From fe6edd54b141a1aee7486ef0534689f9f54bbd62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sun, 29 Oct 2023 15:34:25 +0100
Subject: [PATCH 1/3] feat: searx

---
 hosts/nachtigall/apps/searx.nix | 69 +++++++++++++++++++++++++++++++++
 hosts/nachtigall/default.nix    |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 hosts/nachtigall/apps/searx.nix

diff --git a/hosts/nachtigall/apps/searx.nix b/hosts/nachtigall/apps/searx.nix
new file mode 100644
index 0000000..8e71719
--- /dev/null
+++ b/hosts/nachtigall/apps/searx.nix
@@ -0,0 +1,69 @@
+{
+  flake,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  age.secrets.searx-environment = {
+    file = "${flake.self}/secrets/searx-environment.age";
+    mode = "700";
+  };
+
+  services.nginx.virtualHosts."search.pub.solar" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/".proxyPass = "http://unix:/run/searx/searx.socket";
+  };
+
+  users.users.nginx.extraGroups = [ "searx" ];
+
+  services.searx = {
+    enable = true;
+    runInUwsgi = true;
+    package = searxng;
+
+    uwsgiConfig = {
+      disable-logging = true;
+      socket = "/run/searx/searx.sock";
+      chmod-socket = "660";
+    };
+
+    environmentFile = config.age.secrets.searx-environment.path; 
+
+    settings = {
+      use_default_settings: true;
+      server.secret_key = "@SEARX_SECRET_KEY@";
+
+      general = {
+        instance_name = "search.pub.solar";
+        privacypolicy_url: "https://pub.solar/privacy";
+        # use true to use your own donation page written in searx/info/en/donate.md
+        # use false to disable the donation link
+        donation_url: false
+        # mailto:contact@example.com
+        contact_url: false
+        enable_metrics: false
+      };
+
+      search = {
+        # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "yandex", "mwmbl",
+        # "seznam", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
+        # by default.
+        autocomplete: "duckduckgo"
+        # minimun characters to type before autocompleter starts
+        autocomplete_min: 4
+      };
+
+      ui = {
+        # query_in_title: When true, the result page's titles contains the query
+        # it decreases the privacy, since the browser can records the page titles.
+        query_in_title = false;
+        # infinite_scroll: When true, automatically loads the next page when scrolling to bottom of the current page.
+        infinite_scroll = false;
+      };
+    };
+  };
+}
diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix
index f4c1ed8..067b5a5 100644
--- a/hosts/nachtigall/default.nix
+++ b/hosts/nachtigall/default.nix
@@ -21,6 +21,7 @@
       ./apps/nginx-website.nix
       ./apps/opensearch.nix
       ./apps/postgresql.nix
+      ./apps/searx.nix
 
       ./apps/matrix/mautrix-telegram.nix
       ./apps/matrix/synapse.nix

From 8e5f5d425c8b2601803c407dd1db4eed05d5bbfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sun, 29 Oct 2023 15:38:44 +0100
Subject: [PATCH 2/3] fix: add searx secret key

---
 secrets/searx-environment.age | Bin 0 -> 1522 bytes
 secrets/secrets.nix           |   2 ++
 2 files changed, 2 insertions(+)
 create mode 100644 secrets/searx-environment.age

diff --git a/secrets/searx-environment.age b/secrets/searx-environment.age
new file mode 100644
index 0000000000000000000000000000000000000000..76db50015034cadfa5f067605e6bfd2e81dbcccb
GIT binary patch
literal 1522
zcmZA0IqNM40R?b7VGt}uY%W0*o&23UclK;B``l&jEO&NnW?%2@JNU5j6C}MLh=pYW
zAs^s1RzeDq*x2Y-Fh%ewyyn%X_`%^EKaF4FI_$T0%$xdGO`k$D47_}D7>4X6j!qZ`
zQ-_?p7E5|?%ym(hyzkB?bT0~YC(h2(ZZi7D#7dQUWvO&0xh|_C2@r8ZDc3s!pHp|x
zSjTBH?s~rKdf#;$rPEUCCDwDI#3%Z$Hn|~pUk<{ixLMzm^csP}a_c$2?#XMlX7mOP
zRElu&U1NpWgdGwf`P|dj<(TE9%tiZPW24I-J%`}~k4|xMg^4rY=UeZGZ?%5#52e68
zjx><2A?p$F&WN|WR5U%t%8eyR8;wEcV|s48shL~~QDPBj2<tR6q@{ti-FjL+j}^NB
zLrcTxIBj`oL0i_|ro};Gn*{TA?FqcwEeedrbTovlvrd}aY?tEhUbGft)N8KZGeFPP
z3+NDc(zxceO~{aGgRsL!BN#B4L8Ma_Tf2|w9f69pF1Ku?unDK85GJHUuCKtQZu4P~
z{j%y%v6uXZdkf<=n3kZ!u=}QLTY2{CRVnZ%r+6^yAN|JQN(f)l`hf)rK=rmdUoqRV
zl~8D~hGG4=i5QA!CK|N7Eag#(&y;j3mAa=-b#j^Fr<|P{*n7sV3<GK_*d5I#2?7bd
zVwpQ(lF#S0OCP5kE#W6<*n!KF_BpQu1!T(+p7Ya`NhjXC6$T*z7gVV<!pj6tmQq_J
z6Bs`uP8~g;0jeBTE}7!KeDGlvX&NM{L0tsJDT>cwqPR2zbAZsE_=b*$?P?g(PV4qG
z<BQ#y{<RXzS`{K<bM#f}PhowAh)ROl>OqOuUE^lcYtjg42XL%XG!od=QjmM0gU@L}
zo+PJXxoa#2qKGTj4ensvYV}Q3Wf5HYZdTV$&HeO316zSJgux{98H%yu=BVLR6{Vh7
zqZDD*!$B<?%aM{bPb8_&_F7a>O+w2>#{<Vl-~}L5>QvXgkt8a&q%po4v<GW>VVG&E
z9NAU3e0$zK4O5%9JAV67S9mBxdcaEbl*26uF)AArtbRIeOx(b7G&sYXdX)HrbxqtX
zxL^VSg-g`4b;5+A?NV}hp$7YWr*s0TF^V2~iGl**B8$EIu9iy{j?jk(p=(K)%M6Fk
zdAy4ah}IlfnG?3$33L>_wFOc0*alkz#L5xoZIq1HO*S?sf%yo+*{~QRSv8QDN#%Vv
zD91No?OlzrhRvW4Ww>0<>2f5jcGNipefIvfr6?Cka(Q$bdxAxB*>@~k8lck|)C#QC
zhE}}N%^`b887C$CBsp&`IQwcr-i%o)L-YSy{F|SH?_Ic;w2%EE22`-bEY~$n9}%5w
zx5c6zOv=QMo;ocWF-Hs$4&vUS`al?tJ$Lu)hPWEz3KzSvWe>PZ0gM(jj_4Qiktv{!
zr`i+6^mzeZUS1C8OBC?`%U!HAV6J_PV>&3f+<3@%ThCg>!G!prf{HSMfBfj9AAJ3~
znUnuupa1#wkAMHZ`3=Ut8sks-k3Rf2M11r558wXlvmd_t=lA~TH(%smPxF^QdG+^?
kfA^jJ@wdO$|MuN4`47JTm%sk>XTSX__(k>J2Y)L53osn|)c^nh

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 2b0bdc9..4690924 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -38,4 +38,6 @@ in {
 
   "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
   "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
+
+  "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
 }

From edc76ebb1b3963694e4711789b3c20fb7d0105f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sun, 29 Oct 2023 22:14:13 +0100
Subject: [PATCH 3/3] chore: add search.pub.solar dns entry

---
 hosts/nachtigall/apps/searx.nix | 2 +-
 terraform/dns.tf                | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hosts/nachtigall/apps/searx.nix b/hosts/nachtigall/apps/searx.nix
index 8e71719..8c2e8e7 100644
--- a/hosts/nachtigall/apps/searx.nix
+++ b/hosts/nachtigall/apps/searx.nix
@@ -62,7 +62,7 @@
         # it decreases the privacy, since the browser can records the page titles.
         query_in_title = false;
         # infinite_scroll: When true, automatically loads the next page when scrolling to bottom of the current page.
-        infinite_scroll = false;
+        infinite_scroll = true;
       };
     };
   };
diff --git a/terraform/dns.tf b/terraform/dns.tf
index c97b39e..79200e1 100644
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@@ -113,6 +113,11 @@ resource "namecheap_domain_records" "pub-solar" {
     type = "CNAME"
     address = "nachtigall.pub.solar."
   }
+  record {
+    hostname = "search"
+    type = "CNAME"
+    address = "nachtigall.pub.solar."
+  }
   record {
     hostname = "mastodon"
     type = "CNAME"