searxng/module.nix: init

modules/services/searxng/module.nix

@@ -0,0 +1,119 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkEnableOption mkIf;
+  inherit (lib.strings) toString;
+  cfg = config.modules.services.searxng;
+  port = 4021;
+in {
+  options.modules.services.searxng.enable = mkEnableOption "SearXNG, a private search engine";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [port];
+
+    modules.system.services.nginx.enable = true;
+
+    services = {
+      searx = {
+        enable = true;
+        package = pkgs.searxng;
+        environmentFile = "/srv/data/searxng/super_secret_file";
+        settings = {
+          general = {
+            name = "Copesearch";
+            privacypolicy_url = false;
+            debug = false;
+            enable_metrics = false;
+          };
+
+          search = {
+            safe_search = 1;
+
+            formats = ["html" "json" "rss"];
+            autocomplete = "google"; # "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
+            default_lang = "en";
+          };
+
+          ui = {
+            query_in_title = true;
+            theme_args.simple_style = "dark"; # auto, dark, light
+            results_on_new_tab = false;
+          };
+
+          server = {
+            inherit port;
+            limiter = false;
+            image_proxy = false;
+
+            # taken from https://github.com/searx/searx/issues/715
+            default_http_headers = {
+              X-Content-Type-Options = "nosniff";
+              X-XSS-Protection = "1; mode=block";
+              X-Download-Options = "noopen";
+              X-Robots-Tag = "noindex, nofollow";
+              Referrer-Policy = "no-referrer";
+            };
+          };
+
+          # shamelessly stolen from NotAShelf
+          engines = [
+            {
+              name = "wikipedia";
+              engine = "wikipedia";
+              shortcut = "w";
+              base_url = "https://wikipedia.org/";
+            }
+            {
+              name = "duckduckgo";
+              engine = "duckduckgo";
+              shortcut = "ddg";
+            }
+            {
+              name = "google";
+              engine = "google";
+              shortcut = "g";
+              use_mobile_ui = false;
+            }
+            {
+              name = "archwiki";
+              engine = "archlinux";
+              shortcut = "aw";
+            }
+            {
+              name = "github";
+              engine = "github";
+              categories = "it";
+              shortcut = "gh";
+            }
+            {
+              name = "nixpkgs";
+              shortcut = "nx";
+              engine = "elasticsearch";
+              categories = "dev,nix";
+              base_url = "https://nixos-search-5886075189.us-east-1.bonsaisearch.net:443";
+              index = "latest-31-nixos-unstable";
+              query_type = "match";
+            }
+          ];
+        };
+      };
+      nginx.virtualhosts."search.copeberg.org" = {
+        locations."/".proxyPass = "http://127.0.0.1:${toString port}";
+        extraConfig = ''
+          access_log /dev/null;
+          error_log /dev/null;
+          proxy_connect_timeout 60s;
+          proxy_send_timeout 60s;
+          proxy_read_timeout 60s;
+        '';
+
+        quic = true;
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+}