flocon/config/nixos/services/searx.nix

61 lines
1.7 KiB
Nix

{
config,
pkgs,
...
}: {
age.secrets.searx-env-file.file = ../../../secrets/searx-env-file.age;
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.age.secrets.searx-env-file.path;
settings = {
search = {
safe_search = 1; # 0 = None, 1 = Moderate, 2 = Strict
autocomplete = "google"; # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang = "en";
};
server = {
secret_key = "@SEARX_SECRET_KEY@";
port = 8888; # Internal port
bind_address = "localhost"; # Only listen locally
base_url = "https://search.nezia.dev/";
image_proxy = true;
default_http_headers = {
X-Content-Type-Options = "nosniff";
X-XSS-Protection = "1; mode=block";
X-Download-Options = "noopen";
X-Robots-Tag = "noindex, nofollow";
Referrer-Policy = "no-referrer";
};
};
engines = [
{
name = "qwant";
disabled = true;
}
];
};
};
caddy = {
enable = true;
virtualHosts."search.nezia.dev" = {
extraConfig = ''
encode gzip
reverse_proxy localhost:8888 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Forwarded-Proto {scheme}
}
'';
};
};
};
# Open required ports
networking.firewall = {
allowedTCPPorts = [80 443]; # For Caddy
};
}