privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/search: use tor

Browse source
This commit is contained in:
Max Headroom 2024-04-30 03:09:17 +02:00
parent eccf23ce9e
commit 5c67cc7880
2 changed files with 7 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
cluster/services/search/host.nix
View file

@ -3,9 +3,6 @@ let
inherit (config) links; inherit (config) links;
in in
{ {
imports = [
./proxy-shuffle.nix
];
links.searxng.protocol = "http"; links.searxng.protocol = "http";
age.secrets.searxng-secrets.file = ../../../secrets/searxng-secrets.age; age.secrets.searxng-secrets.file = ../../../secrets/searxng-secrets.age;
@ -27,25 +24,12 @@ in
{ name = "brave"; disabled = true; } { name = "brave"; disabled = true; }
]; ];
ui.theme_args.simple_style = "dark"; ui.theme_args.simple_style = "dark";
outgoing.proxies = rec { outgoing = {
http = [ using_tor_proxy = true;
"socks5://se-got-wg-socks5-001.relays.mullvad.net:1080" proxies = rec {
"socks5://se-sto-wg-socks5-010.relays.mullvad.net:1080" http = [ config.links.torSocks.url ];
"socks5://se-sto-wg-socks5-014.relays.mullvad.net:1080" https = http;
"socks5://ch-zrh-wg-socks5-005.relays.mullvad.net:1080" };
"socks5://se-mma-wg-socks5-001.relays.mullvad.net:1080"
"socks5://se-mma-wg-socks5-101.relays.mullvad.net:1080"
"socks5://se-mma-wg-socks5-102.relays.mullvad.net:1080"
"socks5://se-mma-wg-socks5-103.relays.mullvad.net:1080"
"socks5://ch-zrh-wg-socks5-002.relays.mullvad.net:1080"
"socks5://se-sto-wg-socks5-004.relays.mullvad.net:1080"
"socks5://se-got-wg-socks5-003.relays.mullvad.net:1080"
"socks5://se-sto-wg-socks5-006.relays.mullvad.net:1080"
"socks5://se-sto-wg-socks5-008.relays.mullvad.net:1080"
"socks5://se-sto-wg-socks5-001.relays.mullvad.net:1080"
"socks5://se-mma-wg-socks5-004.relays.mullvad.net:1080"
];
https = http;
}; };
}; };
uwsgiConfig = { uwsgiConfig = {
@ -58,5 +42,5 @@ in
services.nginx.virtualHosts."search.${depot.lib.meta.domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy links.searxng.url) { services.nginx.virtualHosts."search.${depot.lib.meta.domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy links.searxng.url) {
extraConfig = "access_log off;"; extraConfig = "access_log off;";
}; };
systemd.services.uwsgi.after = [ "wireguard-wgmv.service" "network-addresses-wgmv.service" ]; systemd.services.uwsgi.after = [ "tor.service" ];
} }

43
cluster/services/search/proxy-shuffle.nix
View file

@ -1,43 +0,0 @@
{ config, pkgs, ... }:
{
systemd = {
timers.searx-proxy-shuffle = {
wantedBy = [ "timers.target" ];
timerConfig = {
AccuracySec = "5m";
RandomizedDelaySec = "10m";
OnCalendar = "*:15,45";
};
};
services.searx-proxy-shuffle = {
after = [ "searx-init.service" ];
path = with pkgs; [ curl jq ];
script = ''
umask 77
test -e /run/searx/settings.yml || exit 0
if ! curl -fsSL -D /run/searx/proxy-shuffle-curl-status.txt https://api-www.mullvad.net/www/relays/wireguard/ > /run/searx/proxylist-new.json; then
echo "Failed to get new proxy list"
cat /run/searx/proxy-shuffle-curl-status.txt
exit 1
fi
jq < /run/searx/proxylist-new.json \
'.[] | select(.active) | select(.country_code as $cc | ["es","se","rs","ch","ro"] | index($cc)) | "socks5://\(.socks_name):\(.socks_port)"' \
| shuf > /run/searx/proxies.ndjson
jq --slurpfile proxies /run/searx/proxies.ndjson < /run/searx/settings.yml > /run/searx/.settings-new.yml \
'.outgoing.proxies.http=$proxies | .outgoing.proxies.https=$proxies'
mv /run/searx/.settings-new.yml /run/searx/settings.yml
'';
serviceConfig = {
Type = "oneshot";
User = "searx";
Group = "searx";
ExecStartPost = "+${config.systemd.package}/bin/systemctl try-reload-or-restart uwsgi.service";
};
};
};
}