infra/homelab/searxng.nix

let
  appName = "searxng";
  appImage = "docker.io/searxng/searxng:latest";
in
  {
    lib,
    config,
    kubenix,
    ...
  }: {
    kubernetes.resources.services.searxng = {
      metadata.namespace = "searxng";
      metadata.labels.app = appName;
      spec = {
        selector.app = appName;
        ports.http = {
          port = 8080;
          targetPort = 8080;
        };
      };
    };
    kubernetes.resources.deployments.searxng = {
      metadata.namespace = "searxng";
      spec = {
        selector.matchLabels.app = appName;
        template = {
          metadata.labels.app = appName;
          spec = {
            volumes = {
              config.configMap.name = "searxng";
            };
            containers = {
              searxng = {
                image = appImage;
                imagePullPolicy = "Always";
                volumeMounts = [
                  {
                    name = "config";
                    mountPath = "/etc/searxng/settings.yml";
                    subPath = "settings.yml";
                  }
                  {
                    name = "config";
                    mountPath = "/etc/searxng/limiter.toml";
                    subPath = "limiter.toml";
                  }
                ];
                envFrom = [{secretRef.name = "searxng";}];
                ports.http.containerPort = 8080;
                resources = {
                  requests = {
                    cpu = "100m";
                    memory = "512Mi";
                  };
                  limits = {
                    memory = "1Gi";
                  };
                };
              };
            };
          };
        };
      };
    };
    kubernetes.resources.configMaps.searxng = {
      metadata.namespace = "searxng";
      data."settings.yml" = ''
        use_default_settings: true
        server:
          image_proxy: true
          http_protocol_version: "1.1"
          method: "GET"
        ui:
          static_use_hash: true
        redis:
          url: redis://searxng-redis-master:6379/0
        general:
          instance_name: search.gmem.ca
        hostname_replace:
          '(.*\.)?youtube\.com$': 'piped.gmem.ca'
          '(.*\.)?youtu\.be$': 'piped.gmem.ca'
          '(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
          '(www\.)?twitter\.com$': 'nitter.gmem.ca'
          '(www\.)?x\.com$': 'nitter.gmem.ca'
          '(.*\.)?reddit\.com$': 'red.gmem.ca'
      '';
      data."limiter.toml" = ''
        # This configuration file updates the default configuration file
        # See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml

        [botdetection.ip_limit]
        # activate link_token method in the ip_limit method
        link_token = true
      '';
    };
    kubernetes.helm.releases.searxng-redis = {
      namespace = "searxng";
      chart = kubenix.lib.helm.fetch {
        repo = "https://charts.bitnami.com/bitnami";
        chart = "redis";
        version = "18.6.1";
        sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
      };
      values = {
        auth.enabled = false;
        architecture = "standalone";
      };
    };

    kubernetes.resources.ingresses.searxng = {
      metadata = {
        name = appName;
        namespace = "searxng";
        annotations = {
          "cert-manager.io/cluster-issuer" = "le-issuer";
        };
      };
      spec = {
        tls = [
          {
            hosts = ["search.gmem.ca"];
          }
        ];
        rules = [
          {
            host = "search.gmem.ca";
            http.paths = [
              {
                path = "/";
                pathType = "Prefix";
                backend.service = {
                  name = appName;
                  port.name = "http";
                };
              }
            ];
          }
        ];
      };
    };
  }
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`let`
			`appName = "searxng";`
			`appImage = "docker.io/searxng/searxng:latest";`
			`in`
Formatting 2024-06-07 14:53:17 +01:00			`{`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`lib,`
			`config,`
			`kubenix,`
			`...`
			`}: {`
Formatting 2024-06-07 14:53:17 +01:00			`kubernetes.resources.services.searxng = {`
			`metadata.namespace = "searxng";`
			`metadata.labels.app = appName;`
			`spec = {`
			`selector.app = appName;`
			`ports.http = {`
			`port = 8080;`
			`targetPort = 8080;`
			`};`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`};`
			`};`
Formatting 2024-06-07 14:53:17 +01:00			`kubernetes.resources.deployments.searxng = {`
			`metadata.namespace = "searxng";`
			`spec = {`
			`selector.matchLabels.app = appName;`
			`template = {`
			`metadata.labels.app = appName;`
			`spec = {`
			`volumes = {`
			`config.configMap.name = "searxng";`
			`};`
			`containers = {`
			`searxng = {`
			`image = appImage;`
			`imagePullPolicy = "Always";`
			`volumeMounts = [`
			`{`
			`name = "config";`
			`mountPath = "/etc/searxng/settings.yml";`
			`subPath = "settings.yml";`
			`}`
			`{`
			`name = "config";`
			`mountPath = "/etc/searxng/limiter.toml";`
			`subPath = "limiter.toml";`
			`}`
			`];`
			`envFrom = [{secretRef.name = "searxng";}];`
			`ports.http.containerPort = 8080;`
			`resources = {`
			`requests = {`
			`cpu = "100m";`
			`memory = "512Mi";`
			`};`
			`limits = {`
			`memory = "1Gi";`
			`};`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`};`
			`};`
			`};`
			`};`
			`};`
			`};`
			`};`
Formatting 2024-06-07 14:53:17 +01:00			`kubernetes.resources.configMaps.searxng = {`
			`metadata.namespace = "searxng";`
			`data."settings.yml" = ''`
			`use_default_settings: true`
			`server:`
			`image_proxy: true`
			`http_protocol_version: "1.1"`
			`method: "GET"`
			`ui:`
			`static_use_hash: true`
			`redis:`
			`url: redis://searxng-redis-master:6379/0`
			`general:`
			`instance_name: search.gmem.ca`
			`hostname_replace:`
			`'(.*\.)?youtube\.com$': 'piped.gmem.ca'`
			`'(.*\.)?youtu\.be$': 'piped.gmem.ca'`
			`'(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'`
			`'(www\.)?twitter\.com$': 'nitter.gmem.ca'`
			`'(www\.)?x\.com$': 'nitter.gmem.ca'`
			`'(.*\.)?reddit\.com$': 'red.gmem.ca'`
			`'';`
			`data."limiter.toml" = ''`
			`# This configuration file updates the default configuration file`
			`# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00
Formatting 2024-06-07 14:53:17 +01:00			`[botdetection.ip_limit]`
			`# activate link_token method in the ip_limit method`
			`link_token = true`
			`'';`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`};`
Formatting 2024-06-07 14:53:17 +01:00			`kubernetes.helm.releases.searxng-redis = {`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`namespace = "searxng";`
Formatting 2024-06-07 14:53:17 +01:00			`chart = kubenix.lib.helm.fetch {`
			`repo = "https://charts.bitnami.com/bitnami";`
			`chart = "redis";`
			`version = "18.6.1";`
			`sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";`
			`};`
			`values = {`
			`auth.enabled = false;`
			`architecture = "standalone";`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`};`
			`};`
Formatting 2024-06-07 14:53:17 +01:00
			`kubernetes.resources.ingresses.searxng = {`
			`metadata = {`
			`name = appName;`
			`namespace = "searxng";`
			`annotations = {`
			`"cert-manager.io/cluster-issuer" = "le-issuer";`
			`};`
			`};`
			`spec = {`
			`tls = [`
			`{`
			`hosts = ["search.gmem.ca"];`
			`}`
			`];`
			`rules = [`
			`{`
			`host = "search.gmem.ca";`
			`http.paths = [`
			`{`
			`path = "/";`
			`pathType = "Prefix";`
			`backend.service = {`
			`name = appName;`
			`port.name = "http";`
			`};`
			`}`
			`];`
			`}`
			`];`
			`};`
metube, searxng deloyments 2024-05-19 01:12:16 +01:00			`};`
Formatting 2024-06-07 14:53:17 +01:00			`}`