diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 3871e9ad9a57..12c739783cec 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -60,6 +60,9 @@ - `meta.mainProgram`: Changing this `meta` entry can lead to a package rebuild due to being used to determine the `NIX_MAIN_PROGRAM` environment variable. +- `searx` was updated to use `envsubst` instead of `sed` for parsing secrets from environment variables. + If your previous configuration included a secret reference like `server.secret_key = "@SEARX_SECRET_KEY@"`, you must migrate to the new envsubst syntax: `server.secret_key = "$SEARX_SECRET_KEY"`. + - `versionCheckHook`: Packages that previously relied solely on `pname` to locate the program used to version check, but have a differing `meta.mainProgram` entry, might now fail. diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index e7a10bfffaba..3e6872e5cfe1 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -24,13 +24,8 @@ let # write NixOS settings as JSON ( umask 077 - cp --no-preserve=mode ${settingsFile} settings.yml + ${pkgs.envsubst}/bin/envsubst < ${settingsFile} > settings.yml ) - - # substitute environment variables - env -0 | while IFS='=' read -r -d ''' n v; do - sed "s#@$n@#$v#g" -i settings.yml - done ''; settingType = @@ -95,20 +90,20 @@ in { server.port = 8080; server.bind_address = "0.0.0.0"; - server.secret_key = "@SEARX_SECRET_KEY@"; + server.secret_key = "$SEARX_SECRET_KEY"; - engines = lib.singleton { + engines = [ { name = "wolframalpha"; shortcut = "wa"; - api_key = "@WOLFRAM_API_KEY@"; + api_key = "$WOLFRAM_API_KEY"; engine = "wolframalpha_api"; - }; + } ]; } ''; description = '' Searx settings. These will be merged with (taking precedence over) the default configuration. - It's also possible to refer to environment variables (defined in [](#opt-services.searx.environmentFile)) using the syntax `@VARIABLE_NAME@`. + It's also possible to refer to environment variables (defined in [](#opt-services.searx.environmentFile)) using the syntax `$VARIABLE_NAME`. ::: {.note} For available settings, see the Searx [docs](https://docs.searxng.org/admin/settings/index.html). diff --git a/nixos/tests/searx.nix b/nixos/tests/searx.nix index 6cbc878df2c8..18199e6db3ed 100644 --- a/nixos/tests/searx.nix +++ b/nixos/tests/searx.nix @@ -28,7 +28,7 @@ server = { port = "8080"; bind_address = "0.0.0.0"; - secret_key = "@SEARX_SECRET_KEY@"; + secret_key = "$SEARX_SECRET_KEY"; }; }; };