diff --git a/flake.nix b/flake.nix index fe2a141..a189428 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Gosearch - SearXNG rewrite in Go"; + description = "gosearch — privacy-respecting, open metasearch engine"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; @@ -9,20 +9,139 @@ let systems = [ "x86_64-linux" "aarch64-linux" ]; forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); - in { + in + { + packages = forAllSystems (system: + let + pkgs = import nixpkgs { inherit system; }; + in + { + default = pkgs.buildGoModule { + pname = "gosearch"; + version = "0.1.0"; + src = ./.; + + vendorHash = ""; + # Run: nix build .#packages.x86_64-linux.default + # It will fail with the correct hash. Replace it here. + + # Embed the templates and static files at build time. + ldflags = [ "-s" "-w" ]; + + nativeCheckInputs = with pkgs; [ ]; + + meta = with pkgs.lib; { + description = "Privacy-respecting, open metasearch engine"; + homepage = "https://git.ashisgreat.xyz/penal-colony/gosearch"; + license = licenses.mit; + platforms = platforms.linux ++ platforms.darwin; + }; + }; + }); + + nixosModules.default = { config, lib, pkgs, ... }: + let + cfg = config.services.gosearch; + in + { + options.services.gosearch = { + enable = lib.mkEnableOption "gosearch metasearch engine"; + + package = lib.mkOption { + type = lib.types.package; + default = self.packages.${pkgs.system}.default; + description = "gosearch package to use."; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port to listen on."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open the firewall port."; + }; + + baseUrl = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Public base URL for OpenSearch XML (e.g. https://search.example.com)."; + }; + + config = lib.mkOption { + type = lib.types.path; + default = "/etc/gosearch/config.toml"; + description = "Path to config.toml file."; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "gosearch"; + description = "System user to run as."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "gosearch"; + description = "System group to run as."; + }; + + stateDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/gosearch"; + description = "State directory."; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.${cfg.user} = lib.mkIf (cfg.user == "gosearch") { + isSystemUser = true; + group = cfg.group; + home = cfg.stateDir; + createHome = true; + }; + + users.groups.${cfg.group} = lib.mkIf (cfg.group == "gosearch") { }; + + systemd.services.gosearch = { + description = "gosearch metasearch engine"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${lib.getExe cfg.package} -config ${cfg.config}"; + Restart = "on-failure"; + RestartSec = "5s"; + WorkingDirectory = cfg.stateDir; + Environment = lib.optionals (cfg.baseUrl != "") [ + "BASE_URL=${cfg.baseUrl}" + ]; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; + }; + devShells = forAllSystems (system: let pkgs = import nixpkgs { inherit system; }; - go = pkgs.go_1_24; in { default = pkgs.mkShell { buildInputs = [ - go + pkgs.go_1_24 pkgs.curl ]; }; }); }; } -