From 2a06895e57b4ad23c9665a98aa2bb403d46ff20b Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sat, 8 Mar 2025 02:54:17 -0600
Subject: [PATCH] feat: added searXNG to Ceres

---
 modules/nixos/services/searx/default.nix | 28 ++++++++++++++++--------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index 29c2bcb..8019f0d 100644
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -149,18 +149,28 @@ in
             virtualHosts = {
               "${host}" = {
                 extraConfig = ''
-                  redir /.well-known/carddav /remote.php/dav/ 301
-                  redir /.well-known/caldav /remote.php/dav/ 301
-
-                  reverse_proxy ${localhost}:${toString service.ports.port0}
-
-                  tls ${service.ssl.cert} ${service.ssl.key}
-
-                  basicauth {
-                  		nick abc123
+                  # Handle all requests at root
+                  handle /* {
+                    # Using unix socket for uwsgi
+                    reverse_proxy unix/${config.services.searx.uwsgiConfig.socket} {
+                      transport unix
+                      transport protocol uwsgi
+                    }
                   }
 
+                  # TLS configuration
+                  tls ${service.ssl.cert} ${service.ssl.key}
+
+                  # Compression (equivalent to nginx's gzip settings)
                   encode zstd gzip
+
+                  # Common security headers (similar to nginx recommended settings)
+                  header {
+                    Strict-Transport-Security "max-age=31536000;"
+                    X-Content-Type-Options "nosniff"
+                    X-Frame-Options "DENY"
+                    Referrer-Policy "no-referrer-when-downgrade"
+                  }
                 '';
               };
             };