{ description = "gosearch — privacy-respecting, open metasearch engine"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; }; outputs = { self, nixpkgs }: let systems = [ "x86_64-linux" "aarch64-linux" ]; forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); in { packages = forAllSystems (system: let pkgs = import nixpkgs { inherit system; }; in { default = pkgs.buildGoModule { pname = "gosearch"; version = "0.1.0"; src = ./.; vendorHash = ""; # Run: nix build .#packages.x86_64-linux.default # It will fail with the correct hash. Replace it here. # Embed the templates and static files at build time. ldflags = [ "-s" "-w" ]; nativeCheckInputs = with pkgs; [ ]; meta = with pkgs.lib; { description = "Privacy-respecting, open metasearch engine"; homepage = "https://git.ashisgreat.xyz/penal-colony/gosearch"; license = licenses.mit; platforms = platforms.linux ++ platforms.darwin; }; }; }); nixosModules.default = { config, lib, pkgs, ... }: let cfg = config.services.gosearch; in { options.services.gosearch = { enable = lib.mkEnableOption "gosearch metasearch engine"; package = lib.mkOption { type = lib.types.package; default = self.packages.${pkgs.system}.default; description = "gosearch package to use."; }; port = lib.mkOption { type = lib.types.port; default = 8080; description = "Port to listen on."; }; openFirewall = lib.mkOption { type = lib.types.bool; default = false; description = "Open the firewall port."; }; baseUrl = lib.mkOption { type = lib.types.str; default = ""; description = "Public base URL for OpenSearch XML (e.g. https://search.example.com)."; }; config = lib.mkOption { type = lib.types.path; default = "/etc/gosearch/config.toml"; description = "Path to config.toml file."; }; user = lib.mkOption { type = lib.types.str; default = "gosearch"; description = "System user to run as."; }; group = lib.mkOption { type = lib.types.str; default = "gosearch"; description = "System group to run as."; }; stateDir = lib.mkOption { type = lib.types.path; default = "/var/lib/gosearch"; description = "State directory."; }; }; config = lib.mkIf cfg.enable { users.users.${cfg.user} = lib.mkIf (cfg.user == "gosearch") { isSystemUser = true; group = cfg.group; home = cfg.stateDir; createHome = true; }; users.groups.${cfg.group} = lib.mkIf (cfg.group == "gosearch") { }; systemd.services.gosearch = { description = "gosearch metasearch engine"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "simple"; User = cfg.user; Group = cfg.group; ExecStart = "${lib.getExe cfg.package} -config ${cfg.config}"; Restart = "on-failure"; RestartSec = "5s"; WorkingDirectory = cfg.stateDir; Environment = lib.optionals (cfg.baseUrl != "") [ "BASE_URL=${cfg.baseUrl}" ]; }; }; networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; }; }; devShells = forAllSystems (system: let pkgs = import nixpkgs { inherit system; }; in { default = pkgs.mkShell { buildInputs = [ pkgs.go_1_24 pkgs.curl ]; }; }); }; }