feat: added searXNG to Ceres

2025-06-16 01:55:13 -05:00 · 2025-03-08 01:55:30 -06:00 · 2025-03-08 01:55:30 -06:00 · b71055ab4f
commit b71055ab4f
parent 88058b1fec
1 changed files with 4 additions and 16 deletions
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@ -17,7 +17,7 @@ in
      redisCreateLocally = true;
      uwsgiConfig = {
        socket = "/run/searx/searx.sock";
-        http = ":8888";
+        http = ":${builtins.toString service.ports.port0}";
        chmod-socket = "660";
      };
      settings = {
@ -52,7 +52,7 @@ in

        server = {
          base_url = host;
-          port = 8888;
+          port = service.ports.port0;
          bind_address = localhost;
          secret_key = config.sops.secrets.searx-key.path;
          limiter = true;
@ -152,22 +152,10 @@ in
            redir /.well-known/carddav /remote.php/dav/ 301
            redir /.well-known/caldav /remote.php/dav/ 301

-            reverse_proxy ${localhost}:${toString service.ports.port0} {
-                header_up X-Forwarded-Proto https
-                header_up X-Real-IP {remote_host}
-                header_up Host {host}
-            }
+            reverse_proxy ${localhost}:${toString service.ports.port0}

            tls ${service.ssl.cert} ${service.ssl.key}

-            header {
-                Strict-Transport-Security "max-age=31536000; includeSubDomains"
-                X-Content-Type-Options "nosniff"
-                X-Frame-Options "DENY"
-                Referrer-Policy "no-referrer"
-                X-XSS-Protection "1; mode=block"
-            }
-
            encode zstd gzip
          '';
        };
@ -199,7 +187,7 @@ in
  networking = {
    firewall = {
      allowedTCPPorts = [
-        8888
+        service.ports.port0
      ];
    };
  };