penal-colony/kafka
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add NixOS module for native deployment

Browse source 
- flake.nix now exports packages, NixOS module, and dev shell
- NixOS module: services.gosearch
  - Configurable port, base URL, user/group, state dir
  - Creates system user automatically
  - Runs as systemd service with auto-restart
  - Optional firewall opening
- To deploy on your NixOS VPS:
  1. Get the vendor hash: nix build .#packages.x86_64-linux.default (copy the hash)
  2. Add to your flake inputs and imports
  3. Enable in configuration.nix
This commit is contained in:
Franz Kafka 2026-03-21 17:42:05 +00:00
parent 4ec600f6c0
commit 91ab76758c
1 changed files with 124 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

129
flake.nix
View file

@ -1,5 +1,5 @@
{
description = "Gosearch - SearXNG rewrite in Go";
description = "gosearch privacy-respecting, open metasearch engine";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@ -9,20 +9,139 @@
let
systems = [ "x86_64-linux" "aarch64-linux" ];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
in {
in
{
packages = forAllSystems (system:
let
pkgs = import nixpkgs { inherit system; };
in
{
default = pkgs.buildGoModule {
pname = "gosearch";
version = "0.1.0";
src = ./.;
vendorHash = "";
# Run: nix build .#packages.x86_64-linux.default
# It will fail with the correct hash. Replace it here.
# Embed the templates and static files at build time.
ldflags = [ "-s" "-w" ];
nativeCheckInputs = with pkgs; [ ];
meta = with pkgs.lib; {
description = "Privacy-respecting, open metasearch engine";
homepage = "https://git.ashisgreat.xyz/penal-colony/gosearch";
license = licenses.mit;
platforms = platforms.linux ++ platforms.darwin;
};
};
});
nixosModules.default = { config, lib, pkgs, ... }:
let
cfg = config.services.gosearch;
in
{
options.services.gosearch = {
enable = lib.mkEnableOption "gosearch metasearch engine";
package = lib.mkOption {
type = lib.types.package;
default = self.packages.${pkgs.system}.default;
description = "gosearch package to use.";
};
port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = "Port to listen on.";
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Open the firewall port.";
};
baseUrl = lib.mkOption {
type = lib.types.str;
default = "";
description = "Public base URL for OpenSearch XML (e.g. https://search.example.com).";
};
config = lib.mkOption {
type = lib.types.path;
default = "/etc/gosearch/config.toml";
description = "Path to config.toml file.";
};
user = lib.mkOption {
type = lib.types.str;
default = "gosearch";
description = "System user to run as.";
};
group = lib.mkOption {
type = lib.types.str;
default = "gosearch";
description = "System group to run as.";
};
stateDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/gosearch";
description = "State directory.";
};
};
config = lib.mkIf cfg.enable {
users.users.${cfg.user} = lib.mkIf (cfg.user == "gosearch") {
isSystemUser = true;
group = cfg.group;
home = cfg.stateDir;
createHome = true;
};
users.groups.${cfg.group} = lib.mkIf (cfg.group == "gosearch") { };
systemd.services.gosearch = {
description = "gosearch metasearch engine";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${lib.getExe cfg.package} -config ${cfg.config}";
Restart = "on-failure";
RestartSec = "5s";
WorkingDirectory = cfg.stateDir;
Environment = lib.optionals (cfg.baseUrl != "") [
"BASE_URL=${cfg.baseUrl}"
];
};
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
};
};
devShells = forAllSystems (system:
let
pkgs = import nixpkgs { inherit system; };
go = pkgs.go_1_24;
in
{
default = pkgs.mkShell {
buildInputs = [
go
pkgs.go_1_24
pkgs.curl
];
};
});
};
}