diff --git a/.sops.yaml b/.sops.yaml index f04d450..5de3f5d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -17,3 +17,7 @@ creation_rules: key_groups: - age: - *primary + - path_regex: secrets/blarm-searxng.env + key_groups: + - age: + - *primary diff --git a/modules/nixos/services/searxng/default.nix b/modules/nixos/services/searxng/default.nix new file mode 100644 index 0000000..9dd3011 --- /dev/null +++ b/modules/nixos/services/searxng/default.nix @@ -0,0 +1,55 @@ +{ + lib, + config, + namespace, + ... +}: +with lib; +with lib.${namespace}; +let + cfg = config.${namespace}.services.searxng; +in +{ + options.${namespace}.services.searxng = with types; { + enable = mkBoolOpt false "SearXNG"; + redlib = mkBoolOpt true "Whether or not to enable redlib."; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 1340 ]; + + services.searx = { + enable = true; + environmentFile = "/run/secrets/searxng"; + settings.server = { + port = "1340"; + bind_address = "0.0.0.0"; + use_default_settings = true; + secret_key = "@secret_key@"; + }; + }; + + services.redlib = mkIf cfg.redlib { + enable = true; + address = "0.0.0.0"; + port = 1341; + openFirewall = true; + }; + + services.searx.settings.searx = mkIf cfg.redlib { + plugins.hostnames.SXNGPlugin.active = true; + }; + + services.searx.settings.hostnames.replace = mkIf cfg.redlib { + "(.*\.)?reddit\.com$" = "reddit.monapona.dev"; + "(.*\.)?redd\.it$" = "reddit.monapona.dev"; + }; + + sops.secrets.searxng = { + format = "dotenv"; + sopsFile = ../../../../secrets/blarm-searxng.env; + }; + + }; + +} diff --git a/secrets/blarm-searxng.env b/secrets/blarm-searxng.env new file mode 100644 index 0000000..010cb58 --- /dev/null +++ b/secrets/blarm-searxng.env @@ -0,0 +1,7 @@ +secret_key=ENC[AES256_GCM,data:mKnJFcFhIQZ3pmbUP96XRaaYxYgEfqNqmUZU9OZpgEOvBvsoZeeZaEDVefMXWUHkSAwUwo2LRUVCe8ih18ogyg==,iv:x9RfQGcJRycVWbNVrSLy2FVPYvnym5BjZkLnq0CS/oI=,tag:lSQTYPu+gBfEVUX75TnuPA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyTkNDaEZCSEFPN3F6ZDAv\nRis1TlVpQ1BJUXdzZWU1WjU4MUlPYXpxL0hZCjlGTFRGQWpzMVBvV0tYUm4vaXJU\nSHdUVFhoWXpXcXZsRGhVOWF1L1ZGUHcKLS0tIEFnR0xiYktBNWx2OWx6Wlh3SkdC\ncXRUdzBhZmVzMXNHMC9zYXlGZGw3d0UKFIZwVmwkkzF+vCi1jPChFu1JZng+nTEb\nh7vNYyt+leo71isYfTz+zw06sCJxy5Tw0xsiWqLmlr6W4HEvCN9fjA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl +sops_lastmodified=2025-05-23T14:23:44Z +sops_mac=ENC[AES256_GCM,data:pskgxqrL75uSgb2WEYheBsOMBtSDhkD6iwoqIMnp1Qv3w4rlkFwS1ixsCnPuROE4KK+rYQgIghN4jCdfrRMwaEC3mWM0jqi3IDM3FBgTUSdPjeI4m6EEY2LJa2RbQa5BqLSUl0XcjwHC6IpMiaThXtVcCHDmR5UE1h3I6RHexFU=,iv:jKT1YQ+nbLoQIyp+tVbPSWNJGYqSQHGRLHulNgT04Hc=,tag:bnCAZ4sxFOSdbX6gBLTk8A==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2 diff --git a/systems/x86_64-linux/blarm/default.nix b/systems/x86_64-linux/blarm/default.nix index 62c6e56..3c35668 100644 --- a/systems/x86_64-linux/blarm/default.nix +++ b/systems/x86_64-linux/blarm/default.nix @@ -58,6 +58,7 @@ with lib.${namespace}; restic = enabled; linkwarden = enabled; forgejo = enabled; + searxng = enabled; }; #container.invidious = enabled;