1
0
Fork 0

Update greatyamada config

This commit is contained in:
Avery 2025-06-21 15:42:06 +02:00
parent 5c4921895e
commit 97bf3bb177
Signed by: Avery
GPG key ID: B684FD451B692E04
22 changed files with 556 additions and 212 deletions

View file

@ -0,0 +1,46 @@
{ config, pkgs, ... }:
let
portDefinitions = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.sops.templates."searxng_secret_key.env".path;
redisCreateLocally = true;
# runInUwsgi = true;
# uwsgiConfig = {
# socket = "/run/searx/searxng.sock";
# http = ":${toString portDefinitions.searxng}";
# chmod-socket = "660";
# };
settings = {
base_url = "https://searxng.rcia.dev";
bind_address = "127.0.0.1";
port = portDefinitions.searxng;
public_instance = false;
limiter = false;
};
};
nginx.virtualHosts."searxng.rcia.dev" = {
locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.searxng}";
extraConfig = nginxLocalServiceConfig;
forceSSL = true;
useACMEHost = "rcia.dev";
};
};
sops = {
secrets."searxng_secret_key".owner = "searx";
templates."searxng_secret_key.env" = {
content = ''
SEARXNG_SECRET=${config.sops.placeholder."searxng_secret_key"}
'';
owner = "searx";
};
};
systemd.services.nginx.serviceConfig.ProtectHome = false;
users.groups.searx.members = [ "nginx" ];
}