beagle: setup SearX(NG)

machines/beagle/configuration.nix

@@ -2,6 +2,7 @@
   imports = [
     ./modules/kanidm.nix
     ./modules/matrix.nix
+    ./modules/searx.nix
     ./modules/reverse-proxy.nix
   ];
 }

machines/beagle/modules/reverse-proxy.nix

@@ -50,6 +50,15 @@
           '';
         };
       };
+
+      "searx.peprolinbot.com" = {
+        forceSSL = true;
+        enableACME = true;
+
+        # Rest of configuration done in services.searx.configreNginx
+
+      };
+
     };
   };
 }

machines/beagle/modules/searx.nix

@@ -0,0 +1,27 @@
+{ config, ... }:
+{
+  clan.core.vars.generators.searx = {
+    prompts.secret-key = {
+      description = "SearX server.secret_key";
+      type = "hidden";
+    };
+
+    files.environment-file.secret = true;
+    script = ''
+      cat <<EOL > $out/environment-file
+      SEARX_SECRET_KEY=$(<$prompts/secret-key)
+      EOL
+    '';
+  };
+
+  services.searx = {
+    enable = true;
+    domain = "searx.peprolinbot.com";
+    configureNginx = true;
+    redisCreateLocally = true;
+    environmentFile = config.clan.core.vars.generators.searx.files.environment-file.path;
+    settings = {
+      server.secret_key = "$SEARX_SECRET_KEY";
+    };
+  };
+}

vars/per-machine/beagle/searx/environment-file/machines/beagle

@@ -0,0 +1 @@
+../../../../../../sops/machines/beagle

vars/per-machine/beagle/searx/environment-file/secret

@@ -0,0 +1,22 @@
+{
+	"data": "ENC[AES256_GCM,data:r1WBkckhbqVdTY/xQ2spdJABHu2htdWebhgk5UYt7/ZXjzyoyk79sHxPZd/f1QRqUv9og9d+XHwhbBeazRhNvnrn2VflBAS8Oi2MnrDvnMbDPJtWHD+r2r0cLW97hRXKfnyjhyg02bSlwAHqvrPSTTklt+uOq6sc6m/8JWBPfPyYCJbxiX23M35J/SK3b8RDUC4=,iv:4FG2RYZWCoL44JxFwln0+xO7XJs99mcrjwCAwCvo+C4=,tag:qkqkYDFHGHZ03sZ86e9HsQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1hcamqavws9xv6lda9wcv3vmtd47wg8nc3w6zmum9a9e42g0044nq3lp298",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TTZVd1F6cUJEK0ZNM0lU\ndVZUSlI4ZnZQcW9QV1lNa2ZvemR5QjFmb2pjCm55QmExdHpDR0pyZk5LR3R2Vm1h\nRGp0bUlBdHgvblJoc1NCZmNUTTZkdjgKLS0tIGtNVzMyVE9IcUM5b0IxZjFiQnhB\nKzhvYTlnSGpzdlNrQkVDMS90ZzFZanMKGoaZX8gLBeLzVO2XOb0COS/C/zsDd/cO\nKqQoes2MDC8seFaccHSQuQg2zSXx8c4yoeoZEbmCfqoZ8CPmy4e1gA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1lrg2j5a90yy4ccj4c8yrmkk4rx029t5hfh6n5a2nte77pwlspp8qvgmtmg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSWd5T0FLczFqekhGeUpD\nTHozRk9LeG0wVFdxVysrdjVvK3lOSzJadjM4CnkzQkdPWW9ReVU3UlFBWGJOc01S\nbUhqTSt2ZGtYY2NlYjlKcEQ4MkxtWjAKLS0tIGszVzJoSjB5U0o4eDZZakZZZ0Z0\ncU5NYmFLc1MyQTZiM2NwNjN5eHU0UDgKj3g/36vy/+YVhznJxVXwldiGl51P1Sj4\nlS1gu2i3I6r+XvBh8f/V0dEKiyvU+CaE5gkdVvWNWPriGt0kI9VAcg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1r2sw9uncvkqtklypw4rttufhw86lhhqrghed8l2kda6hdrd9ypyqm7y863",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd1Y3SmRKMmtDZlk0L01r\nVXZ1WEhUcTZveUwxWkdIZUdhVlJPRWl2ZGdnCmIrYXFwMnFXS0pIT1dpaml3U0NL\naTJiZkhNNzhMTmR1SGpzMEZ3WlRXOGsKLS0tIC9GbU85NjR5VDJxL21OWlNRL0U3\nUldQZEZubGZpZlJ6ZysyOGFLMTFoVnMKFvwUrIkgz9NeL+3gUj1p2DKhjKIB05QR\n/j6HXHxRMvyNhd/mxVwwng4QLmPpTiX6BczOFwCHJf6w41dJAQDexQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-12-27T13:09:50Z",
+		"mac": "ENC[AES256_GCM,data:0opYF8mB+AEXHsoOspbwpGDhF7M4i8cWOoJW1JC9kPSpV8Q1Y4PU8+OscYhjxq2+rtRPexvTbi/Kz/HCYSdNiiFlmm88yos17DQbOlQuE4kcu1A3vcayxYCNj7LUQI6LM/MPx9vPzrz812yWp5et2AKJr3ukJxtFuIce2uF3r28=,iv:GxbtKpPjkGpxLNzjslsTOTZcvLktVSE2h+5Y/GJN9+c=,tag:0Z6bVBpKn0+iA09kbBve7w==,type:str]",
+		"version": "3.11.0"
+	}
+}

vars/per-machine/beagle/searx/environment-file/users/pedro

@@ -0,0 +1 @@
+../../../../../../sops/users/pedro