From 5c67cc78806c2125b0a015b16e7567170f17d24b Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 30 Apr 2024 03:09:17 +0200 Subject: [PATCH] cluster/services/search: use tor --- cluster/services/search/host.nix | 30 ++++------------ cluster/services/search/proxy-shuffle.nix | 43 ----------------------- 2 files changed, 7 insertions(+), 66 deletions(-) delete mode 100644 cluster/services/search/proxy-shuffle.nix diff --git a/cluster/services/search/host.nix b/cluster/services/search/host.nix index 74095f8..7e520ee 100644 --- a/cluster/services/search/host.nix +++ b/cluster/services/search/host.nix @@ -3,9 +3,6 @@ let inherit (config) links; in { - imports = [ - ./proxy-shuffle.nix - ]; links.searxng.protocol = "http"; age.secrets.searxng-secrets.file = ../../../secrets/searxng-secrets.age; @@ -27,25 +24,12 @@ in { name = "brave"; disabled = true; } ]; ui.theme_args.simple_style = "dark"; - outgoing.proxies = rec { - http = [ - "socks5://se-got-wg-socks5-001.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-010.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-014.relays.mullvad.net:1080" - "socks5://ch-zrh-wg-socks5-005.relays.mullvad.net:1080" - "socks5://se-mma-wg-socks5-001.relays.mullvad.net:1080" - "socks5://se-mma-wg-socks5-101.relays.mullvad.net:1080" - "socks5://se-mma-wg-socks5-102.relays.mullvad.net:1080" - "socks5://se-mma-wg-socks5-103.relays.mullvad.net:1080" - "socks5://ch-zrh-wg-socks5-002.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-004.relays.mullvad.net:1080" - "socks5://se-got-wg-socks5-003.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-006.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-008.relays.mullvad.net:1080" - "socks5://se-sto-wg-socks5-001.relays.mullvad.net:1080" - "socks5://se-mma-wg-socks5-004.relays.mullvad.net:1080" - ]; - https = http; + outgoing = { + using_tor_proxy = true; + proxies = rec { + http = [ config.links.torSocks.url ]; + https = http; + }; }; }; uwsgiConfig = { @@ -58,5 +42,5 @@ in services.nginx.virtualHosts."search.${depot.lib.meta.domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy links.searxng.url) { extraConfig = "access_log off;"; }; - systemd.services.uwsgi.after = [ "wireguard-wgmv.service" "network-addresses-wgmv.service" ]; + systemd.services.uwsgi.after = [ "tor.service" ]; } diff --git a/cluster/services/search/proxy-shuffle.nix b/cluster/services/search/proxy-shuffle.nix deleted file mode 100644 index 48371ac..0000000 --- a/cluster/services/search/proxy-shuffle.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, ... }: - -{ - systemd = { - timers.searx-proxy-shuffle = { - wantedBy = [ "timers.target" ]; - timerConfig = { - AccuracySec = "5m"; - RandomizedDelaySec = "10m"; - OnCalendar = "*:15,45"; - }; - }; - services.searx-proxy-shuffle = { - after = [ "searx-init.service" ]; - path = with pkgs; [ curl jq ]; - script = '' - umask 77 - test -e /run/searx/settings.yml || exit 0 - - if ! curl -fsSL -D /run/searx/proxy-shuffle-curl-status.txt https://api-www.mullvad.net/www/relays/wireguard/ > /run/searx/proxylist-new.json; then - echo "Failed to get new proxy list" - cat /run/searx/proxy-shuffle-curl-status.txt - exit 1 - fi - - jq < /run/searx/proxylist-new.json \ - '.[] | select(.active) | select(.country_code as $cc | ["es","se","rs","ch","ro"] | index($cc)) | "socks5://\(.socks_name):\(.socks_port)"' \ - | shuf > /run/searx/proxies.ndjson - - jq --slurpfile proxies /run/searx/proxies.ndjson < /run/searx/settings.yml > /run/searx/.settings-new.yml \ - '.outgoing.proxies.http=$proxies | .outgoing.proxies.https=$proxies' - - mv /run/searx/.settings-new.yml /run/searx/settings.yml - ''; - serviceConfig = { - Type = "oneshot"; - User = "searx"; - Group = "searx"; - ExecStartPost = "+${config.systemd.package}/bin/systemctl try-reload-or-restart uwsgi.service"; - }; - }; - }; -}