+    services.nginx.virtualHosts."search.neet.space" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}";
+      };
+    };
+    age.secrets.searx.file = ../../secrets/searx.age;
+  };
+}