diff options
| author | Sophie Tauchert <sophie@999eagle.moe> | 2023-06-28 12:38:53 +0200 |
|---|---|---|
| committer | Sophie Tauchert <sophie@999eagle.moe> | 2023-06-30 07:38:59 +0200 |
| commit | 0aa5adef62d97468a40bb839f81f6ac6fddb8316 (patch) | |
| tree | a3df0bf3ffacbcf6ff9b808bc17644d125265b6c /nixos/modules/services/networking/searx.nix | |
| parent | d129a6767eb4a0222605472dee19f0291dda9674 (diff) | |
| download | nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar.gz nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar.bz2 nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar.lz nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar.xz nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.tar.zst nixpkgs-0aa5adef62d97468a40bb839f81f6ac6fddb8316.zip | |
nixos/searx: add configuration for redis and limiter settings
Diffstat (limited to 'nixos/modules/services/networking/searx.nix')
| -rw-r--r-- | nixos/modules/services/networking/searx.nix | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index 6c57ddbde2d..40648c72481 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -10,6 +10,8 @@ let settingsFile = pkgs.writeText "settings.yml" (builtins.toJSON cfg.settings); + limiterSettingsFile = (pkgs.formats.toml { }).generate "limiter.toml" cfg.limiterSettings; + generateConfig = '' cd ${runDir} @@ -65,6 +67,15 @@ in ''; }; + redisCreateLocally = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Configure a local Redis server for SearXNG. This is required if you + want to enable the rate limiter and bot protection of SearXNG. + ''; + }; + settings = mkOption { type = types.attrsOf settingType; default = { }; @@ -111,6 +122,31 @@ in ''; }; + limiterSettings = mkOption { + type = types.attrsOf settingType; + default = { }; + example = literalExpression '' + { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + } + botdetection.ip_lists.block_ip = [ + # "93.184.216.34" # example.org + ]; + } + ''; + description = lib.mdDoc '' + Limiter settings for SearXNG. + + ::: {.note} + For available settings, see the SearXNG + [schema file](https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml). + ::: + ''; + }; + package = mkOption { type = types.package; default = pkgs.searx; @@ -158,6 +194,17 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ + { + assertion = (cfg.limiterSettings != { }) -> cfg.package.pname == "searxng"; + message = "services.searx.limiterSettings requires services.searx.package to be searxng."; + } + { + assertion = cfg.redisCreateLocally -> cfg.package.pname == "searxng"; + message = "services.searx.redisCreateLocally requires services.searx.package to be searxng."; + } + ]; + environment.systemPackages = [ cfg.package ]; users.users.searx = @@ -206,6 +253,7 @@ in services.searx.settings = { # merge NixOS settings with defaults settings.yml use_default_settings = mkDefault true; + redis.url = lib.mkIf cfg.redisCreateLocally "unix://${config.services.redis.servers.searx.unixSocket}"; }; services.uwsgi = mkIf (cfg.runInUwsgi) { @@ -231,7 +279,16 @@ in } // cfg.uwsgiConfig; }; + services.redis.servers.searx = lib.mkIf cfg.redisCreateLocally { + enable = true; + user = "searx"; + port = 0; + }; + + environment.etc."searxng/limiter.toml" = lib.mkIf (cfg.limiterSettings != { }) { + source = limiterSettingsFile; + }; }; - meta.maintainers = with maintainers; [ rnhmjoj ]; + meta.maintainers = with maintainers; [ rnhmjoj _999eagle ]; } |