46 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			46 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, pkgs, ... }:
 | |
| let
 | |
|   ports = import ./_port-definitions.nix;
 | |
|   nginxLocalServiceConfig = import ./nginx-local-config.nix;
 | |
| in {
 | |
|   services = {
 | |
|     searx = {
 | |
|       enable = true;
 | |
|       package = pkgs.searxng;
 | |
|       environmentFile = config.sops.templates."searxng_secret_key.env".path;
 | |
|       redisCreateLocally = true;
 | |
|       # runInUwsgi = true;
 | |
|       # uwsgiConfig = {
 | |
|       #   socket = "/run/searx/searxng.sock";
 | |
|       #   http = ":${toString ports.searxng}";
 | |
|       #   chmod-socket = "660";
 | |
|       # };
 | |
|       settings = {
 | |
|         base_url = "https://searxng.rcia.dev";
 | |
|         bind_address = "127.0.0.1";
 | |
|         port = ports.tcp.searxng;
 | |
|         public_instance = false;
 | |
|         limiter = false;
 | |
|       };
 | |
| 
 | |
|     };
 | |
|     nginx.virtualHosts."searxng.rcia.dev" = {
 | |
|       locations."/".proxyPass =
 | |
|         "http://127.0.0.1:${toString ports.tcp.searxng}";
 | |
|       extraConfig = nginxLocalServiceConfig;
 | |
|       forceSSL = true;
 | |
|       useACMEHost = "rcia.dev";
 | |
|     };
 | |
|   };
 | |
|   sops = {
 | |
|     secrets."searxng_secret_key".owner = "searx";
 | |
|     templates."searxng_secret_key.env" = {
 | |
|       content = ''
 | |
|         SEARXNG_SECRET=${config.sops.placeholder."searxng_secret_key"}
 | |
|       '';
 | |
|       owner = "searx";
 | |
|     };
 | |
|   };
 | |
|   systemd.services.nginx.serviceConfig.ProtectHome = false;
 | |
|   users.groups.searx.members = [ "nginx" ];
 | |
| }
 |