Prepare remote building, add searx

hosts/voyager/configuration.nix

@@ -26,6 +26,7 @@
       ./services/vaultwarden.nix
       ./services/calibre.nix
       ./services/fancontrol.nix
+      ./services/searx.nix
       # ./services/code-server.nix
 
   ];

hosts/voyager/services/nginx/default.nix

@@ -11,5 +11,10 @@
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  /* security.acme = { */
+  /*   acceptTerms = true; */
+  /*   email = "felix@albrigtsen.it"; */
+  /* }; */
 }
  

hosts/voyager/services/searx.nix

@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+let
+  domain = "search.feal.no";
+  cfg = config.services.searx.settings;
+in {
+
+  sops.secrets."searx/env" = {
+    restartUnits = [ "searx.service" ];
+  };
+
+  services.searx = {
+    enable = true;
+    
+    settings = {
+      general = {
+        debug = false;
+        instance_name = "Taschmex Searx";
+        wiki_url = false;
+        docs_url = false;
+        twitter_url = false;
+      };
+      server = {
+        port = 8090;
+        bind_address = "127.0.1.2";
+        secret_key = "@SEARX_SECRETKEY@";
+        base_url = domain;
+        image_proxy = true;
+      };
+      outgoing = {
+        request_timeout = 2.0;
+        useragent_suffix = "searx@albrigtsen.it";
+        pool_connections = 100;
+        pool_maxsize = 10;
+      };
+    };
+
+    environmentFile = config.sops.secrets."searx/env".path;
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
+    /* addSSL = true; */
+    /* enableACME = true; */
+    /* listen = [ */
+    /*   { */
+    /*     addr = "0.0.0.0"; */
+    /*     port = 43443; */
+    /*     ssl = true; */
+    /*   } */
+    /*   { */
+    /*     addr = "0.0.0.0"; */
+    /*     port = 43080; */
+    /*   } */
+    /* ]; */
+  };
+
+  networking.firewall.allowedTCPPorts = [ 43443 43080 ];
+}