merge: merged leyla/main

modules/nixos-modules/server/searx/default.nix

@@ -1,63 +1,6 @@
 {
-  config,
-  lib,
-  inputs,
-  ...
-}: {
   imports = [
+    ./searx.nix
     ./proxy.nix
   ];
-
-  config = lib.mkIf config.services.searx.enable {
-    sops.secrets = {
-      "services/searx" = {
-        sopsFile = "${inputs.secrets}/defiant-services.yaml";
-      };
-    };
-
-    services.searx = {
-      environmentFile = config.sops.secrets."services/searx".path;
-
-      # Rate limiting
-      limiterSettings = {
-        real_ip = {
-          x_for = 1;
-          ipv4_prefix = 32;
-          ipv6_prefix = 56;
-        };
-
-        botdetection = {
-          ip_limit = {
-            filter_link_local = true;
-            link_token = true;
-          };
-        };
-      };
-
-      settings = {
-        server = {
-          port = 8083;
-          secret_key = "@SEARXNG_SECRET@";
-        };
-
-        # Search engine settings
-        search = {
-          safe_search = 2;
-          autocomplete_min = 2;
-          autocomplete = "duckduckgo";
-        };
-
-        # Enabled plugins
-        enabled_plugins = [
-          "Basic Calculator"
-          "Hash plugin"
-          "Tor check plugin"
-          "Open Access DOI rewrite"
-          "Hostnames plugin"
-          "Unit converter plugin"
-          "Tracker URL remover"
-        ];
-      };
-    };
-  };
 }

modules/nixos-modules/server/searx/proxy.nix

@@ -4,18 +4,27 @@
   ...
 }: {
   options.services.searx = {
-    subdomain = lib.mkOption {
-      type = lib.types.str;
-      description = "subdomain of base domain that searx will be hosted at";
-      default = "searx";
+    extraDomains = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = "extra domains that should be configured for searx";
+      default = [];
+    };
+    reverseProxy = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = config.services.searx.enable && config.services.reverseProxy.enable;
+      };
     };
   };
 
-  config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) {
-    host = {
-      reverse_proxy.subdomains.searx = {
-        subdomain = config.services.searx.subdomain;
-        target = "http://localhost:${toString config.services.searx.settings.server.port}";
+  config = lib.mkIf config.services.searx.reverseProxy.enable {
+    services.reverseProxy.services.searx = {
+      target = "http://localhost:${toString config.services.searx.settings.server.port}";
+      domain = config.services.searx.domain;
+      extraDomains = config.services.searx.extraDomains;
+
+      settings = {
+        forwardHeaders.enable = true;
       };
     };
   };

modules/nixos-modules/server/searx/searx.nix

@@ -0,0 +1,59 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+  config = lib.mkIf config.services.searx.enable {
+    sops.secrets = {
+      "services/searx" = {
+        sopsFile = "${inputs.secrets}/defiant-services.yaml";
+      };
+    };
+
+    services.searx = {
+      environmentFile = config.sops.secrets."services/searx".path;
+
+      # Rate limiting
+      limiterSettings = {
+        real_ip = {
+          x_for = 1;
+          ipv4_prefix = 32;
+          ipv6_prefix = 56;
+        };
+
+        botdetection = {
+          ip_limit = {
+            filter_link_local = true;
+            link_token = true;
+          };
+        };
+      };
+
+      settings = {
+        server = {
+          port = 8083;
+          secret_key = "@SEARXNG_SECRET@";
+        };
+
+        # Search engine settings
+        search = {
+          safe_search = 2;
+          autocomplete_min = 2;
+          autocomplete = "duckduckgo";
+        };
+
+        # Enabled plugins
+        enabled_plugins = [
+          "Basic Calculator"
+          "Hash plugin"
+          "Tor check plugin"
+          "Open Access DOI rewrite"
+          "Hostnames plugin"
+          "Unit converter plugin"
+          "Tracker URL remover"
+        ];
+      };
+    };
+  };
+}