gerd: adds searx w/ authentication in front

This commit is contained in:
eyjhb 2024-12-17 13:20:51 +01:00
parent 3a0792caec
commit f160a3ebb6
No known key found for this signature in database
GPG key ID: 609F508E3239F920
5 changed files with 66 additions and 0 deletions

View file

@ -21,6 +21,7 @@
./gerd/services/nextcloud.nix ./gerd/services/nextcloud.nix
./gerd/services/stalwart ./gerd/services/stalwart
./gerd/services/wger ./gerd/services/wger
./gerd/services/searx.nix
./gerd/services/element.nix ./gerd/services/element.nix
./gerd/services/matrix-synapse.nix ./gerd/services/matrix-synapse.nix

View file

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
let
svc_domain = "searx.${config.mine.shared.settings.domain}";
port = 7378;
in {
services.searx = {
enable = true;
runInUwsgi = true;
redisCreateLocally = true;
environmentFile = config.age.secrets.searx-env.path;
uwsgiConfig.http = "127.0.0.1:${builtins.toString port}";
settings = {
general.debug = false;
server = {
base_url = "https://${svc_domain}";
secret_key = "@SECRET_KEY@";
};
};
};
# nginx
services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
forceSSL = true;
enableACME = true;
locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
proxyPass = "http://localhost:${builtins.toString port}";
};
};
# meta
mine.shared.meta.searx = {
name = "searX";
description = "We host our own searX, use it to search the web!";
url = "https://${svc_domain}";
package = let
pkg = config.services.searx.package;
in {
name = pkg.pname;
version = pkg.version;
meta = pkg.meta;
};
};
}

View file

@ -45,6 +45,9 @@
# restic # restic
restic-env.file = ./restic/env.age; restic-env.file = ./restic/env.age;
restic-pass.file = ./restic/pass.age; restic-pass.file = ./restic/pass.age;
# searx
searx-env.file = ./searx/env.age;
}; };
users.groups.secrets-lldap-bind-user-pass = {}; users.groups.secrets-lldap-bind-user-pass = {};

11
secrets/searx/env.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 QSDXqg fNc/NTcJ2bRYE0SIvKFIJG8mo9RrAvSxAB97RC+Gywg
10OeGwUb1GaxvS6gOMh4yIJsTAq1Q7QoLasHp0OSzEo
-> X25519 YSMcNwnLlqTImvRejhbowWVxTTo1bkhUL6BrQbXq7ns
LLIOfY+u/qT/PVBIniGh+WztTwmHGJuY8cgWuqGEkhg
-> ssh-ed25519 n8n9DQ Up+IltuGUo5c9MOGjrNV8tZH/CicwxKmRAJrlNL+bWw
P3d/iYWJNDl5FedbSXUrtVtgZ8YJTx0BHToIzZqMnxM
-> ssh-ed25519 BTp6UA 5fO9KgLtLJ2DEY4YuW5Ybt/BtziL1JmRUwJ0xYyMVhE
uOqXkfhkjG9ocjEzboWKe39+18q+Dr1WRIppQA4B/h4
--- rjsMU+9R21buoWlPfLWXxcBk5mHsSZ0H9uLgZTyS/9s
@~øWÅOì4@U.ÎcRÄšªbýÎ:øD¥<>ô΀ÕÅ)]XÑ—¤HßP]^þ­Ö<C2AD>úFœ4º=%8K@biçѼىžÝqÔfö ”j”1OZ_n¦

View file

@ -55,4 +55,7 @@ in
# restic # restic
"restic/env.age".publicKeys = defaultAccess; "restic/env.age".publicKeys = defaultAccess;
"restic/pass.age".publicKeys = defaultAccess; "restic/pass.age".publicKeys = defaultAccess;
# searx
"searx/env.age".publicKeys = defaultAccess;
} }