services/searxng: enable SOPS usage for secret key

2025-09-01 00:02:46 -07:00
parent 7e5482b2e6
commit 2524fb2221
1 changed files with 10 additions and 1 deletions
--- a/services/searxng.nix
+++ b/services/searxng.nix
@@ -20,10 +20,19 @@ in
    enable = mkEnableOption "Enables searxng module";
  };

+  sops.secrets."SEARXNG_SECRETS" = {
+    sopsFile = ../../secrets/${config.networking.hostName}_searxng.env;
+    format = "binary";
+    owner = "searxng";
+    mode = 0400;
+  };
+
  config = mkIf cfg.enable {
    services.searx = {
      enable = true;
      package = pkgsUnstable.searxng;
+      redisCreateLocally = true;
+      environmentFile = sops.secrets."SEARXNG_SECRETS".path;

      settings = {
        general = {
@@ -45,7 +54,7 @@ in
          base_url = "https://${config.networking.hostName}.tail755c5.ts.net/search/";
          public_instance = false;
          method = "POST";
-          secret_key = "testkey";
+          secret_key = "@SEARXNG_SECRET@";
        };
        ui = {
          infinite_scroll = true;