2024-10-24 14:02:14 +00:00
{
config ,
pkgs ,
. . .
} : {
age . secrets . searx-env-file . file = ../../secrets/searx-env-file.age ;
2024-10-23 16:04:37 +00:00
services = {
searx = {
enable = true ;
package = pkgs . searxng ;
2024-10-24 14:02:14 +00:00
environmentFile = config . age . secrets . searx-env-file . path ;
2024-10-23 16:04:37 +00:00
settings = {
search = {
safe_search = 1 ; # 0 = None, 1 = Moderate, 2 = Strict
autocomplete = " g o o g l e " ; # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang = " e n " ;
} ;
server = {
2024-10-24 14:02:14 +00:00
secret_key = " @ S E A R X _ S E C R E T _ K E Y @ " ;
2024-10-23 16:04:37 +00:00
port = 8888 ; # Internal port
bind_address = " l o c a l h o s t " ; # Only listen locally
base_url = " h t t p s : / / s e a r c h . n e z i a . d e v / " ;
image_proxy = true ;
default_http_headers = {
X-Content-Type-Options = " n o s n i f f " ;
X-XSS-Protection = " 1 ; m o d e = b l o c k " ;
X-Download-Options = " n o o p e n " ;
X-Robots-Tag = " n o i n d e x , n o f o l l o w " ;
Referrer-Policy = " n o - r e f e r r e r " ;
} ;
} ;
engines = [
{
name = " q w a n t " ;
disabled = true ;
}
] ;
} ;
} ;
caddy = {
enable = true ;
virtualHosts . " s e a r c h . n e z i a . d e v " = {
extraConfig = ''
encode gzip
reverse_proxy localhost:8888 {
header_up Host { host }
header_up X-Real-IP { remote_addr }
header_up X-Forwarded-For { remote_addr }
header_up X-Forwarded-Proto { scheme }
}
'' ;
} ;
} ;
} ;
# Open required ports
networking . firewall = {
allowedTCPPorts = [ 80 443 ] ; # For Caddy
} ;
}
