~xenrox/ansible

6f68de0ab7a4a41e6337a12a8bfde31a87a7f6a9 — Thorben Günther 1 year, 1 month ago f8ff399
Add searxng role

Only basic configuration for now.
Successor for searx.

Closes: https://todo.xenrox.net/~xenrox/infrastructure/16
M playbooks/avalon.yml => playbooks/avalon.yml +1 -0
@@ 26,6 26,7 @@
    # - { role: sinusbot } # docker
    # - { role: faceit } # docker
    - { role: searx }
    - { role: searxng }
    - { role: prometheus }
    - { role: alertmanager }
    - { role: prometheus_clients }

A roles/searxng/files/settings.yml => roles/searxng/files/settings.yml +62 -0
@@ 0,0 1,62 @@
# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings
use_default_settings: true

general:
  # use true to use your own donation page written in searx/info/en/donate.md
  # use false to disable the donation link
  donation_url: false
  # mailto:contact@example.com
  contact_url: mailto:admin@xenrox.net

search:
  # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "yandex",
  # "seznam", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
  # by default.
  autocomplete: "duckduckgo"

server:
  # public URL of the instance, to ensure correct inbound links. Is overwritten
  # by ${SEARXNG_URL}.
  base_url: https://search.xenrox.net
  limiter: true # rate limit the number of request on the instance, block some bots
  # Proxying image results through searx
  image_proxy: true

redis:
  # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
  # https://redis-py.readthedocs.io/en/stable/connections.html#redis.client.Redis.from_url
  url: redis://redis:6379/0

ui:
  static_use_hash: true

# Comment or un-comment plugin to activate / deactivate by default.
#
enabled_plugins:
#   # these plugins are enabled if nothing is configured ..
  - 'Hash plugin'
  - 'Search on category select'
  - 'Self Information'
  - 'Tracker URL remover'
#   - 'Ahmia blacklist'  # activation depends on outgoing.using_tor_proxy
#   # these plugins are disabled if nothing is configured ..
  - 'Hostname replace'  # see hostname_replace configuration below
  - 'Open Access DOI rewrite'
#   - 'Vim-like hotkeys'
#   - 'Tor check plugin'
#   # Read the docs before activate: auto-detection of the language could be
#   # detrimental to users expectations / users can activate the plugin in the
#   # preferences if they want.
#   - 'Autodetect search language'

# Configuration of the "Hostname replace" plugin:
#
hostname_replace:
#   '(.*\.)?youtube\.com$': 'invidious.example.com'
#   '(.*\.)?youtu\.be$': 'invidious.example.com'
#   '(.*\.)?youtube-noocookie\.com$': 'yotter.example.com'
#   '(.*\.)?reddit\.com$': 'teddit.example.com'
#   '(.*\.)?redd\.it$': 'teddit.example.com'
  '(www\.)?twitter\.com$': 'nitter.net'
#   # to remove matching host names from result list, set value to false
#   'spam\.example\.com': false

A roles/searxng/tasks/main.yml => roles/searxng/tasks/main.yml +31 -0
@@ 0,0 1,31 @@
---
- name: Get secrets
  ansible.builtin.set_fact:
    secret_key: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/searxng:secret_key') }}"

- name: Create directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: "0755"
  with_items:
    - /opt/searxng
    - /opt/searxng/searxng

- name: Configure docker-compose
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: /opt/searxng/docker-compose.yml
    owner: root
    group: root
    mode: "0600"

- name: Configure searxng
  ansible.builtin.copy:
    src: settings.yml
    dest: /opt/searxng/searxng/settings.yml
    owner: root
    group: root
    mode: "0644"

A roles/searxng/templates/docker-compose.yml.j2 => roles/searxng/templates/docker-compose.yml.j2 +43 -0
@@ 0,0 1,43 @@
version: "3.7"
services:
  redis:
    container_name: redis
    image: "redis:alpine"
    command: redis-server --save "" --appendonly "no"
    networks:
      - searxng
    tmpfs:
      - /var/lib/redis
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE

  searxng:
    container_name: searxng
    image: searxng/searxng:latest
    networks:
      - searxng
    ports:
      - "127.0.0.1:8888:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      - SEARXNG_SECRET={{ secret_key }}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
networks:
  searxng:
    ipam:
      driver: default