Commit aa45a4beab60

Vincent Demeester <vincent@sbr.pm>
2026-02-10 15:46:17
fix(aomi): fixed SearXNG engine errors and firewall
Updated SearXNG engine names for upstream renames: stackoverflow → stackexchange, arch_linux_wiki → archlinux. Removed broken ahmia and torch engines from defaults. Added port 8888 to nftables rules since NixOS firewall is disabled by the custom OpenShift port-forward config.
main
1 parent 454227a
Changed files (2)
systems
aomi
extra.nix
openshift-port-forward.nix
systems/aomi/extra.nix
@@ -234,7 +234,12 @@
     enable = true;
     environmentFile = config.age.secrets."searxng-secret-key".path;
     settings = {
-      use_default_settings = true;
+      use_default_settings = {
+        engines.remove = [
+          "ahmia"
+          "torch"
+        ];
+      };
       server = {
         port = 8888;
         bind_address = "0.0.0.0";
@@ -285,13 +290,14 @@
         }
         {
           name = "stackoverflow";
-          engine = "stackoverflow";
+          engine = "stackexchange";
           shortcut = "so";
           disabled = false;
+          categories = "it";
         }
         {
           name = "arch wiki";
-          engine = "arch_linux_wiki";
+          engine = "archlinux";
           shortcut = "aw";
           disabled = false;
         }
@@ -441,11 +447,9 @@
     };
   };
 
-  # Open firewall for Ollama exporter + SearXNG
-  networking.firewall.allowedTCPPorts = [
-    8000
-    8888
-  ];
+  # NOTE: NixOS firewall is disabled (see openshift-port-forward.nix).
+  # Firewall rules must be added to the nftables config there instead.
+  # networking.firewall.allowedTCPPorts = [ 8000 8888 ];
 
   # Builder user for remote builds
   users.users.builder = {
systems/aomi/openshift-port-forward.nix
@@ -82,6 +82,9 @@
               # Allow Ollama Prometheus exporter
               tcp dport 8000 accept
 
+              # Allow SearXNG metasearch engine
+              tcp dport 8888 accept
+
               # Allow Harmonia binary cache
               tcp dport 5000 accept