add searx and fix caddy cloudflare stuff

2025-03-08 17:23:27 -05:00 · 2025-03-08 17:23:27 -05:00 · f8ac4c667d
commit f8ac4c667d
parent 72303fd21c
8 changed files with 85 additions and 7 deletions
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -29,11 +29,12 @@ in
        (common) {
          encode zstd gzip
          header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+          tls {
+            dns cloudflare {$CLOUDFLARE_KEY}
+            resolvers 1.1.1.1 8.8.8.8
+          }
        }
      '';
-      globalConfig = ''
-        acme_dns cloudflare {$CLOUDFLARE_KEY}
-      '';
      environmentFile = config.sops.secrets."caddy/env".path;
    };
  };
--- a/modules/default.nix
+++ b/modules/default.nix
@ -7,5 +7,6 @@
    ./zipline.nix
    ./containerization.nix
    ./vaultwarden.nix
+    ./searx.nix
  ];
 }
--- a/modules/searx.nix
+++ b/modules/searx.nix
@ -0,0 +1,35 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.searx;
+  sockPath = "/run/searx/searx.sock";
+in
+{
+  options.my.searx = {
+    enable = lib.mkEnableOption "searx";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.searx = {
+      enable = true;
+      runInUwsgi = true;
+      uwsgiConfig = {
+        disable-logging = true;
+        http = "127.0.0.1:8090";
+      };
+      settings = {
+        # get secret from env
+        server.secret_key = "@SEARX_SECRET_KEY@";
+      };
+      environmentFile = config.sops.secrets."searx/env".path;
+    };
+
+    services.caddy.virtualHosts."x.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy 127.0.0.1:8090
+    '';
+  };
+}