Commit 22f3bae714a0

Vincent Demeester <vincent@sbr.pm>
2026-06-03 06:32:43
chore: remove unused services from sakhalin/carthage
Removed SearXNG, microsocks proxies, n8n, and disabled paperless configs that were no longer in use.
main
1 parent e35757a
Changed files (2)
systems
carthage
extra.nix
sakhalin
extra.nix
systems/carthage/extra.nix
@@ -554,15 +554,6 @@ in
     peers = libx.generateWireguardPeers globals.machines;
   };
 
-  # SOCKS5 proxy for SearXNG outgoing requests (VPN-only)
-  # Allows searx on sakhalin to route queries through carthage's IP
-  # for round-robin proxy rotation to avoid search engine rate limiting
-  services.microsocks = {
-    enable = true;
-    ip = builtins.head globals.machines.carthage.net.vpn.ips;
-    port = 1080;
-  };
-
   services.gosmee = {
     enable = true;
     public-url = "https://webhook.sbr.pm";
systems/sakhalin/extra.nix
@@ -131,26 +131,6 @@ in
       host = "0.0.0.0";
       openRegistration = false;
     };
-
-    n8n = {
-      enable = true;
-      openFirewall = true;
-      # webhookUrl = "";
-    };
-    paperless = {
-      enable = false; # Migrated to aion
-      address = "0.0.0.0"; # Listen on all interfaces for access via LAN and VPN
-      port = 8000;
-      dataDir = "/mnt/gaia/paperless/data";
-      mediaDir = "/mnt/gaia/paperless/media";
-      consumptionDir = "/mnt/gaia/paperless/consume";
-      settings = {
-        PAPERLESS_URL = "https://paperless.sbr.pm";
-        PAPERLESS_EMPTY_TRASH_DIR = "/mnt/gaia/paperless/trash";
-        PAPERLESS_FILENAME_FORMAT = "{{ created_year }}/{{ document_type }}/{{ created }} - {{ title }} ({{ doc_pk }})";
-        PAPERLESS_FILENAME_FORMAT_REMOVE_NONE = "true";
-      };
-    };
     # PostgreSQL backups
     postgresqlBackup = {
       enable = true;
@@ -347,141 +327,6 @@ in
       };
     };
 
-    # Local SOCKS5 proxy for SearXNG round-robin (exits through sakhalin's IP)
-    # Paired with carthage's proxy for 50/50 request distribution
-    microsocks = {
-      enable = true;
-      ip = "127.0.0.1";
-      port = 1080;
-    };
-
-    # SearXNG metasearch engine (migrated from aomi)
-    # Private instance, API-focused for Pi agent
-    searx = {
-      enable = true;
-      environmentFile = config.age.secrets."searxng-secret-key".path;
-      settings = {
-        use_default_settings = {
-          engines.remove = [
-            "ahmia"
-            "torch"
-            "startpage"
-          ];
-        };
-        server = {
-          port = 8090;
-          bind_address = "0.0.0.0";
-          secret_key = "$SEARXNG_SECRET_KEY";
-          limiter = false; # Private instance, no rate limiting needed
-          image_proxy = false;
-        };
-        # Route outgoing requests through multiple proxies (round-robin)
-        # to avoid search engine rate limiting / CAPTCHAs
-        outgoing = {
-          request_timeout = 6;
-          retries = 1;
-          proxies = {
-            "all://" = [
-              # sakhalin (local) — exits through sakhalin's IP
-              "socks5h://127.0.0.1:1080"
-              # carthage (Hetzner VPS) — exits through carthage's IP
-              "socks5h://${builtins.head globals.machines.carthage.net.vpn.ips}:1080"
-            ];
-          };
-          extra_proxy_timeout = 10;
-        };
-        search = {
-          safe_search = 0;
-          autocomplete = "";
-          default_lang = "en";
-          formats = [
-            "html"
-            "json"
-          ];
-          # Lower CAPTCHA suspend times so engines recover faster
-          # after proxy rotation provides a fresh IP
-          suspended_times = {
-            SearxEngineCaptcha = 600; # 10min instead of 24h
-            SearxEngineTooManyRequests = 600; # 10min instead of 1h
-            SearxEngineAccessDenied = 1800; # 30min instead of 24h
-          };
-        };
-        # Curated engines for quality results
-        engines = [
-          {
-            name = "duckduckgo";
-            engine = "duckduckgo";
-            shortcut = "ddg";
-            disabled = false;
-          }
-          {
-            name = "google";
-            engine = "google";
-            shortcut = "g";
-            disabled = false;
-          }
-          {
-            name = "brave";
-            engine = "brave";
-            shortcut = "br";
-            disabled = false;
-          }
-          {
-            name = "bing";
-            engine = "bing";
-            shortcut = "bi";
-            disabled = false;
-          }
-          {
-            name = "qwant";
-            engine = "qwant";
-            shortcut = "qw";
-            disabled = false;
-            qwant_categ = "web";
-          }
-          {
-            name = "mojeek";
-            engine = "mojeek";
-            shortcut = "mjk";
-            disabled = false;
-          }
-          {
-            name = "wikipedia";
-            engine = "wikipedia";
-            shortcut = "wp";
-            disabled = false;
-          }
-          {
-            name = "github";
-            engine = "github";
-            shortcut = "gh";
-            disabled = false;
-          }
-          {
-            name = "stackoverflow";
-            engine = "stackexchange";
-            shortcut = "so";
-            disabled = false;
-            categories = "it";
-          }
-          {
-            name = "arch wiki";
-            engine = "archlinux";
-            shortcut = "aw";
-            disabled = false;
-          }
-          {
-            name = "nixos wiki";
-            engine = "mediawiki";
-            shortcut = "nw";
-            disabled = false;
-            base_url = "https://wiki.nixos.org/";
-            search_type = "text";
-          }
-        ];
-      };
-    };
-
     tarsnap = {
       enable = true;
       archives = {