diff options
| -rw-r--r-- | modules/services/cgit.nix | 1 | ||||
| -rw-r--r-- | modules/services/searx.nix | 50 |
2 files changed, 50 insertions, 1 deletions
diff --git a/modules/services/cgit.nix b/modules/services/cgit.nix index 418312b..5394ef0 100644 --- a/modules/services/cgit.nix +++ b/modules/services/cgit.nix @@ -31,7 +31,6 @@ in vassals = { cgit = { type = "normal"; - master = true; socket = "/run/uwsgi/cgit.sock"; procname-master = "uwsgi cgit"; plugins = [ "cgi" ]; diff --git a/modules/services/searx.nix b/modules/services/searx.nix new file mode 100644 index 0000000..1436474 --- /dev/null +++ b/modules/services/searx.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.services.searx; +in +{ + options.modules.services.searx = { + enable = mkEnableOption "searx metasearch engine"; + package = mkOption { type = types.package; default = pkgs.searxng; }; + domain = mkOption { type = types.str; }; + realHost = mkOption { type = types.str; }; + secrets.searx-env = mkOption { type = types.str; description = "path to the searx secret envfile"; }; + }; + + config = mkIf cfg.enable { + services.searx = { + enable = true; + package = cfg.package; + environmentFile = cfg.secrets.searx-env; + runInUwsgi = true; + settings = { + use_default_settings = true; + + general.instance_name = "exotic.sh search"; + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + cache2 = "name=searx_cache,items=2000,blocks=2000,blocksize=4096,bitmap=1"; + disable-logging = true; # public service + }; + }; + + users.extraUsers.nginx.extraGroups = [ "searx" ]; + + services.nginx.virtualHosts.${cfg.realHost} = { + forceSSL = true; + useACMEHost = cfg.domain; + locations."/".extraConfig = '' + proxy_set_header Host $host; + access_log off; # public service + uwsgi_pass unix:/run/searx/searx.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + locations."/static/".alias = "${cfg.package}/share/static/"; + }; + }; +} |