refactor: moved reverse proxy into own section in server modules

2025-09-14 22:10:57 -05:00 · 2025-09-14 22:10:57 -05:00 · 52801b4bb7
commit 52801b4bb7
parent 663bdcc012
7 changed files with 142 additions and 119 deletions
--- a/modules/nixos-modules/server/searx.nix
+++ b/modules/nixos-modules/server/searx.nix
@ -12,61 +12,67 @@
    };
  };

-  config = lib.mkIf config.services.searx.enable {
-    sops.secrets = {
-      "services/searx" = {
-        sopsFile = "${inputs.secrets}/defiant-services.yaml";
-      };
-    };
-    host = {
-      reverse_proxy.subdomains.searx = {
-        subdomain = config.services.searx.subdomain;
-        target = "http://localhost:${toString config.services.searx.settings.server.port}";
-      };
-    };
-    services.searx = {
-      environmentFile = config.sops.secrets."services/searx".path;
-
-      # Rate limiting
-      limiterSettings = {
-        real_ip = {
-          x_for = 1;
-          ipv4_prefix = 32;
-          ipv6_prefix = 56;
-        };
-
-        botdetection = {
-          ip_limit = {
-            filter_link_local = true;
-            link_token = true;
+  config = lib.mkIf config.services.searx.enable (
+    lib.mkMerge [
+      {
+        sops.secrets = {
+          "services/searx" = {
+            sopsFile = "${inputs.secrets}/defiant-services.yaml";
          };
        };
-      };
+        services.searx = {
+          environmentFile = config.sops.secrets."services/searx".path;

-      settings = {
-        server = {
-          port = 8083;
-          secret_key = "@SEARXNG_SECRET@";
+          # Rate limiting
+          limiterSettings = {
+            real_ip = {
+              x_for = 1;
+              ipv4_prefix = 32;
+              ipv6_prefix = 56;
+            };
+
+            botdetection = {
+              ip_limit = {
+                filter_link_local = true;
+                link_token = true;
+              };
+            };
+          };
+
+          settings = {
+            server = {
+              port = 8083;
+              secret_key = "@SEARXNG_SECRET@";
+            };
+
+            # Search engine settings
+            search = {
+              safe_search = 2;
+              autocomplete_min = 2;
+              autocomplete = "duckduckgo";
+            };
+
+            # Enabled plugins
+            enabled_plugins = [
+              "Basic Calculator"
+              "Hash plugin"
+              "Tor check plugin"
+              "Open Access DOI rewrite"
+              "Hostnames plugin"
+              "Unit converter plugin"
+              "Tracker URL remover"
+            ];
+          };
        };
-
-        # Search engine settings
-        search = {
-          safe_search = 2;
-          autocomplete_min = 2;
-          autocomplete = "duckduckgo";
+      }
+      (lib.mkIf config.host.reverse_proxy.enable {
+        host = {
+          reverse_proxy.subdomains.searx = {
+            subdomain = config.services.searx.subdomain;
+            target = "http://localhost:${toString config.services.searx.settings.server.port}";
+          };
        };
-
-        # Enabled plugins
-        enabled_plugins = [
-          "Basic Calculator"
-          "Hash plugin"
-          "Tor check plugin"
-          "Open Access DOI rewrite"
-          "Hostnames plugin"
-          "Unit converter plugin"
-          "Tracker URL remover"
-        ];
-      };
-    };
-  };
+      })
+    ]
+  );
 }