fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add searx host

Browse source
This commit is contained in:
fi 2023-10-16 11:22:48 +02:00
parent 3708003da6
commit 967c771b3e
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
8 changed files with 101 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
config/hosts/searx/configuration.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "searx";
firewall = {
enable = true;
allowedTCPPorts = [ 80 8443 ];
};
};
system.stateVersion = "23.05";
}

8
config/hosts/searx/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./configuration.nix
./nginx.nix
./searx.nix
];
}

29
config/hosts/searx/nginx.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts."searx.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
extraParameters = [ "proxy_protocol" ];
}
];
locations."/" = {
proxyPass = "http://${config.services.searx.settings.server.bind_address}:${builtins.toString config.services.searx.settings.server.port}";
};
extraConfig = ''
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
};
}

29
config/hosts/searx/searx.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
services.searx = {
enable = true;
package = pkgs.searxng;
redisCreateLocally = true;
settings = {
general = {
debug = false;
instance_name = "SearXNG";
};
server = {
bind_address = "127.0.0.1";
port = 8080;
base_url = "https://searx.nekover.se";
limiter = true;
image_proxy = true;
secret_key = "@SEARX_SECRET_KEY@";
};
search = {
safe_search = 0;
autocomplete = "duckduckgo";
};
ui.static_use_hash = true;
enabled_plugins = [ "Hash plugin" "Self Informations" "Tracker URL remover" "Ahmia blacklist" ];
};
environmentFile = "/secrets/searx-secret-key.secret";
};
}

11
config/hosts/searx/secrets.nix Normal file
View file

@ -0,0 +1,11 @@
{ keyCommandEnv, ... }:
{
deployment.keys."searx-secret-key.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "searx/secret-key" ];
destDir = "/secrets";
user = "root";
group = "root";
permissions = "0640";
uploadAt = "pre-activation";
};
}

1
config/hosts/web-public-2/nginx.nix
View file

@ -27,6 +27,7 @@
mewtube.nekover.se 127.0.0.1:8443; mewtube.nekover.se 127.0.0.1:8443;
nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443;
nix-cache.nekover.se 10.202.41.121:8443; nix-cache.nekover.se 10.202.41.121:8443;
searx.nekover.se 10.202.41.105:8443;
social.nekover.se 10.202.41.104:8443; social.nekover.se 10.202.41.104:8443;
} }
server { server {

1
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -7,6 +7,7 @@ let
"matrix.nekover.se" = "matrix.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de";
"netbox.grzb.de" = "netbox.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de";
"grafana.grzb.de" = "metrics.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de";
"searx.nekover.se" = "searx.vs.grzb.de";
"turn.nekover.se" = "coturn.vs.grzb.de"; "turn.nekover.se" = "coturn.vs.grzb.de";
}; };
in in

5
hosts.nix
View file

@ -89,6 +89,11 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
searx = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
environment = "proxmox";
};
tor-relay = { tor-relay = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";