From ffa023acc799bdf1f95bea732e70746c32f7186c Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Sat, 29 Jul 2023 18:47:35 +0900
Subject: feat(modules/searx): init

---
 modules/services/cgit.nix  |  1 -
 modules/services/searx.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 modules/services/searx.nix

(limited to 'modules')

diff --git a/modules/services/cgit.nix b/modules/services/cgit.nix
index 418312b..5394ef0 100644
--- a/modules/services/cgit.nix
+++ b/modules/services/cgit.nix
@@ -31,7 +31,6 @@ in
         vassals = {
           cgit = {
             type = "normal";
-            master = true;
             socket = "/run/uwsgi/cgit.sock";
             procname-master = "uwsgi cgit";
             plugins = [ "cgi" ];
diff --git a/modules/services/searx.nix b/modules/services/searx.nix
new file mode 100644
index 0000000..1436474
--- /dev/null
+++ b/modules/services/searx.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.searx;
+in
+{
+  options.modules.services.searx = {
+    enable = mkEnableOption "searx metasearch engine";
+    package = mkOption { type = types.package; default = pkgs.searxng; };
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; };
+    secrets.searx-env = mkOption { type = types.str; description = "path to the searx secret envfile"; };
+  };
+
+  config = mkIf cfg.enable {
+    services.searx = {
+      enable = true;
+      package = cfg.package;
+      environmentFile = cfg.secrets.searx-env;
+      runInUwsgi = true;
+      settings = {
+        use_default_settings = true;
+
+        general.instance_name = "exotic.sh search";
+        server.secret_key = "@SEARX_SECRET_KEY@";
+      };
+      uwsgiConfig = {
+        socket = "/run/searx/searx.sock";
+        chmod-socket = "660";
+        cache2 = "name=searx_cache,items=2000,blocks=2000,blocksize=4096,bitmap=1";
+        disable-logging = true; # public service
+      };
+    };
+
+    users.extraUsers.nginx.extraGroups = [ "searx" ];
+
+    services.nginx.virtualHosts.${cfg.realHost} = {
+      forceSSL = true;
+      useACMEHost = cfg.domain;
+      locations."/".extraConfig = ''
+        proxy_set_header Host $host;
+        access_log off; # public service
+        uwsgi_pass unix:/run/searx/searx.sock;
+        include ${pkgs.nginx}/conf/uwsgi_params;
+      '';
+      locations."/static/".alias = "${cfg.package}/share/static/";
+    };
+  };
+}
-- 
cgit 1.4.1