2025-04-01 20:17:40 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
|
|
|
|
inherit (lib.options) mkEnableOption;
|
|
|
|
|
inherit (lib.modules) mkIf;
|
2025-04-06 22:34:58 +02:00
|
|
|
inherit (builtins) toString;
|
2025-04-01 20:17:40 +02:00
|
|
|
cfg = config.modules.services.searxng;
|
|
|
|
|
port = 4021;
|
|
|
|
|
in {
|
|
|
|
|
options.modules.services.searxng.enable = mkEnableOption "SearXNG, a private search engine";
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
networking.firewall.allowedTCPPorts = [port];
|
|
|
|
|
|
|
|
|
|
services = {
|
2025-04-06 22:34:58 +02:00
|
|
|
nginx.enable = true;
|
2025-04-01 20:17:40 +02:00
|
|
|
searx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.searxng;
|
|
|
|
|
environmentFile = "/srv/data/searxng/super_secret_file";
|
|
|
|
|
settings = {
|
|
|
|
|
general = {
|
|
|
|
|
name = "Copesearch";
|
|
|
|
|
privacypolicy_url = false;
|
|
|
|
|
debug = false;
|
|
|
|
|
enable_metrics = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
search = {
|
|
|
|
|
safe_search = 1;
|
|
|
|
|
|
|
|
|
|
formats = ["html" "json" "rss"];
|
|
|
|
|
autocomplete = "google"; # "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
|
|
|
|
|
default_lang = "en";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ui = {
|
|
|
|
|
query_in_title = true;
|
|
|
|
|
theme_args.simple_style = "dark"; # auto, dark, light
|
|
|
|
|
results_on_new_tab = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
server = {
|
|
|
|
|
inherit port;
|
|
|
|
|
limiter = false;
|
|
|
|
|
image_proxy = false;
|
|
|
|
|
|
|
|
|
|
# taken from https://github.com/searx/searx/issues/715
|
|
|
|
|
default_http_headers = {
|
|
|
|
|
X-Content-Type-Options = "nosniff";
|
|
|
|
|
X-XSS-Protection = "1; mode=block";
|
|
|
|
|
X-Download-Options = "noopen";
|
|
|
|
|
X-Robots-Tag = "noindex, nofollow";
|
|
|
|
|
Referrer-Policy = "no-referrer";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# shamelessly stolen from NotAShelf
|
|
|
|
|
engines = [
|
|
|
|
|
{
|
|
|
|
|
name = "wikipedia";
|
|
|
|
|
engine = "wikipedia";
|
|
|
|
|
shortcut = "w";
|
|
|
|
|
base_url = "https://wikipedia.org/";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "duckduckgo";
|
|
|
|
|
engine = "duckduckgo";
|
|
|
|
|
shortcut = "ddg";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "google";
|
|
|
|
|
engine = "google";
|
|
|
|
|
shortcut = "g";
|
|
|
|
|
use_mobile_ui = false;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "archwiki";
|
|
|
|
|
engine = "archlinux";
|
|
|
|
|
shortcut = "aw";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "github";
|
|
|
|
|
engine = "github";
|
|
|
|
|
categories = "it";
|
|
|
|
|
shortcut = "gh";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
name = "nixpkgs";
|
|
|
|
|
shortcut = "nx";
|
|
|
|
|
engine = "elasticsearch";
|
|
|
|
|
categories = "dev,nix";
|
|
|
|
|
base_url = "https://nixos-search-5886075189.us-east-1.bonsaisearch.net:443";
|
|
|
|
|
index = "latest-31-nixos-unstable";
|
|
|
|
|
query_type = "match";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-04-06 22:34:58 +02:00
|
|
|
nginx.virtualHosts."search.copeberg.org" = {
|
2025-04-01 20:17:40 +02:00
|
|
|
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
access_log /dev/null;
|
|
|
|
|
error_log /dev/null;
|
|
|
|
|
proxy_connect_timeout 60s;
|
|
|
|
|
proxy_send_timeout 60s;
|
|
|
|
|
proxy_read_timeout 60s;
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
quic = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
