From ba985dc3fd19507f20429afcd80efeef8975211d Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 6 Feb 2026 13:09:38 +0100
Subject: [PATCH] feat(nix): add Sops secret and update Searx configuration

- Added a new Sops secret for `searx/secret_key` with a corresponding configuration path.
- Updated Searx settings to include the `secret_key` reference.
- Ensures secure integration of secret management with Searx service.
---
 systems/x86_64-linux/sgx/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix
index be8954b..f1b31f3 100644
--- a/systems/x86_64-linux/sgx/default.nix
+++ b/systems/x86_64-linux/sgx/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -16,6 +16,7 @@
 
   sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
   sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml;
+  sops.secrets."searx/secret_key".sopsFile = ../../../.secrets/sgx/searx.yaml;
 
   environment.systemPackages = with pkgs; [
     claude-code
@@ -30,6 +31,11 @@
     uwsgiConfig = {
       http = ":8081";
     };
+    settings = {
+      server = {
+        secret_key = config.sops.secrets."searx/secret_key".path;
+      };
+    };
   };
 
   metacfg = {