nixos/searx: add configuration for redis and limiter settings (0aa5adef) · Commits · nix / nixpkgs

nixos/doc/manual/release-notes/rl-2311.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -66,6 +66,8 @@
		- If [`system.stateVersion`](#opt-system.stateVersion) is >=23.05, `pkgs.nextcloud26` will be installed by default.
		- Please note that an upgrade from v25 (or older) to v27 directly is not possible. Please upgrade to `nextcloud26` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud26;`](options.html#opt-services.nextcloud.package).

		- New options were added to `services.searx` for better SearXNG support, including options for the built-in rate limiter and bot protection and automatically configuring a local redis server.

		- A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant.

		- DocBook option documentation is no longer supported, all module documentation now uses markdown.

nixos/modules/services/networking/searx.nix

+58 −1

Original line number	Diff line number	Diff line
		@@ -10,6 +10,8 @@ let
		settingsFile = pkgs.writeText "settings.yml"
		(builtins.toJSON cfg.settings);

		limiterSettingsFile = (pkgs.formats.toml { }).generate "limiter.toml" cfg.limiterSettings;

		generateConfig = ''
		cd ${runDir}

		@@ -65,6 +67,15 @@ in
		'';
		};

		redisCreateLocally = mkOption {
		type = types.bool;
		default = false;
		description = lib.mdDoc ''
		Configure a local Redis server for SearXNG. This is required if you
		want to enable the rate limiter and bot protection of SearXNG.
		'';
		};

		settings = mkOption {
		type = types.attrsOf settingType;
		default = { };
		@@ -111,6 +122,31 @@ in
		'';
		};

		limiterSettings = mkOption {
		type = types.attrsOf settingType;
		default = { };
		example = literalExpression ''
		{
		real_ip = {
		x_for = 1;
		ipv4_prefix = 32;
		ipv6_prefix = 56;
		}
		botdetection.ip_lists.block_ip = [
		# "93.184.216.34" # example.org
		];
		}
		'';
		description = lib.mdDoc ''
		Limiter settings for SearXNG.

		::: {.note}
		For available settings, see the SearXNG
		[schema file](https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml).
		:::
		'';
		};

		package = mkOption {
		type = types.package;
		default = pkgs.searx;
		@@ -158,6 +194,17 @@ in
		###### implementation

		config = mkIf cfg.enable {
		assertions = [
		{
		assertion = (cfg.limiterSettings != { }) -> cfg.package.pname == "searxng";
		message = "services.searx.limiterSettings requires services.searx.package to be searxng.";
		}
		{
		assertion = cfg.redisCreateLocally -> cfg.package.pname == "searxng";
		message = "services.searx.redisCreateLocally requires services.searx.package to be searxng.";
		}
		];

		environment.systemPackages = [ cfg.package ];

		users.users.searx =
		@@ -206,6 +253,7 @@ in
		services.searx.settings = {
		# merge NixOS settings with defaults settings.yml
		use_default_settings = mkDefault true;
		redis.url = lib.mkIf cfg.redisCreateLocally "unix://${config.services.redis.servers.searx.unixSocket}";
		};

		services.uwsgi = mkIf (cfg.runInUwsgi) {
		@@ -231,7 +279,16 @@ in
		} // cfg.uwsgiConfig;
		};

		services.redis.servers.searx = lib.mkIf cfg.redisCreateLocally {
		enable = true;
		user = "searx";
		port = 0;
		};

		environment.etc."searxng/limiter.toml" = lib.mkIf (cfg.limiterSettings != { }) {
		source = limiterSettingsFile;
		};
		};

		meta.maintainers = with maintainers; [ rnhmjoj ];
		meta.maintainers = with maintainers; [ rnhmjoj _999eagle ];
		}

Admin message