defiant: add SearXNG

hosts/defiant/configuration.nix

@@ -29,6 +29,7 @@
       # ./services/minecraft.nix
       ./services/monitoring
       ./services/rtl-tcp.nix
+      ./services/searx.nix
       ./services/vaultwarden.nix
   ];
 

hosts/defiant/services/searx.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.searx;
+  domain = "search.home.feal.no";
+in {
+  services.searx = {
+    enable = true;
+    environmentFile = config.sops.secrets."searx/envfile".path;
+    settings = {
+      server = {
+        secret_key = "@SEARX_SECRET_KEY@";
+        base_url = "http://${domain}";
+      };
+    };
+
+    runInUwsgi = true;
+    uwsgiConfig = {
+      socket = "/run/searx/searx.sock";
+      chmod-socket = "660";
+    };
+
+    redisCreateLocally = true;
+  };
+
+  sops.secrets."searx/envfile" = {
+    owner = "searx";
+    group = "searx";
+  };
+
+  users.groups."searx".members = [ "nginx" ];
+
+  services.nginx.virtualHosts."${domain}" = {
+    locations."/".extraConfig = ''
+      include ${config.services.nginx.package}/conf/uwsgi_params;
+      uwsgi_pass unix:${cfg.uwsgiConfig.socket};
+    '';
+  };
+}
+