Merge pull request 'feat: searx' (#35) from feat/searx into main

Reviewed-on: pub-solar/infra-new#35
Reviewed-by: teutat3s <teutates@mailbox.org>
This commit is contained in:
teutat3s 2023-10-29 21:16:34 +00:00
commit 5f32669fe8
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
5 changed files with 77 additions and 0 deletions

View file

@ -0,0 +1,69 @@
{
flake,
config,
lib,
pkgs,
...
}:
{
age.secrets.searx-environment = {
file = "${flake.self}/secrets/searx-environment.age";
mode = "700";
};
services.nginx.virtualHosts."search.pub.solar" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/searx/searx.socket";
};
users.users.nginx.extraGroups = [ "searx" ];
services.searx = {
enable = true;
runInUwsgi = true;
package = searxng;
uwsgiConfig = {
disable-logging = true;
socket = "/run/searx/searx.sock";
chmod-socket = "660";
};
environmentFile = config.age.secrets.searx-environment.path;
settings = {
use_default_settings: true;
server.secret_key = "@SEARX_SECRET_KEY@";
general = {
instance_name = "search.pub.solar";
privacypolicy_url: "https://pub.solar/privacy";
# use true to use your own donation page written in searx/info/en/donate.md
# use false to disable the donation link
donation_url: false
# mailto:contact@example.com
contact_url: false
enable_metrics: false
};
search = {
# Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "yandex", "mwmbl",
# "seznam", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
# by default.
autocomplete: "duckduckgo"
# minimun characters to type before autocompleter starts
autocomplete_min: 4
};
ui = {
# query_in_title: When true, the result page's titles contains the query
# it decreases the privacy, since the browser can records the page titles.
query_in_title = false;
# infinite_scroll: When true, automatically loads the next page when scrolling to bottom of the current page.
infinite_scroll = true;
};
};
};
}

View file

@ -21,6 +21,7 @@
./apps/nginx-website.nix ./apps/nginx-website.nix
./apps/opensearch.nix ./apps/opensearch.nix
./apps/postgresql.nix ./apps/postgresql.nix
./apps/searx.nix
./apps/matrix/mautrix-telegram.nix ./apps/matrix/mautrix-telegram.nix
./apps/matrix/synapse.nix ./apps/matrix/synapse.nix

Binary file not shown.

View file

@ -38,4 +38,6 @@ in {
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
} }

View file

@ -113,6 +113,11 @@ resource "namecheap_domain_records" "pub-solar" {
type = "CNAME" type = "CNAME"
address = "nachtigall.pub.solar." address = "nachtigall.pub.solar."
} }
record {
hostname = "search"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record { record {
hostname = "mastodon" hostname = "mastodon"
type = "CNAME" type = "CNAME"