From 255a0e0e614a9ae2583cfb11031bbed0af0a5c4c Mon Sep 17 00:00:00 2001
From: Zuma <lucien@shenanigans.cc>
Date: Sat, 8 Nov 2025 16:52:35 +0100
Subject: [PATCH] Added Caddyfile configuration + Searxng job

---
 apps/caddy/Caddyfile     | 11 +++++++++++
 apps/caddy/caddy.hcl     |  9 +++++++++
 apps/searxng/searxng.hcl | 30 ++++++++++++++++++++++++++++++
 configuration.nix        |  2 ++
 4 files changed, 52 insertions(+)
 create mode 100644 apps/caddy/Caddyfile
 create mode 100644 apps/searxng/searxng.hcl

diff --git a/apps/caddy/Caddyfile b/apps/caddy/Caddyfile
new file mode 100644
index 0000000..6a52946
--- /dev/null
+++ b/apps/caddy/Caddyfile
@@ -0,0 +1,11 @@
+{
+  email zuma@deuxfleurs.fr
+}
+
+chokbar.bzh {
+  respond "Kenavo !"
+}
+
+search.chokbar.bzh {
+  reverse_proxy searxng.service.consul:8080
+}
diff --git a/apps/caddy/caddy.hcl b/apps/caddy/caddy.hcl
index e740f15..30d38d0 100644
--- a/apps/caddy/caddy.hcl
+++ b/apps/caddy/caddy.hcl
@@ -16,6 +16,9 @@ job "caddy" {
         image = "caddy"
         network_mode = "host"
         ports = [ "http_port", "https_port" ]
+        volumes = [
+          "secrets/Caddyfile:/etc/caddy/Caddyfile"
+        ]
       }
 
       resources {
@@ -23,6 +26,12 @@ job "caddy" {
         memory = 400
       }
 
+      template {
+        data = file("./Caddyfile")
+        destination = "secrets/Caddyfile"
+        perms = 400
+      }
+
       service {
         name = "caddy-http"
         port = "http_port"
diff --git a/apps/searxng/searxng.hcl b/apps/searxng/searxng.hcl
new file mode 100644
index 0000000..d880d49
--- /dev/null
+++ b/apps/searxng/searxng.hcl
@@ -0,0 +1,30 @@
+job "searxng" {
+  datacenters = [ "gribse-house", "zuma-house", "mayel-house" ]
+  type = "service"
+  priority = 90
+
+  group "searxng" {
+    network {
+      port "http_port" { static = 8080 }
+    }
+
+    task "server" {
+      driver = "docker"
+
+      config {
+        image = "searxng/searxng:latest"
+        ports = [ "http_port" ]
+      }
+
+      resources {
+        cpu = 500
+        memory = 200
+      }
+
+      service {
+        name = "searxng"
+        port = "http_port"
+      }
+    }
+  }
+}
diff --git a/configuration.nix b/configuration.nix
index 67a2690..8a272ee 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -279,6 +279,8 @@ with pkgs.lib;
         enable = true;
         allowedTCPPorts = [
           22 # SSH
+          80 # HTTP
+          443 # HTTPS
         ];
         allowedUDPPorts = [
           19720 # Wireguard