talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/searx: use envsubst instead of sed for reading environment variables

Browse Source 
- use envsubst instead of sed for reading in environment variables
- update usage examples
- add release notes
This commit is contained in:
Sean Behan 2025-07-06 00:22:23 -04:00 committed by Sandro Jäckel
parent f6e9250bf0
commit ca88da9ce3
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/release-notes/rl-2511.section.md
View File

@ -60,6 +60,9 @@
- `meta.mainProgram`: Changing this `meta` entry can lead to a package rebuild due to being used to determine the `NIX_MAIN_PROGRAM` environment variable. - `meta.mainProgram`: Changing this `meta` entry can lead to a package rebuild due to being used to determine the `NIX_MAIN_PROGRAM` environment variable.
- `searx` was updated to use `envsubst` instead of `sed` for parsing secrets from environment variables.
If your previous configuration included a secret reference like `server.secret_key = "@SEARX_SECRET_KEY@"`, you must migrate to the new envsubst syntax: `server.secret_key = "$SEARX_SECRET_KEY"`.
- `versionCheckHook`: Packages that previously relied solely on `pname` to locate the program used to version check, but have a differing `meta.mainProgram` entry, might now fail. - `versionCheckHook`: Packages that previously relied solely on `pname` to locate the program used to version check, but have a differing `meta.mainProgram` entry, might now fail.

17
nixos/modules/services/networking/searx.nix
View File

@ -24,13 +24,8 @@ let
# write NixOS settings as JSON # write NixOS settings as JSON
( (
umask 077 umask 077
cp --no-preserve=mode ${settingsFile} settings.yml ${pkgs.envsubst}/bin/envsubst < ${settingsFile} > settings.yml
) )
# substitute environment variables
env -0 | while IFS='=' read -r -d ''' n v; do
sed "s#@$n@#$v#g" -i settings.yml
done
''; '';
settingType = settingType =
@ -95,20 +90,20 @@ in
{ {
server.port = 8080; server.port = 8080;
server.bind_address = "0.0.0.0"; server.bind_address = "0.0.0.0";
server.secret_key = "@SEARX_SECRET_KEY@"; server.secret_key = "$SEARX_SECRET_KEY";
engines = lib.singleton { engines = [ {
name = "wolframalpha"; name = "wolframalpha";
shortcut = "wa"; shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@"; api_key = "$WOLFRAM_API_KEY";
engine = "wolframalpha_api"; engine = "wolframalpha_api";
}; } ];
} }
''; '';
description = '' description = ''
Searx settings. Searx settings.
These will be merged with (taking precedence over) the default configuration. These will be merged with (taking precedence over) the default configuration.
It's also possible to refer to environment variables (defined in [](#opt-services.searx.environmentFile)) using the syntax `@VARIABLE_NAME@`. It's also possible to refer to environment variables (defined in [](#opt-services.searx.environmentFile)) using the syntax `$VARIABLE_NAME`.
::: {.note} ::: {.note}
For available settings, see the Searx [docs](https://docs.searxng.org/admin/settings/index.html). For available settings, see the Searx [docs](https://docs.searxng.org/admin/settings/index.html).

2
nixos/tests/searx.nix
View File

@ -28,7 +28,7 @@
server = { server = {
port = "8080"; port = "8080";
bind_address = "0.0.0.0"; bind_address = "0.0.0.0";
secret_key = "@SEARX_SECRET_KEY@"; secret_key = "$SEARX_SECRET_KEY";
}; };
}; };
}; };