architect: Re-enable searxng

2023-02-24 22:22:42 +01:00 · 2023-02-24 22:22:42 +01:00 · 2b854f5fa3
commit 2b854f5fa3
parent b9dfa67309
2 changed files with 75 additions and 1 deletions
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -40,6 +40,7 @@ in
    ./lezzo.nix
    ./runas.nix
    ./tailscale.nix
+    ./searx.nix
  ];

  time.timeZone = "Europe/Rome";
@ -134,7 +135,7 @@ in
    openTCP = [ 22 ];
    openTCPVPN = [ 22 ];
  };
-  
+
  services = {
    fwupd.enable = true;
    das_watchdog.enable = true;
--- a/hosts/architect/searx.nix
+++ b/hosts/architect/searx.nix
@ -0,0 +1,73 @@
+{ mach-nix, lib, config, pkgs, ... }:
+
+let
+  domain = "gugol.giugl.io";
+  network = import ./network.nix;
+in
+{
+  services = {
+    redis.servers."searx" = { enable = true; port = 4456; };
+    searx = {
+      enable = true;
+      package = pkgs.unstablePkgs.searxng;
+
+      environmentFile = /secrets/searx/env;
+      settings = {
+        server = {
+          secret_key = "@SEARX_SECRET_KEY@";
+          port = 4455;
+        };
+
+        general = {
+          instance_name = "Pepe's Gugol";
+          contact_url = "mailto:gugol@depasquale.giugl.io";
+          enable_metrics = false;
+        };
+
+        search = {
+          safe_search = 0;
+          autocomplete = "qwant";
+          prefer_configured_language = false;
+        };
+
+        ui = {
+          infinite_scroll = true;
+          query_in_title = true;
+          results_on_new_tab = true;
+        };
+
+        redis.url = "redis://127.0.0.1:${toString config.services.redis.servers."searx".port}";
+
+        engines = [
+          { name = "google"; disabled = false; }
+          { name = "bing"; disabled = false; }
+          { name = "qwant"; disabled = false; }
+          { name = "duckduckgo"; disabled = false; }
+          { name = "yahoo"; disabled = false; }
+          { name = "wikibooks"; disabled = false; }
+          { name = "wikidata"; disabled = false; }
+          { name = "wikipedia"; disabled = false; }
+          { name = "wikiquote"; disabled = false; }
+          { name = "wikisource"; disabled = false; }
+          { name = "wikiversity"; disabled = false; }
+          { name = "wikivoyage"; disabled = false; }
+        ];
+      };
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+    ${network.architect-ts} ${domain}
+  '';
+}