forked from jan-leila/nix-config
78 lines
1.9 KiB
Nix
78 lines
1.9 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}: {
|
|
options.services.searx = {
|
|
subdomain = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "subdomain of base domain that searx will be hosted at";
|
|
default = "searx";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.services.searx.enable (
|
|
lib.mkMerge [
|
|
{
|
|
sops.secrets = {
|
|
"services/searx" = {
|
|
sopsFile = "${inputs.secrets}/defiant-services.yaml";
|
|
};
|
|
};
|
|
services.searx = {
|
|
environmentFile = config.sops.secrets."services/searx".path;
|
|
|
|
# Rate limiting
|
|
limiterSettings = {
|
|
real_ip = {
|
|
x_for = 1;
|
|
ipv4_prefix = 32;
|
|
ipv6_prefix = 56;
|
|
};
|
|
|
|
botdetection = {
|
|
ip_limit = {
|
|
filter_link_local = true;
|
|
link_token = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
settings = {
|
|
server = {
|
|
port = 8083;
|
|
secret_key = "@SEARXNG_SECRET@";
|
|
};
|
|
|
|
# Search engine settings
|
|
search = {
|
|
safe_search = 2;
|
|
autocomplete_min = 2;
|
|
autocomplete = "duckduckgo";
|
|
};
|
|
|
|
# Enabled plugins
|
|
enabled_plugins = [
|
|
"Basic Calculator"
|
|
"Hash plugin"
|
|
"Tor check plugin"
|
|
"Open Access DOI rewrite"
|
|
"Hostnames plugin"
|
|
"Unit converter plugin"
|
|
"Tracker URL remover"
|
|
];
|
|
};
|
|
};
|
|
}
|
|
(lib.mkIf config.host.reverse_proxy.enable {
|
|
host = {
|
|
reverse_proxy.subdomains.searx = {
|
|
subdomain = config.services.searx.subdomain;
|
|
target = "http://localhost:${toString config.services.searx.settings.server.port}";
|
|
};
|
|
};
|
|
})
|
|
]
|
|
);
|
|
}
|