beagle: setup SearX(NG)

2025-12-27 14:17:24 +01:00 · 2025-12-27 14:17:24 +01:00 · cf5fbef43c
commit cf5fbef43c
parent 6540e7e33f
6 changed files with 37 additions and 24 deletions
--- a/machines/beagle/configuration.nix
+++ b/machines/beagle/configuration.nix
@ -2,6 +2,7 @@
  imports = [
    ./modules/kanidm.nix
    ./modules/matrix.nix
+    ./modules/searx.nix
    ./modules/reverse-proxy.nix
  ];
 }
--- a/machines/beagle/modules/reverse-proxy.nix
+++ b/machines/beagle/modules/reverse-proxy.nix
@ -50,6 +50,15 @@
          '';
        };
      };
+
+      "searx.peprolinbot.com" = {
+        forceSSL = true;
+        enableACME = true;
+
+        # Rest of configuration done in services.searx.configreNginx
+
+      };
+
    };
  };
 }
--- a/machines/beagle/modules/searx.nix
+++ b/machines/beagle/modules/searx.nix
@ -0,0 +1,27 @@
+{ config, ... }:
+{
+  clan.core.vars.generators.searx = {
+    prompts.secret-key = {
+      description = "SearX server.secret_key";
+      type = "hidden";
+    };
+
+    files.environment-file.secret = true;
+    script = ''
+      cat <<EOL > $out/environment-file
+      SEARX_SECRET_KEY=$(<$prompts/secret-key)
+      EOL
+    '';
+  };
+
+  services.searx = {
+    enable = true;
+    domain = "searx.peprolinbot.com";
+    configureNginx = true;
+    redisCreateLocally = true;
+    environmentFile = config.clan.core.vars.generators.searx.files.environment-file.path;
+    settings = {
+      server.secret_key = "$SEARX_SECRET_KEY";
+    };
+  };
+}