infra/modules/searx/default.nix
Benjamin Yule Bädorf 68278ad983
refactor: use options for config parts
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00

82 lines
2.2 KiB
Nix

{ flake
, config
, lib
, pkgs
, ...
}:
{
age.secrets.searx-environment = {
file = "${flake.self}/secrets/searx-environment.age";
mode = "600";
};
services.nginx.virtualHosts."search.${config.pub-solar-os.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
uwsgi_pass unix:/run/searx/searx.sock;
'';
};
users.users.nginx.extraGroups = [ "searx" ];
services.searx = {
enable = true;
package = pkgs.searxng;
runInUwsgi = true;
uwsgiConfig = {
disable-logging = true;
socket = "/run/searx/searx.sock";
chmod-socket = "660";
};
environmentFile = config.age.secrets.searx-environment.path;
settings = {
use_default_settings = true;
server = {
base_url = "https://search.${config.pub-solar-os.networking.domain}";
secret_key = "@SEARX_SECRET_KEY@";
};
general = {
debug = false;
instance_name = "search.${config.pub-solar-os.networking.domain}";
privacypolicy_url = config.pub-solar-os.privacyPolicyUrl;
# use true to use your own donation page written in searx/info/en/donate.md
# use false to disable the donation link
donation_url = false;
# mailto:contact@example.com
contact_url = false;
enable_metrics = false;
};
search = {
# Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "yandex", "mwmbl",
# "seznam", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
# by default.
autocomplete = "duckduckgo";
# minimun characters to type before autocompleter starts
autocomplete_min = 4;
};
engine = [
{ engine = "startpage"; disabled = false; }
{ engine = "yahoo"; disabled = false; }
{ engine = "tagesschau"; disabled = false; }
];
ui = {
# query_in_title: When true, the result page's titles contains the query
# it decreases the privacy, since the browser can records the page titles.
query_in_title = false;
# infinite_scroll: When true, automatically loads the next page when scrolling to bottom of the current page.
infinite_scroll = true;
};
};
};
}