add searxng service + config

3 files changed, 111 insertions, 2 deletions

diff --git a/modules/hosts/optiplex/configuration.nix b/modules/hosts/optiplex/configuration.nix
index 3527c7c..16ba475 100644
--- a/modules/hosts/optiplex/configuration.nix
+++ b/modules/hosts/optiplex/configuration.nix
@@ -18,8 +18,6 @@
 		docker.enable = true;
 	};
 
-	searxng.enable = true;
-
 	# Install more programs
 	environment.systemPackages = with pkgs; [
 		prismlauncher
diff --git a/modules/root/default.nix b/modules/root/default.nix
index 7f647b5..9d288dc 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -16,6 +16,7 @@
 		./pipewire.nix
 		./powerkeys.nix
 		./printing.nix
+		./searxng.nix
 		./secrets.nix
 		./ssh.nix
 		./suspend.nix
@@ -47,6 +48,7 @@
 	printing.enable        = lib.mkDefault true;
 	tlp.enable             = lib.mkDefault true;
 	scanning.enable        = lib.mkDefault true;
+	searxng.enable         = lib.mkDefault false;
 	suspend.enable         = lib.mkDefault true;
 	wifi.enable            = lib.mkDefault true;
 	xserver.enable         = lib.mkDefault true;
diff --git a/modules/root/searxng.nix b/modules/root/searxng.nix
new file mode 100644
index 0000000..9f59314
--- /dev/null
+++ b/modules/root/searxng.nix
@@ -0,0 +1,109 @@
+{ pkgs, lib, config, ... }: let
+	environmentFile = "/run/searx/searxng.env";
+	generateEnvironmentFile = ''
+		umask 077
+		echo "SEARXNG_SECRET=$(head -c 56 /dev/urandom | base64)" > ${environmentFile}
+		ls /run/searx
+	'';
+in {
+	options = {
+		searxng.enable = lib.mkEnableOption "enables searxng service";
+	};
+
+	config = lib.mkIf config.searxng.enable {
+		# Generate secret key
+		systemd.services.searx-environment-file = {
+			description = "Generate environment file with secret key for searx";
+			wantedBy = [ "searx-init.service" ];
+			partOf   = [ "searx-init.service" ];
+			before   = [ "searx-init.service" ];
+			serviceConfig = {
+				Type = "oneshot";
+				RemainAfterExit = true;
+				User = "searx";
+				RuntimeDirectory = "searx";
+				RuntimeDirectoryMode = "750";
+				ConditionPathExists = "!${environmentFile}";
+			};
+			script = generateEnvironmentFile;
+		};
+
+		# Configure searxng
+		services.searx = {
+			enable = true;
+			redisCreateLocally = true;
+			package = pkgs.searxng;
+			inherit environmentFile;  # Provides secret key
+
+			settings = {
+				general = {
+					instance_name = "TJK Search";
+					donation_url = "https://tjkeller.xyz";
+					enable_metrics = false;
+				};
+
+				# Search engine settings
+				search = {
+					safe_search = 2;  # Strict
+					autocomplete = "";
+					default_lang = "en-US";
+				};
+
+				preferences.lock = [ "safesearch" ];  # Lock safe_search at strict
+
+				# https://docs.searxng.org/admin/plugins.html
+				enabled_plugins = [
+					"Tor check plugin"
+					"Tracker URL remover"
+					"Basic Calculator"
+					"Unit converter plugin"
+					"Hash plugin"
+					"Self Information"
+					"Open Access DOI rewrite"
+					"Hostnames plugin"
+				];
+
+				hostnames.replace = {
+					"(.*\.)?youtube\.com$" = "piped.tjkeller.xyz";
+					"(.*\.)?youtu\.be$" = "piped.tjkeller.xyz";
+					"(.*\.)?reddit\.com$" = "old.reddit.com";
+				};
+
+				# Enable / disabled search engines from default list
+				engines = lib.mapAttrsToList (name: value: { inherit name; disabled = !value; }) {
+					# Images
+					"artic" = false;
+					"deviantart" = false;
+					"flickr" = false;
+					"library of congress" = false;
+					"openverse" = false;
+					"pinterest" = false;
+					"public domain image archive" = false;
+					"unsplash" = false;
+					"wallhaven" = false;
+					"wikicommons.images" = false;
+
+					# Videos
+					"bitchute" = true;
+					"dailymotion" = false;
+					"piped" = false;
+					"rumble" = true;
+					"sepiasearch" = false;
+					"vimeo" = false;
+					"wikicommons.videos" = false;
+
+					# Music
+					"piped.music" = false;
+
+					# Files
+					"1337x" = true;
+					"annas archive" = true;
+					"library genesis" = true;
+
+					# Apps
+					"fdroid" = true;
+				};
+			};
+		};
+	};
+}