dotfiles/system/hosts/server/searxng.nix

58 lines
2.1 KiB
Nix
Raw Permalink Normal View History

2023-10-26 06:49:55 +07:00
{ config
, lib
, pkgs
, ... }:
let
cfg = config.server;
in {
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
quic = true;
enableACME = true;
forceSSL = true;
# locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
locations."/".extraConfig = ''
uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
include ${config.services.nginx.package}/conf/uwsgi_params;
'';
};
services.searx.enable = true;
services.searx.package = pkgs.searxng;
services.searx.runInUwsgi = true;
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
};
services.searx.environmentFile = /var/lib/searx/searx.env;
services.searx.settings = {
use_default_settings = true;
search = {
safe_search = 0;
autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
};
server = {
port = 8888;
bind_address = "::1";
secret_key = "@SEARX_SECRET_KEY@";
base_url = "https://search.${cfg.domainName}/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
outgoing = {
request_timeout = 5.0; # default timeout in seconds, can be override by engine
max_request_timeout = 15.0; # the maximum timeout in seconds
pool_connections = 100; # Maximum number of allowable connections, or null
pool_maxsize = 10; # Number of allowable keep-alive connections, or null
enable_http2 = true; # See https://www.python-httpx.org/http2/
};
};
}