From cf5fbef43c1f13e0e7e6a3f7a322789e3419b211 Mon Sep 17 00:00:00 2001
From: Pedro Rey Anca <personal@peprolinbot.com>
Date: Sat, 27 Dec 2025 14:17:24 +0100
Subject: [PATCH] beagle: setup SearX(NG)

---
 machines/beagle/configuration.nix             |  1 +
 machines/beagle/modules/reverse-proxy.nix     |  9 +++++++
 machines/beagle/modules/searx.nix             | 27 +++++++++++++++++++
 .../searx/credentials-file/machines/beagle    |  1 -
 .../beagle/searx/credentials-file/secret      | 22 ---------------
 .../beagle/searx/credentials-file/users/pedro |  1 -
 6 files changed, 37 insertions(+), 24 deletions(-)
 create mode 100644 machines/beagle/modules/searx.nix
 delete mode 120000 vars/per-machine/beagle/searx/credentials-file/machines/beagle
 delete mode 100644 vars/per-machine/beagle/searx/credentials-file/secret
 delete mode 120000 vars/per-machine/beagle/searx/credentials-file/users/pedro

diff --git a/machines/beagle/configuration.nix b/machines/beagle/configuration.nix
index d144a3c..75f6542 100644
--- a/machines/beagle/configuration.nix
+++ b/machines/beagle/configuration.nix
@@ -2,6 +2,7 @@
   imports = [
     ./modules/kanidm.nix
     ./modules/matrix.nix
+    ./modules/searx.nix
     ./modules/reverse-proxy.nix
   ];
 }
diff --git a/machines/beagle/modules/reverse-proxy.nix b/machines/beagle/modules/reverse-proxy.nix
index fea3844..040a328 100644
--- a/machines/beagle/modules/reverse-proxy.nix
+++ b/machines/beagle/modules/reverse-proxy.nix
@@ -50,6 +50,15 @@
           '';
         };
       };
+
+      "searx.peprolinbot.com" = {
+        forceSSL = true;
+        enableACME = true;
+
+        # Rest of configuration done in services.searx.configreNginx
+
+      };
+
     };
   };
 }
diff --git a/machines/beagle/modules/searx.nix b/machines/beagle/modules/searx.nix
new file mode 100644
index 0000000..ef66d2b
--- /dev/null
+++ b/machines/beagle/modules/searx.nix
@@ -0,0 +1,27 @@
+{ config, ... }:
+{
+  clan.core.vars.generators.searx = {
+    prompts.secret-key = {
+      description = "SearX server.secret_key";
+      type = "hidden";
+    };
+
+    files.environment-file.secret = true;
+    script = ''
+      cat <<EOL > $out/environment-file
+      SEARX_SECRET_KEY=$(<$prompts/secret-key)
+      EOL
+    '';
+  };
+
+  services.searx = {
+    enable = true;
+    domain = "searx.peprolinbot.com";
+    configureNginx = true;
+    redisCreateLocally = true;
+    environmentFile = config.clan.core.vars.generators.searx.files.environment-file.path;
+    settings = {
+      server.secret_key = "$SEARX_SECRET_KEY";
+    };
+  };
+}
diff --git a/vars/per-machine/beagle/searx/credentials-file/machines/beagle b/vars/per-machine/beagle/searx/credentials-file/machines/beagle
deleted file mode 120000
index ad4f57d..0000000
--- a/vars/per-machine/beagle/searx/credentials-file/machines/beagle
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/beagle
\ No newline at end of file
diff --git a/vars/per-machine/beagle/searx/credentials-file/secret b/vars/per-machine/beagle/searx/credentials-file/secret
deleted file mode 100644
index 88f6009..0000000
--- a/vars/per-machine/beagle/searx/credentials-file/secret
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:6ChD8x6SoPaXkbRiOhPtLQi7Re+dXkPyIylpCRKbIU3MLkUgt4qlNKQPOpLH8Kqm2bvUQ6m0eKlMfIdxW7hfZmZnJJ0xqjeaAtlsOQkLrGOiGINd7AIQR/JzcxNAPhUy7kDOxJpu/tL3emG+AC7SSM41isUmFWJUOlokBFOIcah4gdFRqtIpH4RoLEEOTI61XWc=,iv:pycKyu8DbOIpNVMSk+fxbD4q9HlvcvZ29hO5ZKt/nCE=,tag:WsaHkmyIlGThsaUSIlpvHA==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VkJCNlVSNUFBWTRxTGha\nYjg2SEIwREEzY3dJU1EvUUNLc0pPTG54ZmxRCndNbThWako3cm11VDd3Zlkzd2RK\ndVlEYzNraTJSK3lLYjh0K1VMUUxGVFEKLS0tIEN5ODQ2SkVnNGIrcVlpVVRHZHIx\nbVpvbFphQVdmTXFxMTMrMkdEaVg5Z0kKWPbjeciIjsNPIExBMvRHvfUhaDibDWet\nP94LhgEdwP0P81fEY+kXBcSDpSvpBlOmy+5irJnnycZxbcUo7APSQA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc1NaeUlxYnQyV1QrcmU3\neEsxZmc4dEJJS3BrNkZzV3h0eUdEWU5ZZXlzCjYwbVRJMzFFS0pYVjZEcjdUQzFR\nL1dZRTBCWlNlbjV3YWQyQksreE1BZDAKLS0tIGxlekJERWVBUW5sNCtmMGpBTUhq\ndEhXMThxWWpSeW5CZWpPZ3NhdmxHVE0KLcumlX/WnKeUA1IGljYEl0p8bOZumTxo\nWxKTUV5noeNFStsyZM3t7nnrb61c7LbDPhw5iMeRCCTg5h8lDHobWg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdzJxNFRPaFpBK1RtNDdn\nVXhMNm52V2p1WXFqVGMwN1JyRFRyczZ0N3dNClY1YU5KNkNPWGJwK3NieWhvZzNU\neWlkQUJsZFJrdE90TXZjS3IzUEhRTTQKLS0tIHJCRWdEQmhlaTNiNUMzMDBLY3Q3\nMzgyUlBaaThxeGdGSmdxVEtwdE5rcFkKN0jk27yKXmsAF1p9Yd5ovWCZX6UAHUcd\nIF0tguoT1QgkFDO8ur9FbJCLwJeB2Cn+tPktpWZoxZ6XfepcSQosUA==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-12-27T13:06:12Z",
-		"mac": "ENC[AES256_GCM,data:wvtVJx1mXIpvJsn3d1wP6n/D8U5N1BD19XGGVCg/DOUlauoi9HWycBF85zINg1qgksgJLDL/j5dsAz+guRxW7XuW0a5mWgtWs5W1G2Lp7DhHznUyA6y1LBzmD2RdSO5ZQl3ma0w+Zyl4KI4/CI/VNy/Yy1K8lqW2u6xG31eoOgo=,iv:J3uCdT2ZKPvEwUD/ERK4VK3hAnvNe/0wzJDGLf9aOz0=,tag:Sap5JOCrZElahv6JvZ/YUg==,type:str]",
-		"version": "3.11.0"
-	}
-}
diff --git a/vars/per-machine/beagle/searx/credentials-file/users/pedro b/vars/per-machine/beagle/searx/credentials-file/users/pedro
deleted file mode 120000
index ae0c694..0000000
--- a/vars/per-machine/beagle/searx/credentials-file/users/pedro
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/pedro
\ No newline at end of file