SearXNG: Difference between revisions
m + Categories |
Denperidge (talk | contribs) Added secret_key setting through env file, added warning of NixOS-setting based approach |
||
(One intermediate revision by the same user not shown) | |||
Line 6: | Line 6: | ||
== Configuration == | == Configuration == | ||
{{tip|As of writing (NixOS 24.05), searx's '''use_default_settings''' is set to true by default in [https://github.com/NixOS/nixpkgs/blob/release-24.05/nixos/modules/services/networking/searx.nix#L232 the searx module in nixpkgs]. Any settings set through NixOS overrides the default}} | |||
==== Basic ==== | ==== Basic ==== | ||
Line 15: | Line 16: | ||
bind_address = "::1"; | bind_address = "::1"; | ||
# port = yourPort; | # port = yourPort; | ||
# WARNING: setting secret_key here might expose it to the nix cache | |||
# see below for the sops or environment file instructions to prevent this | |||
# secret_key = "Your secret key."; | # secret_key = "Your secret key."; | ||
}; | }; | ||
Line 213: | Line 216: | ||
}; | }; | ||
}; | }; | ||
</syntaxhighlight> | |||
==== Set secret key through environment file ==== | |||
<syntaxhighlight lang="nixos"> | |||
services.searx = { | |||
enable = true; | |||
package = pkgs.searxng; | |||
environmentFile = "/home/user/.searxng.env"; | |||
settings = { | |||
general = { | |||
debug = false; | |||
}; | |||
server = { | |||
bind_address = "127.0.0.1"; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight><syntaxhighlight lang="ini"> | |||
# /home/user/.searxng.env | |||
SEARXNG_SECRET=random-string | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 21:59, 8 January 2025
SearXNG[1] is a free and open-source metasearch engine that aggregates results from more than 70 search services, while protecting user privacy. It allows users to search the web without being tracked or profiled.
Key benefits of SearXNG include its self-hosting option and compatibility with the Tor network, allowing for further anonymity.
Installation
Configuration
Basic
services.searx = {
enable = true;
redisCreateLocally = true;
settings.server = {
bind_address = "::1";
# port = yourPort;
# WARNING: setting secret_key here might expose it to the nix cache
# see below for the sops or environment file instructions to prevent this
# secret_key = "Your secret key.";
};
};
Advanced
services.searx = {
enable = false;
redisCreateLocally = true;
# Rate limiting
limiterSettings = {
real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
};
botdetection = {
ip_limit = {
filter_link_local = true;
link_token = true;
};
};
};
# UWSGI configuration
runInUwsgi = true;
uwsgiConfig = {
socket = "/run/searx/searx.sock";
http = ":8888";
chmod-socket = "660";
};
# Searx configuration
settings = {
# Instance settings
general = {
debug = false;
instance_name = "SearXNG Instance";
donation_url = false;
contact_url = false;
privacypolicy_url = false;
enable_metrics = false;
};
# User interface
ui = {
static_use_hash = true;
default_locale = "en";
query_in_title = true;
infinite_scroll = false;
center_alignment = true;
default_theme = "simple";
theme_args.simple_style = "auto";
search_on_category_select = false;
hotkeys = "vim";
};
# Search engine settings
search = {
safe_search = 2;
autocomplete_min = 2;
autocomplete = "duckduckgo";
ban_time_on_fail = 5;
max_ban_time_on_fail = 120;
};
# Server configuration
server = {
base_url = "https://search.example.com";
port = 8888;
bind_address = "127.0.0.1";
secret_key = config.sops.secrets.searx.path;
limiter = true;
public_instance = true;
image_proxy = true;
method = "GET";
};
# Search engines
engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
"duckduckgo".disabled = true;
"brave".disabled = true;
"bing".disabled = false;
"mojeek".disabled = true;
"mwmbl".disabled = false;
"mwmbl".weight = 0.4;
"qwant".disabled = true;
"crowdview".disabled = false;
"crowdview".weight = 0.5;
"curlie".disabled = true;
"ddg definitions".disabled = false;
"ddg definitions".weight = 2;
"wikibooks".disabled = false;
"wikidata".disabled = false;
"wikiquote".disabled = true;
"wikisource".disabled = true;
"wikispecies".disabled = false;
"wikispecies".weight = 0.5;
"wikiversity".disabled = false;
"wikiversity".weight = 0.5;
"wikivoyage".disabled = false;
"wikivoyage".weight = 0.5;
"currency".disabled = true;
"dictzone".disabled = true;
"lingva".disabled = true;
"bing images".disabled = false;
"brave.images".disabled = true;
"duckduckgo images".disabled = true;
"google images".disabled = false;
"qwant images".disabled = true;
"1x".disabled = true;
"artic".disabled = false;
"deviantart".disabled = false;
"flickr".disabled = true;
"imgur".disabled = false;
"library of congress".disabled = false;
"material icons".disabled = true;
"material icons".weight = 0.2;
"openverse".disabled = false;
"pinterest".disabled = true;
"svgrepo".disabled = false;
"unsplash".disabled = false;
"wallhaven".disabled = false;
"wikicommons.images".disabled = false;
"yacy images".disabled = true;
"bing videos".disabled = false;
"brave.videos".disabled = true;
"duckduckgo videos".disabled = true;
"google videos".disabled = false;
"qwant videos".disabled = false;
"dailymotion".disabled = true;
"google play movies".disabled = true;
"invidious".disabled = true;
"odysee".disabled = true;
"peertube".disabled = false;
"piped".disabled = true;
"rumble".disabled = false;
"sepiasearch".disabled = false;
"vimeo".disabled = true;
"youtube".disabled = false;
"brave.news".disabled = true;
"google news".disabled = true;
};
# Outgoing requests
outgoing = {
request_timeout = 5.0;
max_request_timeout = 15.0;
pool_connections = 100;
pool_maxsize = 15;
enable_http2 = true;
};
# Enabled plugins
enabled_plugins = [
"Basic Calculator"
"Hash plugin"
"Tor check plugin"
"Open Access DOI rewrite"
"Hostnames plugin"
"Unit converter plugin"
"Tracker URL remover"
];
};
};
# Systemd configuration
systemd.services.nginx.serviceConfig.ProtectHome = false;
# User management
users.groups.searx.members = ["nginx"];
# Nginx configuration
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"search.example.com" = {
forceSSL = true;
sslCertificate = "...";
sslCertificateKey = "...";
locations = {
"/" = {
extraConfig = ''
uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
'';
};
};
};
};
};
Set secret key through environment file
services.searx = {
enable = true;
package = pkgs.searxng;
environmentFile = "/home/user/.searxng.env";
settings = {
general = {
debug = false;
};
server = {
bind_address = "127.0.0.1";
};
};
};
# /home/user/.searxng.env
SEARXNG_SECRET=random-string
Tips and tricks
Location of options
A comprehensive list of options can be found in the official documentation[2].