movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 05:05:29 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/modules/services/networking/searx.nix
Silvan Mosberger 374e6bcc40 treewide: Format all Nix files 
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:

  nix-build ci -A fmt.check

This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).

This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).

Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).

If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
2025-04-01 20:10:43 +02:00

331 lines
9 KiB
Nix
Raw Blame History

{
options,
config,
lib,
pkgs,
...
}:
with lib;
let
runDir = "/run/searx";
cfg = config.services.searx;
settingsFile = pkgs.writeText "settings.yml" (builtins.toJSON cfg.settings);
limiterSettingsFile = (pkgs.formats.toml { }).generate "limiter.toml" cfg.limiterSettings;
faviconsSettingsFile = (pkgs.formats.toml { }).generate "favicons.toml" cfg.faviconsSettings;
generateConfig = ''
cd ${runDir}
# write NixOS settings as JSON
(
umask 077
cp --no-preserve=mode ${settingsFile} settings.yml
)
# substitute environment variables
env -0 | while IFS='=' read -r -d ''' n v; do
sed "s#@$n@#$v#g" -i settings.yml
done
'';
settingType =
with types;
(oneOf [
bool
int
float
str
(listOf settingType)
(attrsOf settingType)
])
// {
description = "JSON value";
};
in
{
imports = [
(mkRenamedOptionModule [ "services" "searx" "configFile" ] [ "services" "searx" "settingsFile" ])
];
options = {
services.searx = {
enable = mkOption {
type = types.bool;
default = false;
relatedPackages = [ "searx" ];
description = "Whether to enable Searx, the meta search engine.";
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Environment file (see {manpage}`systemd.exec(5)`
"EnvironmentFile=" section for the syntax) to define variables for
Searx. This option can be used to safely include secret keys into the
Searx configuration.
'';
};
redisCreateLocally = mkOption {
type = types.bool;
default = false;
description = ''
Configure a local Redis server for SearXNG. This is required if you
want to enable the rate limiter and bot protection of SearXNG.
'';
};
settings = mkOption {
type = types.attrsOf settingType;
default = { };
example = literalExpression ''
{ server.port = 8080;
server.bind_address = "0.0.0.0";
server.secret_key = "@SEARX_SECRET_KEY@";
engines = lib.singleton
{ name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
};
}
'';
description = ''
Searx settings. These will be merged with (taking precedence over)
the default configuration. It's also possible to refer to
environment variables
(defined in [](#opt-services.searx.environmentFile))
using the syntax `@VARIABLE_NAME@`.
::: {.note}
For available settings, see the Searx
[docs](https://searx.github.io/searx/admin/settings.html).
:::
'';
};
settingsFile = mkOption {
type = types.path;
default = "${runDir}/settings.yml";
description = ''
The path of the Searx server settings.yml file. If no file is
specified, a default file is used (default config file has debug mode
enabled). Note: setting this options overrides
[](#opt-services.searx.settings).
::: {.warning}
This file, along with any secret key it contains, will be copied
into the world-readable Nix store.
:::
'';
};
limiterSettings = mkOption {
type = types.attrsOf settingType;
default = { };
example = literalExpression ''
{
real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
}
botdetection.ip_lists.block_ip = [
# "93.184.216.34" # example.org
];
}
'';
description = ''
Limiter settings for SearXNG.
::: {.note}
For available settings, see the SearXNG
[schema file](https://github.com/searxng/searxng/blob/master/searx/limiter.toml).
:::
'';
};
faviconsSettings = mkOption {
type = types.attrsOf settingType;
default = { };
example = literalExpression ''
{
favicons = {
cfg_schema = 1;
cache = {
db_url = "/run/searx/faviconcache.db";
HOLD_TIME = 5184000;
LIMIT_TOTAL_BYTES = 2147483648;
BLOB_MAX_BYTES = 40960;
MAINTENANCE_MODE = "auto";
MAINTENANCE_PERIOD = 600;
};
};
}
'';
description = ''
Favicons settings for SearXNG.
::: {.note}
For available settings, see the SearXNG
[schema file](https://github.com/searxng/searxng/blob/master/searx/favicons/favicons.toml).
:::
'';
};
package = mkPackageOption pkgs "searxng" { };
runInUwsgi = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run searx in uWSGI as a "vassal", instead of using its
built-in HTTP server. This is the recommended mode for public or
large instances, but is unnecessary for LAN or local-only use.
::: {.warning}
The built-in HTTP server logs all queries by default.
:::
'';
};
uwsgiConfig = mkOption {
type = options.services.uwsgi.instance.type;
default = {
http = ":8080";
};
example = literalExpression ''
{
disable-logging = true;
http = ":8080"; # serve via HTTP...
socket = "/run/searx/searx.sock"; # ...or UNIX socket
chmod-socket = "660"; # allow the searx group to read/write to the socket
}
'';
description = ''
Additional configuration of the uWSGI vassal running searx. It
should notably specify on which interfaces and ports the vassal
should listen.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
users.users.searx = {
description = "Searx daemon user";
group = "searx";
isSystemUser = true;
};
users.groups.searx = { };
systemd.services.searx-init = {
description = "Initialise Searx settings";
serviceConfig =
{
Type = "oneshot";
RemainAfterExit = true;
User = "searx";
RuntimeDirectory = "searx";
RuntimeDirectoryMode = "750";
}
// optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = builtins.toPath cfg.environmentFile;
};
script = generateConfig;
};
systemd.services.searx = mkIf (!cfg.runInUwsgi) {
description = "Searx server, the meta search engine.";
wantedBy = [
"network.target"
"multi-user.target"
];
requires = [ "searx-init.service" ];
after = [ "searx-init.service" ];
serviceConfig =
{
User = "searx";
Group = "searx";
ExecStart = lib.getExe cfg.package;
}
// optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = builtins.toPath cfg.environmentFile;
};
environment = {
SEARX_SETTINGS_PATH = cfg.settingsFile;
SEARXNG_SETTINGS_PATH = cfg.settingsFile;
};
};
systemd.services.uwsgi = mkIf cfg.runInUwsgi {
requires = [ "searx-init.service" ];
after = [ "searx-init.service" ];
};
services.searx.settings = {
# merge NixOS settings with defaults settings.yml
use_default_settings = mkDefault true;
redis.url = lib.mkIf cfg.redisCreateLocally "unix://${config.services.redis.servers.searx.unixSocket}";
};
services.uwsgi = mkIf cfg.runInUwsgi {
enable = true;
plugins = [ "python3" ];
instance.type = "emperor";
instance.vassals.searx = {
type = "normal";
strict = true;
immediate-uid = "searx";
immediate-gid = "searx";
lazy-apps = true;
enable-threads = true;
module = "searx.webapp";
env = [
# TODO: drop this as it is only required for searx
"SEARX_SETTINGS_PATH=${cfg.settingsFile}"
# searxng compatibility https://github.com/searxng/searxng/issues/1519
"SEARXNG_SETTINGS_PATH=${cfg.settingsFile}"
];
buffer-size = 32768;
pythonPackages = self: [ cfg.package ];
} // cfg.uwsgiConfig;
};
services.redis.servers.searx = lib.mkIf cfg.redisCreateLocally {
enable = true;
user = "searx";
port = 0;
};
environment.etc = {
"searxng/limiter.toml" = lib.mkIf (cfg.limiterSettings != { }) {
source = limiterSettingsFile;
};
"searxng/favicons.toml" = lib.mkIf (cfg.faviconsSettings != { }) {
source = faviconsSettingsFile;
};
};
};
meta.maintainers = with maintainers; [
rnhmjoj
_999eagle
];
}
Reference in a new issue View git blame Copy permalink