harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(nix): refactor Searx configuration into separate module

Browse source 
- Moved Searx-related settings from `default.nix` and `nginx.nix` to a dedicated `searx.nix` module for improved modularity and maintainability.
- Updated references and ACME certificate configuration to align with the new structure.
- Simplifies management of Searx service and its associated secrets.
This commit is contained in:
Harald Hoyer 2026-02-06 13:27:29 +01:00
parent 3a66722da1
commit 7f802aaca6
4 changed files with 35 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

1
systems/x86_64-linux/sgx/acme.nix
View file

@ -15,7 +15,6 @@
"openwebui.hoyer.world" "openwebui.hoyer.world"
"syncthing.hoyer.world" "syncthing.hoyer.world"
"home.hoyer.world" "home.hoyer.world"
"search.hoyer.world"
]; ];
}; };
}; };

16
systems/x86_64-linux/sgx/default.nix
View file

@ -10,13 +10,13 @@
./nginx.nix ./nginx.nix
./mail.nix ./mail.nix
./wyoming.nix ./wyoming.nix
./searx.nix
]; ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml; sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml; sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml;
sops.secrets."searx/secret_key".sopsFile = ../../../.secrets/sgx/searx.yaml;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
claude-code claude-code
@ -24,20 +24,6 @@
services.tailscale.enable = true; services.tailscale.enable = true;
services.searx = {
enable = true;
configureNginx = true;
domain = "search.hoyer.world";
uwsgiConfig = {
http = ":8081";
};
settings = {
server = {
secret_key = config.sops.secrets."searx/secret_key".path;
};
};
};
metacfg = { metacfg = {
services.nginxBase.enable = true; services.nginxBase.enable = true;
services.acmeBase.enable = true; services.acmeBase.enable = true;

5
systems/x86_64-linux/sgx/nginx.nix
View file

@ -32,10 +32,5 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"search.hoyer.world" = {
enableACME = false;
useACMEHost = "search.hoyer.world";
forceSSL = true;
};
}; };
} }

34
systems/x86_64-linux/sgx/searx.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, config, ... }:
{
sops.secrets."searx/secret_key".sopsFile = ../../../.secrets/sgx/searx.yaml;
services.searx = {
enable = true;
configureNginx = true;
domain = "search.hoyer.world";
uwsgiConfig = {
http = ":8081";
};
settings = {
server = {
secret_key = config.sops.secrets."searx/secret_key".path;
};
};
};
services.nginx.virtualHosts = {
"search.hoyer.world" = {
enableACME = false;
useACMEHost = "search.hoyer.world";
forceSSL = true;
};
};
security.acme.certs = {
"internal.hoyer.world" = {
extraDomainNames = [
"search.hoyer.world"
];
};
};
}