feat: added searXNG to Ceres

2025-06-15 17:45:12 -05:00 · 2025-03-08 02:54:17 -06:00 · 2025-03-08 02:54:17 -06:00 · 2a06895e57
commit 2a06895e57
parent dafb2db862
1 changed files with 19 additions and 9 deletions
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@ -149,18 +149,28 @@ in
            virtualHosts = {
              "${host}" = {
                extraConfig = ''
-                  redir /.well-known/carddav /remote.php/dav/ 301
-                  redir /.well-known/caldav /remote.php/dav/ 301
-
-                  reverse_proxy ${localhost}:${toString service.ports.port0}
-
-                  tls ${service.ssl.cert} ${service.ssl.key}
-
-                  basicauth {
-                  		nick abc123
+                  # Handle all requests at root
+                  handle /* {
+                    # Using unix socket for uwsgi
+                    reverse_proxy unix/${config.services.searx.uwsgiConfig.socket} {
+                      transport unix
+                      transport protocol uwsgi
+                    }
                  }

+                  # TLS configuration
+                  tls ${service.ssl.cert} ${service.ssl.key}
+
+                  # Compression (equivalent to nginx's gzip settings)
                  encode zstd gzip
+
+                  # Common security headers (similar to nginx recommended settings)
+                  header {
+                    Strict-Transport-Security "max-age=31536000;"
+                    X-Content-Type-Options "nosniff"
+                    X-Frame-Options "DENY"
+                    Referrer-Policy "no-referrer-when-downgrade"
+                  }
                '';
              };
            };