diff --git a/hosts/velarion/machine.nix b/hosts/velarion/machine.nix index d438145..145b0e6 100644 --- a/hosts/velarion/machine.nix +++ b/hosts/velarion/machine.nix @@ -51,6 +51,7 @@ in matrix = ns1; chat = ns1; turn = ns1; + search = ns1; }; TXT = [ @@ -136,6 +137,11 @@ in enable = true; domain = "roundcube.${domain}"; }; + searxng = { + enable = true; + domain = "search.${domain}"; + port = 8888; + }; synapse = { enable = true; element = { diff --git a/services/default.nix b/services/default.nix index 8760ef3..410d70f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -15,6 +15,7 @@ ./prosody ./redis ./roundcube + ./searxng ./synapse ./uptime-kuma ./vaultwarden diff --git a/users/rus07tam/modules/openclaw/default.nix b/services/searxng/default.nix similarity index 53% rename from users/rus07tam/modules/openclaw/default.nix rename to services/searxng/default.nix index 643132e..16b18a3 100644 --- a/users/rus07tam/modules/openclaw/default.nix +++ b/services/searxng/default.nix @@ -1,6 +1,7 @@ { imports = [ - ./secrets.nix + ./network.nix + ./options.nix ./service.nix ]; } diff --git a/services/searxng/network.nix b/services/searxng/network.nix new file mode 100644 index 0000000..d7953f5 --- /dev/null +++ b/services/searxng/network.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: +let + cfg = config.machine.searxng; +in +with lib; +mkIf enable { + networking.firewall = { + allowedTCPPorts = [ cfg.port ]; + }; + + services.nginx.virtualHosts = + mkIf (cfg.domain != null) { + "${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://[::1]:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/services/searxng/options.nix b/services/searxng/options.nix new file mode 100644 index 0000000..9823334 --- /dev/null +++ b/services/searxng/options.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +with lib; +{ + options.machine.searxng = { + enable = mkEnableOption "SearXNG"; + domain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Domain name. If not set, will be disabled, and use the localhost."; + }; + port = mkOption { + type = types.port; + default = 8888; + description = "Listen port."; + }; + }; +} diff --git a/services/searxng/service.nix b/services/searxng/service.nix new file mode 100644 index 0000000..c5d6e4b --- /dev/null +++ b/services/searxng/service.nix @@ -0,0 +1,163 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.machine.searxng; +in +with lib; +mkIf enable { + services.searx = { + enable = true; + redisCreateLocally = true; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + # Instance settings + general = { + debug = false; + instance_name = "SearXNG Instance"; + donation_url = false; + contact_url = false; + privacypolicy_url = false; + enable_metrics = false; + }; + + # User interface + ui = { + static_use_hash = true; + default_locale = "en"; + query_in_title = true; + infinite_scroll = false; + center_alignment = true; + default_theme = "simple"; + theme_args.simple_style = "auto"; + search_on_category_select = false; + hotkeys = "vim"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + ban_time_on_fail = 5; + max_ban_time_on_fail = 120; + }; + + # Server configuration + server = { + base_url = cfg.domain != null ? "https://${cfg.domain}" : null; + port = cfg.port; + bind_address = "127.0.0.1"; + limiter = true; + public_instance = true; + image_proxy = true; + method = "GET"; + }; + + # Search engines + engines = lib.mapAttrsToList (name: value: { inherit name; } // value) { + "duckduckgo".disabled = true; + "brave".disabled = true; + "bing".disabled = false; + "mojeek".disabled = true; + "mwmbl".disabled = false; + "mwmbl".weight = 0.4; + "qwant".disabled = true; + "crowdview".disabled = false; + "crowdview".weight = 0.5; + "curlie".disabled = true; + "ddg definitions".disabled = false; + "ddg definitions".weight = 2; + "wikibooks".disabled = false; + "wikidata".disabled = false; + "wikiquote".disabled = true; + "wikisource".disabled = true; + "wikispecies".disabled = false; + "wikispecies".weight = 0.5; + "wikiversity".disabled = false; + "wikiversity".weight = 0.5; + "wikivoyage".disabled = false; + "wikivoyage".weight = 0.5; + "currency".disabled = true; + "dictzone".disabled = true; + "lingva".disabled = true; + "bing images".disabled = false; + "brave.images".disabled = true; + "duckduckgo images".disabled = true; + "google images".disabled = false; + "qwant images".disabled = true; + "1x".disabled = true; + "artic".disabled = false; + "deviantart".disabled = false; + "flickr".disabled = true; + "imgur".disabled = false; + "library of congress".disabled = false; + "material icons".disabled = true; + "material icons".weight = 0.2; + "openverse".disabled = false; + "pinterest".disabled = true; + "svgrepo".disabled = false; + "unsplash".disabled = false; + "wallhaven".disabled = false; + "wikicommons.images".disabled = false; + "yacy images".disabled = true; + "bing videos".disabled = false; + "brave.videos".disabled = true; + "duckduckgo videos".disabled = true; + "google videos".disabled = false; + "qwant videos".disabled = false; + "dailymotion".disabled = true; + "google play movies".disabled = true; + "invidious".disabled = true; + "odysee".disabled = true; + "peertube".disabled = false; + "piped".disabled = true; + "rumble".disabled = false; + "sepiasearch".disabled = false; + "vimeo".disabled = true; + "youtube".disabled = false; + "brave.news".disabled = true; + "google news".disabled = true; + }; + + # Outgoing requests + outgoing = { + request_timeout = 5.0; + max_request_timeout = 15.0; + pool_connections = 100; + pool_maxsize = 15; + enable_http2 = true; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; +} diff --git a/users/rus07tam/hosts/velarion.nix b/users/rus07tam/hosts/velarion.nix index b319a3e..e140d9d 100644 --- a/users/rus07tam/hosts/velarion.nix +++ b/users/rus07tam/hosts/velarion.nix @@ -1,5 +1,3 @@ { - imports = [ - ./../modules/openclaw - ]; + imports = [ ]; } diff --git a/users/rus07tam/modules/openclaw/secrets.nix b/users/rus07tam/modules/openclaw/secrets.nix deleted file mode 100644 index 16ffaf1..0000000 --- a/users/rus07tam/modules/openclaw/secrets.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - sops.secrets = { - "rus07tam/openclaw/gatewayToken" = { }; - "rus07tam/openclaw/telegramToken" = { }; - }; -} diff --git a/users/rus07tam/modules/openclaw/service.nix b/users/rus07tam/modules/openclaw/service.nix deleted file mode 100644 index 2aaa8f8..0000000 --- a/users/rus07tam/modules/openclaw/service.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - sec, - inputs, - ... -}: { - imports = [ - inputs.nix-openclaw.homeManagerModules.openclaw - ]; - - programs.openclaw = { - enable = true; - installApp = false; - systemd.enable = true; - - bundledPlugins = { - summarize.enable = true; - }; - - instances.default = { - enable = true; - systemd.enable = true; - - config = { - agents.defaults = { - model.primary = "openrouter/qwen/qwen3-coder:free"; - sandbox.mode = "off"; - }; - - gateway = { - mode = "local"; - auth.token = sec."rus07tam/openclaw/gatewayToken".path; - }; - - channels.telegram = { - tokenFile = sec."rus07tam/openclaw/telegramToken".path; - allowFrom = [6146757977]; - groups = { - "*" = { - requireMention = true; - }; - }; - }; - - plugins.entries.telegram.enabled = true; - }; - }; - }; -}