nixos/searx: add support for running in uWSGI
This commit is contained in:
parent
92d55d57eb
commit
623664e84f
@ -3,7 +3,7 @@
|
|||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
dataDir = "/var/lib/searx";
|
runDir = "/run/searx";
|
||||||
cfg = config.services.searx;
|
cfg = config.services.searx;
|
||||||
|
|
||||||
hasEngines =
|
hasEngines =
|
||||||
@ -13,7 +13,7 @@ let
|
|||||||
# Script to merge NixOS settings with
|
# Script to merge NixOS settings with
|
||||||
# the default settings.yml bundled in searx.
|
# the default settings.yml bundled in searx.
|
||||||
mergeConfig = ''
|
mergeConfig = ''
|
||||||
cd ${dataDir}
|
cd ${runDir}
|
||||||
# find the default settings.yml
|
# find the default settings.yml
|
||||||
default=$(find '${cfg.package}/' -name settings.yml)
|
default=$(find '${cfg.package}/' -name settings.yml)
|
||||||
|
|
||||||
@ -46,6 +46,9 @@ let
|
|||||||
env -0 | while IFS='=' read -r -d ''' n v; do
|
env -0 | while IFS='=' read -r -d ''' n v; do
|
||||||
sed "s#@$n@#$v#g" -i settings.yml
|
sed "s#@$n@#$v#g" -i settings.yml
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# set strict permissions
|
||||||
|
chmod 400 settings.yml
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
@ -114,7 +117,7 @@ in
|
|||||||
|
|
||||||
settingsFile = mkOption {
|
settingsFile = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = "${dataDir}/settings.yml";
|
default = "${runDir}/settings.yml";
|
||||||
description = ''
|
description = ''
|
||||||
The path of the Searx server settings.yml file. If no file is
|
The path of the Searx server settings.yml file. If no file is
|
||||||
specified, a default file is used (default config file has debug mode
|
specified, a default file is used (default config file has debug mode
|
||||||
@ -136,6 +139,38 @@ in
|
|||||||
description = "searx package to use.";
|
description = "searx package to use.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
runInUwsgi = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to run searx in uWSGI as a "vassal", instead of using its
|
||||||
|
built-in HTTP server. This is the recommended mode for public or
|
||||||
|
large instances, but is unecessary for LAN or local-only use.
|
||||||
|
<warning>
|
||||||
|
<para>
|
||||||
|
The built-in HTTP server logs all queries by default.
|
||||||
|
</para>
|
||||||
|
</warning>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
uwsgiConfig = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = { http = ":8080"; };
|
||||||
|
example = lib.literalExample ''
|
||||||
|
{
|
||||||
|
disable-logging = true;
|
||||||
|
http = ":8080"; # serve via HTTP...
|
||||||
|
socket = "/run/searx/searx.sock"; # ...or UNIX socket
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Additional configuration of the uWSGI vassal running searx. It
|
||||||
|
should notably specify on which interfaces and ports the vassal
|
||||||
|
should listen.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
@ -143,23 +178,66 @@ in
|
|||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf config.services.searx.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.services.searx = {
|
environment.systemPackages = [ cfg.package ];
|
||||||
description = "Searx server, the meta search engine.";
|
|
||||||
after = [ "network.target" ];
|
users.users.searx =
|
||||||
wantedBy = [ "multi-user.target" ];
|
{ description = "Searx daemon user";
|
||||||
|
group = "searx";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.searx = { };
|
||||||
|
|
||||||
|
systemd.services.searx-init = {
|
||||||
|
description = "Initialise Searx settings";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
User = "searx";
|
User = "searx";
|
||||||
DynamicUser = true;
|
RuntimeDirectory = "searx";
|
||||||
|
RuntimeDirectoryMode = "750";
|
||||||
|
} // optionalAttrs (cfg.environmentFile != null)
|
||||||
|
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
|
||||||
|
script = mergeConfig;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.searx = mkIf (!cfg.runInUwsgi) {
|
||||||
|
description = "Searx server, the meta search engine.";
|
||||||
|
wantedBy = [ "network.target" "multi-user.target" ];
|
||||||
|
requires = [ "searx-init.service" ];
|
||||||
|
after = [ "searx-init.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
User = "searx";
|
||||||
|
Group = "searx";
|
||||||
ExecStart = "${cfg.package}/bin/searx-run";
|
ExecStart = "${cfg.package}/bin/searx-run";
|
||||||
StateDirectory = "searx";
|
|
||||||
} // optionalAttrs (cfg.environmentFile != null)
|
} // optionalAttrs (cfg.environmentFile != null)
|
||||||
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
|
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
|
||||||
environment.SEARX_SETTINGS_PATH = cfg.settingsFile;
|
environment.SEARX_SETTINGS_PATH = cfg.settingsFile;
|
||||||
preStart = mergeConfig;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ cfg.package ];
|
systemd.services.uwsgi = mkIf (cfg.runInUwsgi)
|
||||||
|
{ requires = [ "searx-init.service" ];
|
||||||
|
after = [ "searx-init.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.uwsgi = mkIf (cfg.runInUwsgi) {
|
||||||
|
enable = true;
|
||||||
|
plugins = [ "python3" ];
|
||||||
|
|
||||||
|
instance.type = "emperor";
|
||||||
|
instance.vassals.searx = {
|
||||||
|
type = "normal";
|
||||||
|
strict = true;
|
||||||
|
immediate-uid = "searx";
|
||||||
|
immediate-gid = "searx";
|
||||||
|
lazy-apps = true;
|
||||||
|
enable-threads = true;
|
||||||
|
module = "searx.webapp";
|
||||||
|
env = [ "SEARX_SETTINGS_PATH=${cfg.settingsFile}" ];
|
||||||
|
pythonPackages = self: [ cfg.package ];
|
||||||
|
} // cfg.uwsgiConfig;
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -6,7 +6,8 @@ import ./make-test-python.nix ({ pkgs, ...} :
|
|||||||
maintainers = [ rnhmjoj ];
|
maintainers = [ rnhmjoj ];
|
||||||
};
|
};
|
||||||
|
|
||||||
machine = { ... }: {
|
# basic setup: searx running the built-in webserver
|
||||||
|
nodes.base = { ... }: {
|
||||||
imports = [ ../modules/profiles/minimal.nix ];
|
imports = [ ../modules/profiles/minimal.nix ];
|
||||||
|
|
||||||
services.searx = {
|
services.searx = {
|
||||||
@ -17,11 +18,10 @@ import ./make-test-python.nix ({ pkgs, ...} :
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
settings.server =
|
settings.server =
|
||||||
{ port = 8080;
|
{ port = "8080";
|
||||||
bind_address = "0.0.0.0";
|
bind_address = "0.0.0.0";
|
||||||
secret_key = "@SEARX_SECRET_KEY@";
|
secret_key = "@SEARX_SECRET_KEY@";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings.engines = {
|
settings.engines = {
|
||||||
wolframalpha =
|
wolframalpha =
|
||||||
{ api_key = "@WOLFRAM_API_KEY@";
|
{ api_key = "@WOLFRAM_API_KEY@";
|
||||||
@ -29,34 +29,81 @@ import ./make-test-python.nix ({ pkgs, ...} :
|
|||||||
};
|
};
|
||||||
startpage.shortcut = "start";
|
startpage.shortcut = "start";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
# fancy setup: run in uWSGI and use nginx as proxy
|
||||||
|
nodes.fancy = { ... }: {
|
||||||
|
imports = [ ../modules/profiles/minimal.nix ];
|
||||||
|
|
||||||
|
services.searx = {
|
||||||
|
enable = true;
|
||||||
|
runInUwsgi = true;
|
||||||
|
uwsgiConfig = {
|
||||||
|
# serve using the uwsgi protocol
|
||||||
|
socket = "/run/searx/uwsgi.sock";
|
||||||
|
chmod-socket = "660";
|
||||||
|
|
||||||
|
# use /searx as url "mountpoint"
|
||||||
|
mount = "/searx=searx.webapp:application";
|
||||||
|
module = "";
|
||||||
|
manage-script-name = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# use nginx as reverse proxy
|
||||||
|
services.nginx.enable = true;
|
||||||
|
services.nginx.virtualHosts.localhost = {
|
||||||
|
locations."/searx".extraConfig =
|
||||||
|
''
|
||||||
|
include ${pkgs.nginx}/conf/uwsgi_params;
|
||||||
|
uwsgi_pass unix:/run/searx/uwsgi.sock;
|
||||||
|
'';
|
||||||
|
locations."/searx/static/".alias = "${pkgs.searx}/share/static/";
|
||||||
|
};
|
||||||
|
|
||||||
|
# allow nginx access to the searx socket
|
||||||
|
users.users.nginx.extraGroups = [ "searx" ];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript =
|
testScript =
|
||||||
''
|
''
|
||||||
start_all()
|
base.start()
|
||||||
|
|
||||||
with subtest("Settings have been merged"):
|
with subtest("Settings have been merged"):
|
||||||
machine.wait_for_unit("searx")
|
base.wait_for_unit("searx-init")
|
||||||
output = machine.succeed(
|
base.wait_for_file("/run/searx/settings.yml")
|
||||||
"${pkgs.yq-go}/bin/yq r /var/lib/searx/settings.yml"
|
output = base.succeed(
|
||||||
|
"${pkgs.yq-go}/bin/yq r /run/searx/settings.yml"
|
||||||
" 'engines.(name==startpage).shortcut'"
|
" 'engines.(name==startpage).shortcut'"
|
||||||
).strip()
|
).strip()
|
||||||
assert output == "start", "Settings not merged"
|
assert output == "start", "Settings not merged"
|
||||||
|
|
||||||
with subtest("Environment variables have been substituted"):
|
with subtest("Environment variables have been substituted"):
|
||||||
machine.succeed("grep -q somesecret /var/lib/searx/settings.yml")
|
base.succeed("grep -q somesecret /run/searx/settings.yml")
|
||||||
machine.succeed("grep -q sometoken /var/lib/searx/settings.yml")
|
base.succeed("grep -q sometoken /run/searx/settings.yml")
|
||||||
|
base.copy_from_vm("/run/searx/settings.yml")
|
||||||
|
|
||||||
with subtest("Searx service is running"):
|
with subtest("Basic setup is working"):
|
||||||
machine.wait_for_open_port(8080)
|
base.wait_for_open_port(8080)
|
||||||
machine.succeed(
|
base.wait_for_unit("searx")
|
||||||
|
base.succeed(
|
||||||
"${pkgs.curl}/bin/curl --fail http://localhost:8080"
|
"${pkgs.curl}/bin/curl --fail http://localhost:8080"
|
||||||
)
|
)
|
||||||
|
base.shutdown()
|
||||||
|
|
||||||
machine.copy_from_vm("/var/lib/searx/settings.yml")
|
with subtest("Nginx+uWSGI setup is working"):
|
||||||
machine.shutdown()
|
fancy.start()
|
||||||
|
fancy.wait_for_open_port(80)
|
||||||
|
fancy.wait_for_unit("uwsgi")
|
||||||
|
fancy.succeed(
|
||||||
|
"${pkgs.curl}/bin/curl --fail http://localhost/searx >&2"
|
||||||
|
)
|
||||||
|
fancy.succeed(
|
||||||
|
"${pkgs.curl}/bin/curl --fail http://localhost/searx/static/js/bootstrap.min.js >&2"
|
||||||
|
)
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user