feat(nix): refactor Searx configuration into separate module
- Moved Searx-related settings from `default.nix` and `nginx.nix` to a dedicated `searx.nix` module for improved modularity and maintainability. - Updated references and ACME certificate configuration to align with the new structure. - Simplifies management of Searx service and its associated secrets.
This commit is contained in:
parent
3a66722da1
commit
7f802aaca6
4 changed files with 35 additions and 21 deletions
34
systems/x86_64-linux/sgx/searx.nix
Normal file
34
systems/x86_64-linux/sgx/searx.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
sops.secrets."searx/secret_key".sopsFile = ../../../.secrets/sgx/searx.yaml;
|
||||
|
||||
services.searx = {
|
||||
enable = true;
|
||||
configureNginx = true;
|
||||
domain = "search.hoyer.world";
|
||||
uwsgiConfig = {
|
||||
http = ":8081";
|
||||
};
|
||||
settings = {
|
||||
server = {
|
||||
secret_key = config.sops.secrets."searx/secret_key".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"search.hoyer.world" = {
|
||||
enableACME = false;
|
||||
useACMEHost = "search.hoyer.world";
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs = {
|
||||
"internal.hoyer.world" = {
|
||||
extraDomainNames = [
|
||||
"search.hoyer.world"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue