I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking?
services.searx = {
enable = true;
redisCreateLocally = true;
limiterSettings = {
real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
};
botdetection = {
ip_limit = {
filter_link_local = true;
link_token = true;
};
ip_lists = {
pass_ip = [
"192.168.0.0/16"
"fe80::/10"
];
pass_searxng_org = true;
};
};
};
runInUwsgi = true;
uwsgiConfig = {
socket = "/run/searx/searx.sock";
http = ":8888";
chmod-socket = "660";
disable-logging = true;
};
settings = {
general = {
debug = false;
instance_name = "SearXNG Instance";
donation_url = false;
contact_url = false;
enable_metrics = false;
};
ui = {
static_use_hash = true;
theme_args.simple_style = "dark";
query_in_title = true;
center_alignment = true;
results_on_new_tab = false;
};
search = {
safe_search = 2;
autocomplete_min = 2;
autocomplete = "duckduckgo";
};
server = {
port = 8888;
bind_address = "0.0.0.0";
secret_key = config.sops.secrets.searx.path;
image_proxy = true;
method = "GET";
default_locale = "en";
default_lang = "en-US";
base_url = "https://myinstance.org";
public_instance = true;
};
engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
"duckduckgo".disabled = false;
"brave".disabled = true;
};
outgoing = {
request_timeout = 5.0;
max_request_timeout = 15.0;
pool_connections = 100;
pool_maxsize = 15;
enable_http2 = true;
};
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"myinstance.org" = {
forceSSL = true;
sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path;
sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path;
locations = {
"/" = {
extraConfig = ''
uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
'';
};
};
};
};
};