feat(hosts/velarion): enable SearXNG

hosts/velarion/machine.nix

@@ -51,6 +51,7 @@ in
             matrix = ns1;
             chat = ns1;
             turn = ns1;
+            search = ns1;
           };
 
           TXT = [
@@ -136,6 +137,11 @@ in
       enable = true;
       domain = "roundcube.${domain}";
     };
+    searxng = {
+      enable = true;
+      domain = "search.${domain}";
+      port = 8888;
+    };
     synapse = {
       enable = true;
       element = {

services/default.nix

@@ -15,6 +15,7 @@
     ./prosody
     ./redis
     ./roundcube
+    ./searxng
     ./synapse
     ./uptime-kuma
     ./vaultwarden

services/searxng/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
-    ./secrets.nix
+    ./network.nix
+    ./options.nix
     ./service.nix
   ];
 }

services/searxng/network.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.machine.searxng;
+in
+with lib;
+mkIf enable {
+  networking.firewall = {
+    allowedTCPPorts = [ cfg.port ];
+  };
+
+  services.nginx.virtualHosts =
+    mkIf (cfg.domain != null) {
+      "${cfg.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://[::1]:${toString cfg.port}";
+          proxyWebsockets = true;
+        };
+      };
+    };
+}

services/searxng/options.nix

@@ -0,0 +1,17 @@
+{ lib, ... }:
+with lib;
+{
+  options.machine.searxng = {
+    enable = mkEnableOption "SearXNG";
+    domain = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Domain name. If not set, will be disabled, and use the localhost.";
+    };
+    port = mkOption {
+      type = types.port;
+      default = 8888;
+      description = "Listen port.";
+    };
+  };
+}

services/searxng/service.nix

@@ -0,0 +1,163 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.machine.searxng;
+in
+with lib;
+mkIf enable {
+  services.searx = {
+    enable = true;
+    redisCreateLocally = true;
+
+    # Rate limiting
+    limiterSettings = {
+      real_ip = {
+        x_for = 1;
+        ipv4_prefix = 32;
+        ipv6_prefix = 56;
+      };
+
+      botdetection = {
+        ip_limit = {
+          filter_link_local = true;
+          link_token = true;
+        };
+      };
+    };
+    
+    settings = {
+      # Instance settings
+      general = {
+        debug = false;
+        instance_name = "SearXNG Instance";
+        donation_url = false;
+        contact_url = false;
+        privacypolicy_url = false;
+        enable_metrics = false;
+      };
+
+      # User interface
+      ui = {
+        static_use_hash = true;
+        default_locale = "en";
+        query_in_title = true;
+        infinite_scroll = false;
+        center_alignment = true;
+        default_theme = "simple";
+        theme_args.simple_style = "auto";
+        search_on_category_select = false;
+        hotkeys = "vim";
+      };
+
+      # Search engine settings
+      search = {
+        safe_search = 2;
+        autocomplete_min = 2;
+        autocomplete = "duckduckgo";
+        ban_time_on_fail = 5;
+        max_ban_time_on_fail = 120;
+      };
+
+      # Server configuration
+      server = {
+        base_url = cfg.domain != null ? "https://${cfg.domain}" : null;
+        port = cfg.port;
+        bind_address = "127.0.0.1";
+        limiter = true;
+        public_instance = true;
+        image_proxy = true;
+        method = "GET";
+      };
+
+      # Search engines
+      engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
+        "duckduckgo".disabled = true;
+        "brave".disabled = true;
+        "bing".disabled = false;
+        "mojeek".disabled = true;
+        "mwmbl".disabled = false;
+        "mwmbl".weight = 0.4;
+        "qwant".disabled = true;
+        "crowdview".disabled = false;
+        "crowdview".weight = 0.5;
+        "curlie".disabled = true;
+        "ddg definitions".disabled = false;
+        "ddg definitions".weight = 2;
+        "wikibooks".disabled = false;
+        "wikidata".disabled = false;
+        "wikiquote".disabled = true;
+        "wikisource".disabled = true;
+        "wikispecies".disabled = false;
+        "wikispecies".weight = 0.5;
+        "wikiversity".disabled = false;
+        "wikiversity".weight = 0.5;
+        "wikivoyage".disabled = false;
+        "wikivoyage".weight = 0.5;
+        "currency".disabled = true;
+        "dictzone".disabled = true;
+        "lingva".disabled = true;
+        "bing images".disabled = false;
+        "brave.images".disabled = true;
+        "duckduckgo images".disabled = true;
+        "google images".disabled = false;
+        "qwant images".disabled = true;
+        "1x".disabled = true;
+        "artic".disabled = false;
+        "deviantart".disabled = false;
+        "flickr".disabled = true;
+        "imgur".disabled = false;
+        "library of congress".disabled = false;
+        "material icons".disabled = true;
+        "material icons".weight = 0.2;
+        "openverse".disabled = false;
+        "pinterest".disabled = true;
+        "svgrepo".disabled = false;
+        "unsplash".disabled = false;
+        "wallhaven".disabled = false;
+        "wikicommons.images".disabled = false;
+        "yacy images".disabled = true;
+        "bing videos".disabled = false;
+        "brave.videos".disabled = true;
+        "duckduckgo videos".disabled = true;
+        "google videos".disabled = false;
+        "qwant videos".disabled = false;
+        "dailymotion".disabled = true;
+        "google play movies".disabled = true;
+        "invidious".disabled = true;
+        "odysee".disabled = true;
+        "peertube".disabled = false;
+        "piped".disabled = true;
+        "rumble".disabled = false;
+        "sepiasearch".disabled = false;
+        "vimeo".disabled = true;
+        "youtube".disabled = false;
+        "brave.news".disabled = true;
+        "google news".disabled = true;
+      };
+
+      # Outgoing requests
+      outgoing = {
+        request_timeout = 5.0;
+        max_request_timeout = 15.0;
+        pool_connections = 100;
+        pool_maxsize = 15;
+        enable_http2 = true;
+      };
+
+      # Enabled plugins
+      enabled_plugins = [
+        "Basic Calculator"
+        "Hash plugin"
+        "Tor check plugin"
+        "Open Access DOI rewrite"
+        "Hostnames plugin"
+        "Unit converter plugin"
+        "Tracker URL remover"
+      ];
+    };
+  };
+}

users/rus07tam/hosts/velarion.nix

@@ -1,5 +1,3 @@
 {
-  imports = [
+  imports = [ ];
-    ./../modules/openclaw
-  ];
 }

users/rus07tam/modules/openclaw/secrets.nix

@@ -1,6 +0,0 @@
-{
-  sops.secrets = {
-    "rus07tam/openclaw/gatewayToken" = { };
-    "rus07tam/openclaw/telegramToken" = { };
-  };
-}

users/rus07tam/modules/openclaw/service.nix

@@ -1,48 +0,0 @@
-{
-  sec,
-  inputs,
-  ...
-}: {
-  imports = [
-    inputs.nix-openclaw.homeManagerModules.openclaw
-  ];
-
-  programs.openclaw = {
-    enable = true;
-    installApp = false;
-    systemd.enable = true;
-
-    bundledPlugins = {
-      summarize.enable = true;
-    };
-
-    instances.default = {
-      enable = true;
-      systemd.enable = true;
-
-      config = {
-        agents.defaults = {
-          model.primary = "openrouter/qwen/qwen3-coder:free";
-          sandbox.mode = "off";
-        };
-
-        gateway = {
-          mode = "local";
-          auth.token = sec."rus07tam/openclaw/gatewayToken".path;
-        };
-
-        channels.telegram = {
-          tokenFile = sec."rus07tam/openclaw/telegramToken".path;
-          allowFrom = [6146757977];
-          groups = {
-            "*" = {
-              requireMention = true;
-            };
-          };
-        };
-
-        plugins.entries.telegram.enabled = true;
-      };
-    };
-  };
-}