searx: use limiter

2025-03-08 20:39:17 -05:00 · 2025-03-08 20:39:17 -05:00 · 2f7429a2c8
commit 2f7429a2c8
parent 4b458e7cd8
1 changed files with 13 additions and 1 deletions
--- a/modules/searx.nix
+++ b/modules/searx.nix
@ -5,7 +5,6 @@
 }:
 let
  cfg = config.my.searx;
-  sockPath = "/run/searx/searx.sock";
 in
 {
  options.my.searx = {
@ -25,6 +24,19 @@ in
        server.secret_key = "@SEARX_SECRET_KEY@";
      };
      environmentFile = config.sops.secrets."searx/env".path;
+      redisCreateLocally = true; # required for limiter
+      limiterSettings = {
+        real_ip = {
+          x_for = 1;
+          ipv4_prefix = 32;
+          ipv6_prefix = 56;
+        };
+        botdetection.ip_lists.pass_ip = [
+          "100.121.152.86"
+          "100.66.32.54"
+        ];
+        link_token = true;
+      };
    };

    services.caddy.virtualHosts."x.cy7.sh".extraConfig = ''