From 88058b1fece76e887c3a61b8a21b13502414b90e Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sat, 8 Mar 2025 01:24:46 -0600
Subject: [PATCH] feat: added searXNG to Ceres

---
 modules/nixos/services/searx/default.nix | 299 ++++++++++++-----------
 1 file changed, 156 insertions(+), 143 deletions(-)

diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index ab6b2ec..be78da0 100644
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -11,157 +11,170 @@ let
   host = "${service.subdomain}.${web.domains.url0}";
 in
 {
-  services.searx = {
-    enable = true;
-    redisCreateLocally = true;
-    uwsgiConfig = {
-      socket = "/run/searx/searx.sock";
-      http = ":8888";
-      chmod-socket = "660";
+  services = {
+    searx = {
+      enable = true;
+      redisCreateLocally = true;
+      uwsgiConfig = {
+        socket = "/run/searx/searx.sock";
+        http = ":8888";
+        chmod-socket = "660";
+      };
+      settings = {
+        general = {
+          debug = false;
+          instance_name = "SearXNG Instance";
+          donation_url = false;
+          contact_url = false;
+          privacypolicy_url = false;
+          enable_metrics = false;
+        };
+
+        ui = {
+          static_use_hash = true;
+          default_locale = "en";
+          query_in_title = true;
+          infinite_scroll = true;
+          center_alignment = true;
+          default_theme = "simple";
+          theme_args.simple_style = "auto";
+          search_on_category_select = false;
+          hotkeys = "vim";
+        };
+
+        search = {
+          safe_search = 0;
+          autocomplete_min = 2;
+          autocomplete = "duckduckgo";
+          ban_time_on_fail = 5;
+          max_ban_time_on_fail = 120;
+        };
+
+        server = {
+          base_url = host;
+          port = 8888;
+          bind_address = localhost;
+          secret_key = config.sops.secrets.searx-key.path;
+          limiter = true;
+          public_instance = false;
+          image_proxy = true;
+          method = "GET";
+        };
+
+        engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
+          "duckduckgo".disabled = false;
+          "brave".disabled = false;
+          "bing".disabled = false;
+          "mojeek".disabled = true;
+          "mwmbl".disabled = false;
+          "mwmbl".weight = 0.4;
+          "qwant".disabled = true;
+          "crowdview".disabled = false;
+          "crowdview".weight = 0.5;
+          "curlie".disabled = true;
+          "ddg definitions".disabled = false;
+          "ddg definitions".weight = 2;
+          "wikibooks".disabled = false;
+          "wikidata".disabled = false;
+          "wikiquote".disabled = true;
+          "wikisource".disabled = true;
+          "wikispecies".disabled = false;
+          "wikispecies".weight = 0.5;
+          "wikiversity".disabled = false;
+          "wikiversity".weight = 0.5;
+          "wikivoyage".disabled = false;
+          "wikivoyage".weight = 0.5;
+          "currency".disabled = true;
+          "dictzone".disabled = true;
+          "lingva".disabled = true;
+          "bing images".disabled = false;
+          "brave.images".disabled = false;
+          "duckduckgo images".disabled = false;
+          "google images".disabled = false;
+          "qwant images".disabled = true;
+          "1x".disabled = true;
+          "artic".disabled = false;
+          "deviantart".disabled = false;
+          "flickr".disabled = true;
+          "imgur".disabled = false;
+          "library of congress".disabled = false;
+          "material icons".disabled = true;
+          "material icons".weight = 0.2;
+          "openverse".disabled = false;
+          "pinterest".disabled = true;
+          "svgrepo".disabled = false;
+          "unsplash".disabled = false;
+          "wallhaven".disabled = false;
+          "wikicommons.images".disabled = false;
+          "yacy images".disabled = true;
+          "bing videos".disabled = false;
+          "brave.videos".disabled = false;
+          "duckduckgo videos".disabled = true;
+          "google videos".disabled = false;
+          "qwant videos".disabled = false;
+          "dailymotion".disabled = true;
+          "google play movies".disabled = true;
+          "invidious".disabled = true;
+          "odysee".disabled = true;
+          "peertube".disabled = false;
+          "piped".disabled = true;
+          "rumble".disabled = false;
+          "sepiasearch".disabled = false;
+          "vimeo".disabled = false;
+          "youtube".disabled = false;
+          "brave.news".disabled = true;
+          "google news".disabled = true;
+        };
+
+        outgoing = {
+          request_timeout = 5.0;
+          max_request_timeout = 15.0;
+          pool_connections = 100;
+          pool_maxsize = 15;
+          enable_http2 = true;
+        };
+
+        enabled_plugins = [
+          "Basic Calculator"
+          "Hash plugin"
+          "Tor check plugin"
+          "Open Access DOI rewrite"
+          "Hostnames plugin"
+          "Unit converter plugin"
+          "Tracker URL remover"
+        ];
+      };
     };
-    settings = {
-      general = {
-        debug = false;
-        instance_name = "SearXNG Instance";
-        donation_url = false;
-        contact_url = false;
-        privacypolicy_url = false;
-        enable_metrics = false;
-      };
+    caddy = {
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            redir /.well-known/carddav /remote.php/dav/ 301
+            redir /.well-known/caldav /remote.php/dav/ 301
 
-      ui = {
-        static_use_hash = true;
-        default_locale = "en";
-        query_in_title = true;
-        infinite_scroll = true;
-        center_alignment = true;
-        default_theme = "simple";
-        theme_args.simple_style = "auto";
-        search_on_category_select = false;
-        hotkeys = "vim";
-      };
+            reverse_proxy ${localhost}:${toString service.ports.port0} {
+                header_up X-Forwarded-Proto https
+                header_up X-Real-IP {remote_host}
+                header_up Host {host}
+            }
 
-      search = {
-        safe_search = 0;
-        autocomplete_min = 2;
-        autocomplete = "duckduckgo";
-        ban_time_on_fail = 5;
-        max_ban_time_on_fail = 120;
-      };
+            tls ${service.ssl.cert} ${service.ssl.key}
 
-      server = {
-        base_url = host;
-        port = 8888;
-        bind_address = localhost;
-        secret_key = config.sops.secrets.searx-key.path;
-        limiter = true;
-        public_instance = false;
-        image_proxy = true;
-        method = "GET";
-      };
+            header {
+                Strict-Transport-Security "max-age=31536000; includeSubDomains"
+                X-Content-Type-Options "nosniff"
+                X-Frame-Options "DENY"
+                Referrer-Policy "no-referrer"
+                X-XSS-Protection "1; mode=block"
+            }
 
-      engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
-        "duckduckgo".disabled = false;
-        "brave".disabled = false;
-        "bing".disabled = false;
-        "mojeek".disabled = true;
-        "mwmbl".disabled = false;
-        "mwmbl".weight = 0.4;
-        "qwant".disabled = true;
-        "crowdview".disabled = false;
-        "crowdview".weight = 0.5;
-        "curlie".disabled = true;
-        "ddg definitions".disabled = false;
-        "ddg definitions".weight = 2;
-        "wikibooks".disabled = false;
-        "wikidata".disabled = false;
-        "wikiquote".disabled = true;
-        "wikisource".disabled = true;
-        "wikispecies".disabled = false;
-        "wikispecies".weight = 0.5;
-        "wikiversity".disabled = false;
-        "wikiversity".weight = 0.5;
-        "wikivoyage".disabled = false;
-        "wikivoyage".weight = 0.5;
-        "currency".disabled = true;
-        "dictzone".disabled = true;
-        "lingva".disabled = true;
-        "bing images".disabled = false;
-        "brave.images".disabled = false;
-        "duckduckgo images".disabled = false;
-        "google images".disabled = false;
-        "qwant images".disabled = true;
-        "1x".disabled = true;
-        "artic".disabled = false;
-        "deviantart".disabled = false;
-        "flickr".disabled = true;
-        "imgur".disabled = false;
-        "library of congress".disabled = false;
-        "material icons".disabled = true;
-        "material icons".weight = 0.2;
-        "openverse".disabled = false;
-        "pinterest".disabled = true;
-        "svgrepo".disabled = false;
-        "unsplash".disabled = false;
-        "wallhaven".disabled = false;
-        "wikicommons.images".disabled = false;
-        "yacy images".disabled = true;
-        "bing videos".disabled = false;
-        "brave.videos".disabled = false;
-        "duckduckgo videos".disabled = true;
-        "google videos".disabled = false;
-        "qwant videos".disabled = false;
-        "dailymotion".disabled = true;
-        "google play movies".disabled = true;
-        "invidious".disabled = true;
-        "odysee".disabled = true;
-        "peertube".disabled = false;
-        "piped".disabled = true;
-        "rumble".disabled = false;
-        "sepiasearch".disabled = false;
-        "vimeo".disabled = false;
-        "youtube".disabled = false;
-        "brave.news".disabled = true;
-        "google news".disabled = true;
+            encode zstd gzip
+          '';
+        };
       };
-
-      outgoing = {
-        request_timeout = 5.0;
-        max_request_timeout = 15.0;
-        pool_connections = 100;
-        pool_maxsize = 15;
-        enable_http2 = true;
-      };
-
-      enabled_plugins = [
-        "Basic Calculator"
-        "Hash plugin"
-        "Tor check plugin"
-        "Open Access DOI rewrite"
-        "Hostnames plugin"
-        "Unit converter plugin"
-        "Tracker URL remover"
-      ];
     };
+
   };
-
-  caddy = {
-    virtualHosts = {
-      "${host}" = {
-        extraConfig = ''
-          redir /.well-known/carddav /remote.php/dav/ 301
-          redir /.well-known/caldav /remote.php/dav/ 301
-
-          reverse_proxy ${localhost}:${toString service.ports.port0}
-
-          tls ${service.ssl.cert} ${service.ssl.key}
-
-          encode zstd gzip
-        '';
-      };
-    };
-  };
-
   sops =
     let
       sopsPath = secret: {