alteur/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-dotfiles/hosts/modules/searxng.nix

238 lines
5.7 KiB
Nix
Raw Blame History

{
pkgs,
lib,
...
}: let
domain = null;
acmeEmail = null;
envFile = "/var/lib/searx/searxng.env";
in {
services.searx = {
enable = true;
package = pkgs.searxng;
redisCreateLocally = true;
environmentFile = envFile;
runInUwsgi = false;
settings = {
server = {
bind_address = "127.0.0.1";
port = 11212;
limiter = false;
image_proxy = true;
base_url = lib.mkIf (domain != null) "https://${domain}";
};
ui = {
default_locale = "en";
default_theme = "simple";
};
search = {
safe_search = 0;
autocomplete = "duckduckgo";
default_engine = "";
default_categories = ["general" "it" "images" "videos" "map" "news" "science"];
formats = ["html" "json"];
};
enabled_plugins = [
"hash"
"self_info"
"tracker_url_remover"
"hostname_replace"
"open_access_doi_rewrite"
];
engines = [
{
name = "duckduckgo_web";
engine = "duckduckgo";
disabled = false;
categories = ["general"];
weight = 1.0;
timeout = 3.0;
}
{
name = "google_web";
engine = "google";
disabled = false;
categories = ["general"];
weight = 1.0;
timeout = 4.0;
}
{
name = "bing_web";
engine = "bing";
disabled = false;
categories = ["general"];
weight = 1.0;
timeout = 4.0;
}
{
name = "brave";
engine = "brave";
disabled = false;
categories = ["general"];
weight = 1.0;
timeout = 3.0;
}
{
name = "mojeek";
engine = "mojeek";
disabled = false;
categories = ["general"];
weight = 0.9;
timeout = 3.0;
}
{
name = "qwant";
engine = "qwant";
disabled = false;
categories = ["general"];
weight = 0.8;
timeout = 3.0;
}
{
name = "startpage";
engine = "startpage";
disabled = false;
categories = ["general"];
weight = 0.9;
timeout = 4.0;
}
{
name = "wikipedia";
engine = "wikipedia";
disabled = false;
categories = ["general"];
timeout = 3.0;
}
{
name = "wikidata";
engine = "wikidata";
disabled = false;
categories = ["general"];
timeout = 3.0;
}
{
name = "wikibooks";
engine = "wikibooks";
disabled = false;
categories = ["general"];
timeout = 3.0;
}
{
name = "wiktionary";
engine = "wiktionary";
disabled = false;
categories = ["general"];
timeout = 3.0;
}
{
name = "arxiv";
engine = "arxiv";
disabled = false;
categories = ["science"];
timeout = 4.0;
}
{
name = "crossref";
engine = "crossref";
disabled = false;
categories = ["science"];
timeout = 4.0;
}
{
name = "semantic_scholar";
engine = "semantic_scholar";
disabled = false;
categories = ["science"];
timeout = 4.0;
}
{
name = "github_code";
engine = "github";
disabled = false;
categories = ["it"];
timeout = 4.0;
}
{
name = "stackoverflow";
engine = "stackoverflow";
disabled = false;
categories = ["it"];
timeout = 4.0;
}
{
name = "wikicommons_img";
engine = "wikicommons";
disabled = false;
categories = ["images"];
timeout = 4.0;
}
{
name = "youtube_video";
engine = "youtube";
disabled = false;
categories = ["videos"];
timeout = 5.0;
}
{
name = "peertube_video";
engine = "peertube";
disabled = false;
categories = ["videos"];
timeout = 5.0;
}
{
name = "openstreetmap";
engine = "openstreetmap";
disabled = false;
categories = ["map"];
timeout = 4.0;
}
{
name = "google_maps";
engine = "google_maps";
disabled = false;
categories = ["map"];
timeout = 4.0;
}
];
};
limiterSettings.real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
};
};
systemd.services.searx-secret = {
description = "Generate SearXNG secret";
wantedBy = ["multi-user.target"];
before = ["searx-init.service" "searx.service"];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
};
script = ''
set -euo pipefail
install -d -m 0750 -o searx -g searx /var/lib/searx
if [ ! -f ${envFile} ]; then
umask 0077
echo "SEARXNG_SECRET=$(${pkgs.openssl}/bin/openssl rand -hex 32)" > ${envFile}
chown searx:searx ${envFile}
chmod 0640 ${envFile}
fi
'';
};
systemd.services.searx-init = {
wants = ["searx-secret.service"];
after = ["searx-secret.service"];
};
systemd.services.searx = {
wants = ["searx-secret.service"];
after = ["searx-secret.service"];
};
users.groups.searx.members = ["nginx"];
security.acme = lib.mkIf (domain != null) {
acceptTerms = true;
defaults = lib.mkIf (acmeEmail != null) {email = acmeEmail;};
};
}
Reference in a new issue View git blame Copy permalink