From cb5f7483fcfcfe930e37406e7a7a351f77bae271 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Wed, 11 Dec 2024 21:49:37 -0500 Subject: [PATCH] Infini-DL360/searx: init --- hosts/Infini-DL360/default.nix | 1 + hosts/Infini-DL360/searx.nix | 49 +++++++++++++++++++++++++++++++ hosts/Infini-DL360/web.nix | 6 ++++ secrets/default.nix | 3 ++ secrets/searx.age | 53 ++++++++++++++++++++++++++++++++++ secrets/secrets.nix | 1 + 6 files changed, 113 insertions(+) create mode 100644 hosts/Infini-DL360/searx.nix create mode 100644 secrets/searx.age diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 4bf4fb3..f52f986 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -16,6 +16,7 @@ ./jellyfin.nix ./jupyter.nix ./postgresql.nix + ./searx.nix ./ssh.nix ./thelounge.nix ./vaultwarden.nix diff --git a/hosts/Infini-DL360/searx.nix b/hosts/Infini-DL360/searx.nix new file mode 100644 index 0000000..23a9024 --- /dev/null +++ b/hosts/Infini-DL360/searx.nix @@ -0,0 +1,49 @@ +{ config, common, ... }: +let + cfg = config.services.searx; + domain = common.subdomain "search"; +in +{ + services.searx = { + enable = true; + runInUwsgi = true; + redisCreateLocally = true; + environmentFile = config.secrets."searx"; + uwsgiConfig = { + disable-logging = true; + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + }; + settings = { + general = { + instance_name = domain; + }; + server = { + secret_key = "@SECRET_KEY@"; + base_url = "https://${domain}"; + default_locale = "en"; + default_theme = "oscar"; + }; + outgoing = { + useragent_suffix = "admin+search@inx.moe"; + }; + engines = [ + { + name = "wolframalpha"; + disabled = false; + } + ]; + }; + }; + + users.users.nginx.extraGroups = [ "searx" ]; + + services.nginx.virtualHosts.${domain} = common.nginx.ssl // { + locations."/" = { + extraConfig = '' + include ${config.services.nginx.package}/conf/uwsgi_params; + uwsgi_pass unix://${cfg.uwsgiConfig.socket}; + ''; + }; + }; +} diff --git a/hosts/Infini-DL360/web.nix b/hosts/Infini-DL360/web.nix index 4378c4d..98c1ff0 100644 --- a/hosts/Infini-DL360/web.nix +++ b/hosts/Infini-DL360/web.nix @@ -84,4 +84,10 @@ in }; }; }; + + services.uwsgi = { + enable = true; + plugins = [ "python3" ]; + instance.type = "emperor"; + }; } diff --git a/secrets/default.nix b/secrets/default.nix index 973de6d..fec9901 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -50,6 +50,9 @@ in (mkIf config.services.hedgedoc.enable { "hedgedoc" = withOwnerGroup "hedgedoc" secrets."hedgedoc"; }) + (mkIf config.services.searx.enable { + inherit (secrets) searx; + }) ]; }; } diff --git a/secrets/searx.age b/secrets/searx.age new file mode 100644 index 0000000..f433e61 --- /dev/null +++ b/secrets/searx.age @@ -0,0 +1,53 @@ +age-encryption.org/v1 +-> ssh-ed25519 sQ/0YA ub516AQXm3ubSofBXmtObFYCXlFgJRtHf71oZxlkbB4 +YL0eTfqSnK1Ewldm6l0l5Jj2OZypeSvNnLhG//EpZQg +-> ssh-ed25519 aYlTiQ 3Egmg9PdHQGlUI8txc0sT9fzuywK3c2V4xQM663XDQ8 +CsphnaO3tCiWfQ820+D1kyq3d/Hu+LDBfaaIC8Ybtew +-> ssh-ed25519 i9xGKA GmSdU6fIJmhxS8UDCYrZKAMc8nnkgUm7IW3ah8UH6hk +LS/O24sHo6tPxILMGF09cH4LivNgFLbMe5wpOGOnYoY +-> ssh-ed25519 ydxrGg P5z9ILpMGXOfl/AUF5Sg1c56aXGK06/9282jWDBV7QA +tPBy/2VkXMxsO3xPiLDS7/X9xMqs0G2mFOvfq5QCNos +-> ssh-ed25519 oqB+OQ h85peSSNxhCZVOEU7kKEfJKqMtiHZO+ZVC0/Tq7j6Ek +kPjdKj67uizjyUBI1ls9VUZJPv04egmxx8nKk6caUB0 +-> ssh-ed25519 gIJNbA xcjXKRKQrIj7MQXyTNmL85iPgdT6mYGOPcUcVeYYAFM +n6KKB7XZVs6RekC/WNNgL0PR5D3vEtlcLF/Al/BnV1I +-> ssh-ed25519 hjL/yw vdBvkdxk6CtCBSnv43F7wsQhoXP/oFeBCbFEg670W3E +0SVwIUoFqGAveUxr+pIkISSQQ2rBOMANJo9Q5bLO0zA +-> ssh-ed25519 Ig0rsg dKol4H1agWKqSoaRsQPj55NPw0TOhA+4bjo44OXAAmA +Swxed0gj51lOWs1we0onKvf9QzE+GBAW9uCv0WJXOT4 +-> ssh-ed25519 U4Pefg S6S1T7lJWS15+ExZPjG6waHKOgSR1VDnzkaMmRi++Go +IzdPLxtS1NHJqf4vyICUizJ1UuclJJEnFrba4QQwKGA +-> ssh-ed25519 GT2Stg 1AnTzw+1k/TvVaRyhVsKTZb4eAnQqLX2m53IvU99mCQ +jmRv4PTiQa0up0XdL1l+PJWWUFcx+xEqBj4HuRakcLg +-> ssh-ed25519 oAMyvg XTQLSc/wVKBb5s+QznW/F20ZJjMn4Gp/IQ//rEyhITs +R2OtDOGChr6XGbRavfHpmbVOlsRIynfKmFA1sIw3Vog +-> ssh-ed25519 VIHjXg fVQXONN8nO3dqOXrVliukCZhdWDIrheY0+TwZ3W8aSM +NI4noz3JaQupYOQO4AIKL4dDCfz5vMzsyLFd5nj1A6E +-> ssh-ed25519 VEv3zg /AJolXx3AxenxcdUJSy8eKX/pOz1aXvdA1HspZbbKAM +DhzdNu6wVib6uw3Ur5FzvqbXrgCrXsUxhHSXywALtoU +-> ssh-ed25519 m7J79g 1MqG0RMK6aO9/oZs1K5R0cuFTfN0P25aREEjwAO5e1s +3HI/HWLKpWtcESj+RplWDG91wwKKeLT+jD0zCyAPyrQ +-> ssh-ed25519 2S7Wcg eLQmhEVvnVaymJtWc5VR6O2xarNY0RHVja1aTMa2+kM +nzGImM3arQXMGFYo3097RG8BGrYSBIaRTFgPXNnj79E +-> ssh-ed25519 EMoPew WVP74lVLg3plwbLSUYcw0GoURg13v0WE9qDT8Zcq72o +Yczezv+4eBN3a+HxEg9m0+VVAtG+w5IkDzjLOLD0GaE +-> ssh-ed25519 izZ3FQ 8ewYGDrgXb/so1iEuIzzBhmntIjPCOlwxqR9I4/BIlY +wR9J8aw6JJBao/zZEf9Dde495LOc7a9ZZHul6QKjNqM +-> ssh-ed25519 zNb8DQ 5nP5zBB5DO4+UVyDfoQZgyufMUz17SKQ3FHi8z0bliA +v4/H70I8UkGacPFpC5FAlD/WbMp+88GYICkEcVlQ2KM +-> ssh-ed25519 GB2MZQ vpx6zRVn4LqdavyNcX3+IBTPGp/JtHgxrolg4Q308SQ ++IXch1ypC5rTPzJgHbvpXJ49u4uo3L/DBxvpt7uDq9U +-> ssh-ed25519 FelIjw Mz6t4S99QdcPSetOhvC0tqjdEDemHyeDOXkeHRys/hs +Qqh0sfdqCJXIL1s8SQ1HFqrHgST4Waghp8SffK+iS90 +-> ssh-ed25519 TRpHkw 7+omPYGQAiXEdncNnWtGQ7IF8RwxC7lOCBfL6y0qdmY +WVTugfIwhI8Y/6ycmf0jiv0NFLK6L7bMJkGpg343Iu0 +-> ssh-ed25519 rKpRzQ ohV4urqR5WbYE1sywlBVBzjMASbdNEUxieaC7YS8bS0 +SP2Kf4E0Fn6JkwUnSHYCOO9iFAP1sYEJ31hLIt3wztk +-> ssh-ed25519 8/Dzqw c+dem7ezgHTzwS2GUqeOFiTGPUD52Pcm82ngTRlgeBM +lUj/xoaG166L4HIcGg43ZMWRvb3PF0CSMSGfTQ4dRL4 +-> ssh-ed25519 tJyugw bxlnr/zti7QCmbC6EIavxwh8hGY+JlPPGwxs2a3QjTs +DrrmI8EYPnx023HS/huILihfztttzLJSzzcK+iPx0bU +-> ssh-ed25519 lpPUYw 4ahTmSxpWePsrJvQzJfAy0Ip8PsGGOStjH8m/QhodhI +JBGcNiCFzM07rG9MV+6V6Ft9xsvoDVRpr1k2Zw9nFxE +--- hXu/H1W/SbLfMdDnlJLte8Vjxt2w2kzOWXEJiIxg7n4 +@Շ=N:ܡmݓ"*,BVp$fU ~Y *0Mm;c-g܍i \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ad3efce..a86c521 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -40,4 +40,5 @@ generate [ "smtp-password.age" "hydra.age" "hedgedoc.age" + "searx.age" ]