diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
| commit | e6ed60548397627bf10f561f9438201dbba0a36e (patch) | |
| tree | f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/searx.nix | |
| parent | 9ac64328603d44bd272175942d3ea3eaadcabd04 (diff) | |
2024-04-21
Diffstat (limited to 'modules/searx.nix')
| -rw-r--r-- | modules/searx.nix | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/modules/searx.nix b/modules/searx.nix new file mode 100644 index 0000000..de51a20 --- /dev/null +++ b/modules/searx.nix @@ -0,0 +1,81 @@ +{ + config, + inputs, + lib, + libNginx, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.searx; +in +{ + options.nixfiles.modules.searx = { + enable = mkEnableOption "SearX"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 61001; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "searx.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + secrets.searx-environment = { + file = "${inputs.self}/secrets/searx-environment"; + owner = "searx"; + group = "searx"; + }; + + nixfiles.modules.nginx = { + enable = true; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://searx"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + services = { + searx = { + enable = true; + + settings = { + general = { + instance_name = cfg.domain; + contact_url = "mailto:admin+searx@${config.networking.domain}"; + git_url = false; + git_branch = false; + docs_url = false; + wiki_url = false; + twitter_url = false; + }; + server = { + bind_address = "127.0.0.1"; + inherit (cfg) port; + secret_key = "@SEARX_SECRET_KEY@"; + base_url = false; + image_proxy = false; + default_http_headers = { + Referrer-Policy = "no-referrer"; + X-Content-Type-Options = "nosniff"; + X-Download-Options = "noopen"; + X-Robots-Tag = "noindex, nofollow, nosnippet, noarchive"; + }; + }; + search = { + safe_search = 0; + autocomplete = ""; + }; + }; + environmentFile = config.secrets.searx-environment.path; + }; + }; + }; +} |