movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge pull request #240325 from 999eagle/update/searxng

Browse source 
nixos/searx: add configuration for redis and limiter settings
This commit is contained in:
Michele Guerini Rocco 2023-06-30 22:22:43 +02:00 committed by GitHub
commit aedc167ecf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 60 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -72,6 +72,8 @@
- If [`system.stateVersion`](#opt-system.stateVersion) is >=23.05, `pkgs.nextcloud26` will be installed by default. - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.05, `pkgs.nextcloud26` will be installed by default.
- Please note that an upgrade from v25 (or older) to v27 directly is not possible. Please upgrade to `nextcloud26` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud26;`](options.html#opt-services.nextcloud.package). - Please note that an upgrade from v25 (or older) to v27 directly is not possible. Please upgrade to `nextcloud26` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud26;`](options.html#opt-services.nextcloud.package).
- New options were added to `services.searx` for better SearXNG support, including options for the built-in rate limiter and bot protection and automatically configuring a local redis server.
- A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant. - A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant.
- DocBook option documentation is no longer supported, all module documentation now uses markdown. - DocBook option documentation is no longer supported, all module documentation now uses markdown.

59
nixos/modules/services/networking/searx.nix
View file

@ -10,6 +10,8 @@ let
settingsFile = pkgs.writeText "settings.yml" settingsFile = pkgs.writeText "settings.yml"
(builtins.toJSON cfg.settings); (builtins.toJSON cfg.settings);
limiterSettingsFile = (pkgs.formats.toml { }).generate "limiter.toml" cfg.limiterSettings;
generateConfig = '' generateConfig = ''
cd ${runDir} cd ${runDir}
@ -65,6 +67,15 @@ in
''; '';
}; };
redisCreateLocally = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Configure a local Redis server for SearXNG. This is required if you
want to enable the rate limiter and bot protection of SearXNG.
'';
};
settings = mkOption { settings = mkOption {
type = types.attrsOf settingType; type = types.attrsOf settingType;
default = { }; default = { };
@ -111,6 +122,31 @@ in
''; '';
}; };
limiterSettings = mkOption {
type = types.attrsOf settingType;
default = { };
example = literalExpression ''
{
real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
}
botdetection.ip_lists.block_ip = [
# "93.184.216.34" # example.org
];
}
'';
description = lib.mdDoc ''
Limiter settings for SearXNG.
::: {.note}
For available settings, see the SearXNG
[schema file](https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml).
:::
'';
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.searx; default = pkgs.searx;
@ -158,6 +194,17 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{
assertion = (cfg.limiterSettings != { }) -> cfg.package.pname == "searxng";
message = "services.searx.limiterSettings requires services.searx.package to be searxng.";
}
{
assertion = cfg.redisCreateLocally -> cfg.package.pname == "searxng";
message = "services.searx.redisCreateLocally requires services.searx.package to be searxng.";
}
];
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
users.users.searx = users.users.searx =
@ -206,6 +253,7 @@ in
services.searx.settings = { services.searx.settings = {
# merge NixOS settings with defaults settings.yml # merge NixOS settings with defaults settings.yml
use_default_settings = mkDefault true; use_default_settings = mkDefault true;
redis.url = lib.mkIf cfg.redisCreateLocally "unix://${config.services.redis.servers.searx.unixSocket}";
}; };
services.uwsgi = mkIf (cfg.runInUwsgi) { services.uwsgi = mkIf (cfg.runInUwsgi) {
@ -231,7 +279,16 @@ in
} // cfg.uwsgiConfig; } // cfg.uwsgiConfig;
}; };
services.redis.servers.searx = lib.mkIf cfg.redisCreateLocally {
enable = true;
user = "searx";
port = 0;
};
environment.etc."searxng/limiter.toml" = lib.mkIf (cfg.limiterSettings != { }) {
source = limiterSettingsFile;
};
}; };
meta.maintainers = with maintainers; [ rnhmjoj ]; meta.maintainers = with maintainers; [ rnhmjoj _999eagle ];
} }