From 512c0595cbde312961510504a5c0c0386be25294 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Tue, 31 Dec 2024 12:52:07 +0100
Subject: [PATCH] defiant: add SearXNG

---
 hosts/defiant/configuration.nix  |  1 +
 hosts/defiant/services/searx.nix | 39 ++++++++++++++++++++++++++++++++
 secrets/defiant/defiant.yaml     |  8 ++++---
 3 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 hosts/defiant/services/searx.nix

diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index 6f7e67d..b5fe5fd 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -29,6 +29,7 @@
       # ./services/minecraft.nix
       ./services/monitoring
       ./services/rtl-tcp.nix
+      ./services/searx.nix
       ./services/vaultwarden.nix
   ];
 
diff --git a/hosts/defiant/services/searx.nix b/hosts/defiant/services/searx.nix
new file mode 100644
index 0000000..f8bfc0a
--- /dev/null
+++ b/hosts/defiant/services/searx.nix
@@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.searx;
+  domain = "search.home.feal.no";
+in {
+  services.searx = {
+    enable = true;
+    environmentFile = config.sops.secrets."searx/envfile".path;
+    settings = {
+      server = {
+        secret_key = "@SEARX_SECRET_KEY@";
+        base_url = "http://${domain}";
+      };
+    };
+
+    runInUwsgi = true;
+    uwsgiConfig = {
+      socket = "/run/searx/searx.sock";
+      chmod-socket = "660";
+    };
+
+    redisCreateLocally = true;
+  };
+
+  sops.secrets."searx/envfile" = {
+    owner = "searx";
+    group = "searx";
+  };
+
+  users.groups."searx".members = [ "nginx" ];
+
+  services.nginx.virtualHosts."${domain}" = {
+    locations."/".extraConfig = ''
+      include ${config.services.nginx.package}/conf/uwsgi_params;
+      uwsgi_pass unix:${cfg.uwsgiConfig.socket};
+    '';
+  };
+}
+
diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml
index e1b6ef2..e658d7e 100644
--- a/secrets/defiant/defiant.yaml
+++ b/secrets/defiant/defiant.yaml
@@ -20,6 +20,8 @@ keycloak:
     postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
 koillection:
     envfile: ENC[AES256_GCM,data:3wq6xiULzELDxtDsBfPbKrnEsAEoG9oQREyaEoe0AVpJziVMrhEQruLCl1F/,iv:IscSmKD8nwQ2HmNnC+54rZrWMimdYPLCArmt/ToTdNM=,tag:J3QYTUtJhpn+R8hpqkA9zg==,type:str]
+searx:
+    envfile: ENC[AES256_GCM,data:BlLVb7C2z/kFxULQnNsGucFZg/R57i0GGMZ6PUhkG1fmYGdY0q31948Z1NoMMaEcwQEdOX6Z8+m96o/RjRTt7K3V+n5+cI1OX9pfoTBwDcJ7/w==,iv:MM+t38IZFdzCXM4jG7jH0uZZP8Zs8kyH8Xe3bPiVmUM=,tag:0ezofl1dDXm1o974f2wRrw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -53,8 +55,8 @@ sops:
             VVpkM0dwMnRwMlZhbGRWaE1tRVZLbWMKhDnvP1GLD6LqXJ4PnQFF8TsVzVAeAvQ7
             W2QzaoZGysaO06NMqJg1039RVJ7Tm7ZdEfqZLavYxk/tS4Wt3EGr4A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-01T10:13:16Z"
-    mac: ENC[AES256_GCM,data:SFZz05/9Wb5o9X0ieNxrk4LJkCniliQ7ykWR+ocLw+At9Ye620JQTYFHfpzT/h+aRdborgkRtldw0c5+UOzx9+F3HtoWsrK04uQ1qso8YjO87qEqlVenVPuOVUuvyVtPQOWyLrHOOPkLSrj0a1NQdPSsfxcC04DhSkiW4RTNWXw=,iv:zp6HP14YZYt8BNj7jPPM+cb5cBZThijfcaqDZ6rH5Hg=,tag:W+/XKoj61yUXL+PC5YXQlg==,type:str]
+    lastmodified: "2024-12-31T11:50:02Z"
+    mac: ENC[AES256_GCM,data:skTdbNg8f9c0YiSzv8v9j5duCqcd2sR/tmomeZz8iWM9FQHHs9EO/SMjGQBWIlYjIJS5Pv9g6/yI5WT8L3D/vK+Ajih32397X6noqSjTFv7yfJCaQh8NxNOC6Q8RRyPT5mNjB76HQb6IxHnQYg74zi5CUjMLXwsCAIOBJvcFyiE=,iv:wZtw3DN+g/2zjDpLGkwHLFnsZQ4zQY3oifOFWhsPTE4=,tag:aDeTeCxl7I132jhRrtpVMg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2