nixpkgs-immich/nixos/tests/searx.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

115 lines
3.1 KiB
Nix
Raw Permalink Normal View History

2024-09-17 10:23:40 -06:00
{ pkgs, ... }:
{
name = "searx";
meta = with pkgs.lib.maintainers; {
maintainers = [ rnhmjoj ];
};
# basic setup: searx running the built-in webserver
nodes.base =
{ ... }:
{
services.searx = {
enable = true;
environmentFile = pkgs.writeText "secrets" ''
WOLFRAM_API_KEY = sometoken
SEARX_SECRET_KEY = somesecret
'';
settings.server = {
port = "8080";
bind_address = "0.0.0.0";
secret_key = "@SEARX_SECRET_KEY@";
};
settings.engines = [
{
name = "wolframalpha";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
}
{
name = "startpage";
shortcut = "start";
}
];
};
};
# fancy setup: run in uWSGI and use nginx as proxy
nodes.fancy =
{ config, ... }:
{
services.searx = {
enable = true;
# searx refuses to run if unchanged
settings.server.secret_key = "somesecret";
runInUwsgi = true;
uwsgiConfig = {
# serve using the uwsgi protocol
socket = "/run/searx/uwsgi.sock";
chmod-socket = "660";
# use /searx as url "mountpoint"
mount = "/searx=searx.webapp:application";
module = "";
manage-script-name = true;
};
};
# use nginx as reverse proxy
services.nginx.enable = true;
services.nginx.virtualHosts.localhost = {
locations."/searx".extraConfig = ''
include ${pkgs.nginx}/conf/uwsgi_params;
uwsgi_pass unix:/run/searx/uwsgi.sock;
'';
locations."/searx/static/".alias = "${config.services.searx.package}/share/static/";
};
# allow nginx access to the searx socket
users.users.nginx.extraGroups = [ "searx" ];
};
testScript = ''
base.start()
with subtest("Settings have been merged"):
base.wait_for_unit("searx-init")
base.wait_for_file("/run/searx/settings.yml")
output = base.succeed(
"${pkgs.yq-go}/bin/yq eval"
" '.engines[] | select(.name==\"startpage\") | .shortcut'"
" /run/searx/settings.yml"
).strip()
assert output == "start", "Settings not merged"
with subtest("Environment variables have been substituted"):
base.succeed("grep -q somesecret /run/searx/settings.yml")
base.succeed("grep -q sometoken /run/searx/settings.yml")
base.copy_from_vm("/run/searx/settings.yml")
with subtest("Basic setup is working"):
base.wait_for_open_port(8080)
base.wait_for_unit("searx")
base.succeed(
"${pkgs.curl}/bin/curl --fail http://localhost:8080"
)
base.shutdown()
with subtest("Nginx+uWSGI setup is working"):
fancy.start()
fancy.wait_for_open_port(80)
fancy.wait_for_unit("uwsgi")
fancy.succeed(
"${pkgs.curl}/bin/curl --fail http://localhost/searx >&2"
)
fancy.succeed(
"${pkgs.curl}/bin/curl --fail http://localhost/searx/static/themes/simple/js/leaflet.js >&2"
)
'';
}