commit aedc167ecfb49032fd993236b49e5226affd2d12

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #240325 from 999eagle/update/searxng

nixos/searx: add configuration for redis and limiter settings

authored by

Michele Guerini Rocco and committed by

GitHub 2 years ago aedc167e dab32e7a

+60 -1

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2311.section.md

modules

services

networking

searx.nix

nixos/doc/manual/release-notes/rl-2311.section.md

··· 72 72 - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.05, `pkgs.nextcloud26` will be installed by default. 73 73 - Please note that an upgrade from v25 (or older) to v27 directly is not possible. Please upgrade to `nextcloud26` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud26;`](options.html#opt-services.nextcloud.package). 74 74 75 + - New options were added to `services.searx` for better SearXNG support, including options for the built-in rate limiter and bot protection and automatically configuring a local redis server. 76 + 75 77 - A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant. 76 78 77 79 - DocBook option documentation is no longer supported, all module documentation now uses markdown.

+58 -1

nixos/modules/services/networking/searx.nix

··· 10 10 settingsFile = pkgs.writeText "settings.yml" 11 11 (builtins.toJSON cfg.settings); 12 12 13 + limiterSettingsFile = (pkgs.formats.toml { }).generate "limiter.toml" cfg.limiterSettings; 14 + 13 15 generateConfig = '' 14 16 cd ${runDir} 15 17 ··· 65 67 ''; 66 68 }; 67 69 70 + redisCreateLocally = mkOption { 71 + type = types.bool; 72 + default = false; 73 + description = lib.mdDoc '' 74 + Configure a local Redis server for SearXNG. This is required if you 75 + want to enable the rate limiter and bot protection of SearXNG. 76 + ''; 77 + }; 78 + 68 79 settings = mkOption { 69 80 type = types.attrsOf settingType; 70 81 default = { }; ··· 111 122 ''; 112 123 }; 113 124 125 + limiterSettings = mkOption { 126 + type = types.attrsOf settingType; 127 + default = { }; 128 + example = literalExpression '' 129 + { 130 + real_ip = { 131 + x_for = 1; 132 + ipv4_prefix = 32; 133 + ipv6_prefix = 56; 134 + } 135 + botdetection.ip_lists.block_ip = [ 136 + # "93.184.216.34" # example.org 137 + ]; 138 + } 139 + ''; 140 + description = lib.mdDoc '' 141 + Limiter settings for SearXNG. 142 + 143 + ::: {.note} 144 + For available settings, see the SearXNG 145 + [schema file](https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml). 146 + ::: 147 + ''; 148 + }; 149 + 114 150 package = mkOption { 115 151 type = types.package; 116 152 default = pkgs.searx; ··· 158 194 ###### implementation 159 195 160 196 config = mkIf cfg.enable { 197 + assertions = [ 198 + { 199 + assertion = (cfg.limiterSettings != { }) -> cfg.package.pname == "searxng"; 200 + message = "services.searx.limiterSettings requires services.searx.package to be searxng."; 201 + } 202 + { 203 + assertion = cfg.redisCreateLocally -> cfg.package.pname == "searxng"; 204 + message = "services.searx.redisCreateLocally requires services.searx.package to be searxng."; 205 + } 206 + ]; 207 + 161 208 environment.systemPackages = [ cfg.package ]; 162 209 163 210 users.users.searx = ··· 206 253 services.searx.settings = { 207 254 # merge NixOS settings with defaults settings.yml 208 255 use_default_settings = mkDefault true; 256 + redis.url = lib.mkIf cfg.redisCreateLocally "unix://${config.services.redis.servers.searx.unixSocket}"; 209 257 }; 210 258 211 259 services.uwsgi = mkIf (cfg.runInUwsgi) { ··· 231 279 } // cfg.uwsgiConfig; 232 280 }; 233 281 282 + services.redis.servers.searx = lib.mkIf cfg.redisCreateLocally { 283 + enable = true; 284 + user = "searx"; 285 + port = 0; 286 + }; 287 + 288 + environment.etc."searxng/limiter.toml" = lib.mkIf (cfg.limiterSettings != { }) { 289 + source = limiterSettingsFile; 290 + }; 234 291 }; 235 292 236 - meta.maintainers = with maintainers; [ rnhmjoj ]; 293 + meta.maintainers = with maintainers; [ rnhmjoj _999eagle ]; 237 294 }