about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-07-29 18:47:35 +0900
committersefidel <contact@sefidel.net>2023-07-29 20:33:36 +0900
commitffa023acc799bdf1f95bea732e70746c32f7186c (patch)
treeb259d80e70e4f93a6f12f0b56f867da5c9d19fd5 /modules/services
parentd5b9b71056a79c2ca786dae417124c41e6c42a18 (diff)
downloadinfra-ffa023acc799bdf1f95bea732e70746c32f7186c.tar.gz
infra-ffa023acc799bdf1f95bea732e70746c32f7186c.zip
feat(modules/searx): init
Diffstat (limited to 'modules/services')
-rw-r--r--modules/services/cgit.nix1
-rw-r--r--modules/services/searx.nix50
2 files changed, 50 insertions, 1 deletions
diff --git a/modules/services/cgit.nix b/modules/services/cgit.nix
index 418312b..5394ef0 100644
--- a/modules/services/cgit.nix
+++ b/modules/services/cgit.nix
@@ -31,7 +31,6 @@ in
         vassals = {
           cgit = {
             type = "normal";
-            master = true;
             socket = "/run/uwsgi/cgit.sock";
             procname-master = "uwsgi cgit";
             plugins = [ "cgi" ];
diff --git a/modules/services/searx.nix b/modules/services/searx.nix
new file mode 100644
index 0000000..1436474
--- /dev/null
+++ b/modules/services/searx.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.searx;
+in
+{
+  options.modules.services.searx = {
+    enable = mkEnableOption "searx metasearch engine";
+    package = mkOption { type = types.package; default = pkgs.searxng; };
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; };
+    secrets.searx-env = mkOption { type = types.str; description = "path to the searx secret envfile"; };
+  };
+
+  config = mkIf cfg.enable {
+    services.searx = {
+      enable = true;
+      package = cfg.package;
+      environmentFile = cfg.secrets.searx-env;
+      runInUwsgi = true;
+      settings = {
+        use_default_settings = true;
+
+        general.instance_name = "exotic.sh search";
+        server.secret_key = "@SEARX_SECRET_KEY@";
+      };
+      uwsgiConfig = {
+        socket = "/run/searx/searx.sock";
+        chmod-socket = "660";
+        cache2 = "name=searx_cache,items=2000,blocks=2000,blocksize=4096,bitmap=1";
+        disable-logging = true; # public service
+      };
+    };
+
+    users.extraUsers.nginx.extraGroups = [ "searx" ];
+
+    services.nginx.virtualHosts.${cfg.realHost} = {
+      forceSSL = true;
+      useACMEHost = cfg.domain;
+      locations."/".extraConfig = ''
+        proxy_set_header Host $host;
+        access_log off; # public service
+        uwsgi_pass unix:/run/searx/searx.sock;
+        include ${pkgs.nginx}/conf/uwsgi_params;
+      '';
+      locations."/static/".alias = "${cfg.package}/share/static/";
+    };
+  };
+}