From 8e9b074467006c76768efe04cf1fb1ef9d652c67 Mon Sep 17 00:00:00 2001 From: sefidel Date: Wed, 24 Jan 2024 13:29:27 +0900 Subject: initial commit --- modules/services/searx.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 modules/services/searx.nix (limited to 'modules/services/searx.nix') diff --git a/modules/services/searx.nix b/modules/services/searx.nix new file mode 100644 index 0000000..98f27d9 --- /dev/null +++ b/modules/services/searx.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.services.searx; +in +{ + options.modules.services.searx = { + enable = mkEnableOption "searx metasearch engine"; + package = mkOption { type = types.package; default = pkgs.searxng; }; + domain = mkOption { type = types.str; }; + realHost = mkOption { type = types.str; }; + secrets.searx-env = mkOption { type = types.path; description = "path to the searx secret envfile"; }; + }; + + config = mkIf cfg.enable { + services.searx = { + enable = true; + package = cfg.package; + environmentFile = cfg.secrets.searx-env; + runInUwsgi = true; + settings = { + use_default_settings = true; + + general.instance_name = "exotic.sh search"; + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + cache2 = "name=searx_cache,items=2000,blocks=2000,blocksize=4096,bitmap=1"; + disable-logging = true; # public service + }; + }; + + users.extraUsers.nginx.extraGroups = [ "searx" ]; + + services.nginx.virtualHosts.${cfg.realHost} = { + forceSSL = true; + useACMEHost = cfg.domain; + locations."/".extraConfig = '' + proxy_set_header Host $host; + access_log off; # public service + uwsgi_pass unix:/run/searx/searx.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + locations."/static/".alias = "${cfg.package}/share/static/"; + }; + }; +} -- cgit 1.4.1