feat: added searXNG

modules/nixos/default.nix

@@ -12,6 +12,7 @@ in
           ollama
           hypr
           wayland
+          searx
           xserver
           ;
       };

modules/nixos/services/acme/default.nix

@@ -4,15 +4,9 @@
   ...
 }:
 let
-  inherit (flake.config.people)
+  inherit (flake.config.people) user0;
-    user0
+  inherit (flake.config.people.users.${user0}) email;
-    ;
+  inherit (flake.config.services) instances;
-  inherit (flake.config.people.users.${user0})
-    email
-    ;
-  inherit (flake.config.services)
-    instances
-    ;
   domain0 = instances.web.domains.url0;
   domain1 = instances.web.domains.url1;
   domain3 = instances.web.domains.url3;
@@ -42,6 +36,7 @@ in
           "minecraft"
           "ollama"
           "syncthing"
+          "searx"
           "vaultwarden"
         ]
       )

modules/nixos/services/nextcloud/default.nix

@@ -5,20 +5,10 @@
   ...
 }:
 let
-  inherit (flake.config.people)
+  inherit (flake.config.people) user0;
-    user0
+  inherit (flake.config.people.users.${user0}) name;
-    ;
+  inherit (flake.config.machines.devices) ceres;
-  inherit (flake.config.people.users.${user0})
+  inherit (flake.config.services.instances) nextcloud nginx web;
-    name
-    ;
-  inherit (flake.config.machines.devices)
-    ceres
-    ;
-  inherit (flake.config.services.instances)
-    nextcloud
-    nginx
-    web
-    ;
   service = nextcloud;
   localhost = web.localhost.address0;
   host = "${service.subdomain}.${web.domains.url1}";

modules/nixos/services/searx/default.nix

@@ -0,0 +1,205 @@
+{
+  flake,
+  lib,
+  config,
+  ...
+}:
+let
+  inherit (flake.config.services.instances) searx web;
+  service = searx;
+  localhost = web.localhost.address0;
+  host = "${service.subdomain}.${web.domains.url0}";
+in
+{
+  services.searx = {
+    enable = true;
+    redisCreateLocally = true;
+    uwsgiConfig = {
+      socket = "/run/searx/searx.sock";
+      http = ":8888";
+      chmod-socket = "660";
+    };
+    settings = {
+      general = {
+        debug = false;
+        instance_name = "SearXNG Instance";
+        donation_url = false;
+        contact_url = false;
+        privacypolicy_url = false;
+        enable_metrics = false;
+      };
+
+      ui = {
+        static_use_hash = true;
+        default_locale = "en";
+        query_in_title = true;
+        infinite_scroll = true;
+        center_alignment = true;
+        default_theme = "simple";
+        theme_args.simple_style = "auto";
+        search_on_category_select = false;
+        hotkeys = "vim";
+      };
+
+      search = {
+        safe_search = 0;
+        autocomplete_min = 2;
+        autocomplete = "duckduckgo";
+        ban_time_on_fail = 5;
+        max_ban_time_on_fail = 120;
+      };
+
+      server = {
+        base_url = host;
+        port = 8888;
+        bind_address = localhost;
+        secret_key = config.sops.secrets.searx-key.path;
+        limiter = true;
+        public_instance = false;
+        image_proxy = true;
+        method = "GET";
+      };
+
+      engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
+        "duckduckgo".disabled = false;
+        "brave".disabled = false;
+        "bing".disabled = false;
+        "mojeek".disabled = true;
+        "mwmbl".disabled = false;
+        "mwmbl".weight = 0.4;
+        "qwant".disabled = true;
+        "crowdview".disabled = false;
+        "crowdview".weight = 0.5;
+        "curlie".disabled = true;
+        "ddg definitions".disabled = false;
+        "ddg definitions".weight = 2;
+        "wikibooks".disabled = false;
+        "wikidata".disabled = false;
+        "wikiquote".disabled = true;
+        "wikisource".disabled = true;
+        "wikispecies".disabled = false;
+        "wikispecies".weight = 0.5;
+        "wikiversity".disabled = false;
+        "wikiversity".weight = 0.5;
+        "wikivoyage".disabled = false;
+        "wikivoyage".weight = 0.5;
+        "currency".disabled = true;
+        "dictzone".disabled = true;
+        "lingva".disabled = true;
+        "bing images".disabled = false;
+        "brave.images".disabled = false;
+        "duckduckgo images".disabled = false;
+        "google images".disabled = false;
+        "qwant images".disabled = true;
+        "1x".disabled = true;
+        "artic".disabled = false;
+        "deviantart".disabled = false;
+        "flickr".disabled = true;
+        "imgur".disabled = false;
+        "library of congress".disabled = false;
+        "material icons".disabled = true;
+        "material icons".weight = 0.2;
+        "openverse".disabled = false;
+        "pinterest".disabled = true;
+        "svgrepo".disabled = false;
+        "unsplash".disabled = false;
+        "wallhaven".disabled = false;
+        "wikicommons.images".disabled = false;
+        "yacy images".disabled = true;
+        "bing videos".disabled = false;
+        "brave.videos".disabled = false;
+        "duckduckgo videos".disabled = true;
+        "google videos".disabled = false;
+        "qwant videos".disabled = false;
+        "dailymotion".disabled = true;
+        "google play movies".disabled = true;
+        "invidious".disabled = true;
+        "odysee".disabled = true;
+        "peertube".disabled = false;
+        "piped".disabled = true;
+        "rumble".disabled = false;
+        "sepiasearch".disabled = false;
+        "vimeo".disabled = false;
+        "youtube".disabled = false;
+        "brave.news".disabled = true;
+        "google news".disabled = true;
+      };
+
+      outgoing = {
+        request_timeout = 5.0;
+        max_request_timeout = 15.0;
+        pool_connections = 100;
+        pool_maxsize = 15;
+        enable_http2 = true;
+      };
+
+      enabled_plugins = [
+        "Basic Calculator"
+        "Hash plugin"
+        "Tor check plugin"
+        "Open Access DOI rewrite"
+        "Hostnames plugin"
+        "Unit converter plugin"
+        "Tracker URL remover"
+      ];
+    };
+  };
+
+  caddy = {
+    virtualHosts = {
+      "${host}" = {
+        extraConfig = ''
+          redir /.well-known/carddav /remote.php/dav/ 301
+          redir /.well-known/caldav /remote.php/dav/ 301
+
+          reverse_proxy ${localhost}:${toString service.ports.port0} {
+              header_up X-Forwarded-Proto https
+              header_up X-Real-IP {remote_host}
+              header_up Host {host}
+          }
+
+          tls ${service.ssl.cert} ${service.ssl.key}
+
+          header {
+              Strict-Transport-Security "max-age=31536000; includeSubDomains"
+              X-Content-Type-Options "nosniff"
+              X-Frame-Options "DENY"
+              Referrer-Policy "no-referrer"
+              X-XSS-Protection "1; mode=block"
+          }
+
+          encode zstd gzip
+        '';
+      };
+    };
+  };
+
+  sops =
+    let
+      sopsPath = secret: {
+        path = "${service.sops.path0}/${service.name}-${secret}";
+        owner = service.name;
+        mode = "600";
+      };
+    in
+    {
+      secrets = builtins.listToAttrs (
+        map
+          (secret: {
+            name = "${service.name}-${secret}";
+            value = sopsPath secret;
+          })
+          [
+            "key"
+          ]
+      );
+    };
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        8888
+      ];
+    };
+  };
+}