aphrodite/search/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

{config, ...}: let
  searxDomain = "search.${config.customOps.domain.fqdn}";
in {
  imports = [./engines.nix];

  sops.secrets.searx.owner = "searx";

  services.searx = {
    enable = true;
    redisCreateLocally = true;

    limiterSettings = {
      real_ip = {
        x_for = 1;
        ipv4_prefix = 32;
        ipv6_prefix = 56;
      };

      botdetection = {
        ip_limit = {
          filter_link_local = true;
          link_token = true;
        };
      };
    };

    faviconsSettings = {
      favicons = {
        cfg_schema = 1;
        cache = {
          db_url = "/var/cache/searx/faviconcache.db";
          HOLD_TIME = 5184000;
          LIMIT_TOTAL_BYTES = 2147483648;
          BLOB_MAX_BYTES = 40960;
          MAINTENANCE_MODE = "auto";
          MAINTENANCE_PERIOD = 600;
        };
      };
    };

    settings = {
      general = {
        debug = false;
        instance_name = "${config.customOps.owner.username}'s search";
        donation_url = false;
        contact_url = false;
        privacypolicy_url = false;
        enable_metrics = false;
      };

      ui = {
        static_use_hash = true;
        default_locale = "en";
        query_in_title = false;
        infinite_scroll = true;
        center_alignment = false;
        default_theme = "simple";
        theme_args.simple_style = "auto";
        search_on_category_select = true;
        hotkeys = "vim";
        url_formatting = "full";
      };

      search = {
        safe_search = 0;
        autocomplete_min = 2;
        autocomplete = "duckduckgo";
        favicon_resolver = "allesedv";
        ban_time_on_fail = 5;
        max_ban_time_on_fail = 120;
      };

      server = {
        base_url = "https://${searxDomain}";
        port = 8888;
        bind_address = "127.0.0.1";
        secret_key = config.sops.secrets.searx.path;
        limiter = true;
        public_instance = true;
        image_proxy = false;
        method = "POST";
      };

      outgoing = {
        request_timeout = 30.0;
        pool_connections = 100;
        pool_maxsize = 15;
        enable_http2 = true;
      };

      enabled_plugins = [
        "Basic Calculator"
        "Hash plugin"
        "Tor check plugin"
        "Open Access DOI rewrite"
        "Hostnames plugin"
        "Unit converter plugin"
        "Tracker URL remover"
      ];
    };
  };

  services.nginx.virtualHosts.${searxDomain} = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://localhost:8888";
  };
}