refactor: moved nixos modules to dendrite pattern

2026-04-07 15:39:45 -05:00 · 2026-04-07 15:39:45 -05:00 · 0ea11e0236
commit 0ea11e0236
parent df8dd110ad
219 changed files with 4802 additions and 4820 deletions
--- a/modules/nixos/programs/searx/default.nix
+++ b/modules/nixos/programs/searx/default.nix
@ -0,0 +1,10 @@
+{config, ...}: let
+  mod = config.flake.nixosModules;
+in {
+  flake.nixosModules.searx = {
+    imports = [
+      mod.searx-service
+      mod.searx-proxy
+    ];
+  };
+}
--- a/modules/nixos/programs/searx/proxy.nix
+++ b/modules/nixos/programs/searx/proxy.nix
@ -0,0 +1,33 @@
+{...}: {
+  flake.nixosModules.searx-proxy = {
+    config,
+    lib,
+    ...
+  }: {
+    options.services.searx = {
+      extraDomains = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        description = "extra domains that should be configured for searx";
+        default = [];
+      };
+      reverseProxy = {
+        enable = lib.mkOption {
+          type = lib.types.bool;
+          default = config.services.searx.enable && config.services.reverseProxy.enable;
+        };
+      };
+    };
+
+    config = lib.mkIf config.services.searx.reverseProxy.enable {
+      services.reverseProxy.services.searx = {
+        target = "http://localhost:${toString config.services.searx.settings.server.port}";
+        domain = config.services.searx.domain;
+        extraDomains = config.services.searx.extraDomains;
+
+        settings = {
+          forwardHeaders.enable = true;
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/programs/searx/searx.nix
+++ b/modules/nixos/programs/searx/searx.nix
@ -0,0 +1,61 @@
+{...}: {
+  flake.nixosModules.searx-service = {
+    config,
+    lib,
+    inputs,
+    ...
+  }: {
+    config = lib.mkIf config.services.searx.enable {
+      sops.secrets = {
+        "services/searx" = {
+          sopsFile = "${inputs.secrets}/defiant-services.yaml";
+        };
+      };
+
+      services.searx = {
+        environmentFile = config.sops.secrets."services/searx".path;
+
+        # Rate limiting
+        limiterSettings = {
+          real_ip = {
+            x_for = 1;
+            ipv4_prefix = 32;
+            ipv6_prefix = 56;
+          };
+
+          botdetection = {
+            ip_limit = {
+              filter_link_local = true;
+              link_token = true;
+            };
+          };
+        };
+
+        settings = {
+          server = {
+            port = 8083;
+            secret_key = "@SEARXNG_SECRET@";
+          };
+
+          # Search engine settings
+          search = {
+            safe_search = 2;
+            autocomplete_min = 2;
+            autocomplete = "duckduckgo";
+          };
+
+          # Enabled plugins
+          enabled_plugins = [
+            "Basic Calculator"
+            "Hash plugin"
+            "Tor check plugin"
+            "Open Access DOI rewrite"
+            "Hostnames plugin"
+            "Unit converter plugin"
+            "Tracker URL remover"
+          ];
+        };
+      };
+    };
+  };
+}