M playbooks/avalon.yml => playbooks/avalon.yml +1 -0
@@ 26,6 26,7 @@
# - { role: sinusbot } # docker
# - { role: faceit } # docker
- { role: searx }
+ - { role: searxng }
- { role: prometheus }
- { role: alertmanager }
- { role: prometheus_clients }
A roles/searxng/files/settings.yml => roles/searxng/files/settings.yml +62 -0
@@ 0,0 1,62 @@
+# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings
+use_default_settings: true
+
+general:
+ # use true to use your own donation page written in searx/info/en/donate.md
+ # use false to disable the donation link
+ donation_url: false
+ # mailto:contact@example.com
+ contact_url: mailto:admin@xenrox.net
+
+search:
+ # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "yandex",
+ # "seznam", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
+ # by default.
+ autocomplete: "duckduckgo"
+
+server:
+ # public URL of the instance, to ensure correct inbound links. Is overwritten
+ # by ${SEARXNG_URL}.
+ base_url: https://search.xenrox.net
+ limiter: true # rate limit the number of request on the instance, block some bots
+ # Proxying image results through searx
+ image_proxy: true
+
+redis:
+ # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
+ # https://redis-py.readthedocs.io/en/stable/connections.html#redis.client.Redis.from_url
+ url: redis://redis:6379/0
+
+ui:
+ static_use_hash: true
+
+# Comment or un-comment plugin to activate / deactivate by default.
+#
+enabled_plugins:
+# # these plugins are enabled if nothing is configured ..
+ - 'Hash plugin'
+ - 'Search on category select'
+ - 'Self Information'
+ - 'Tracker URL remover'
+# - 'Ahmia blacklist' # activation depends on outgoing.using_tor_proxy
+# # these plugins are disabled if nothing is configured ..
+ - 'Hostname replace' # see hostname_replace configuration below
+ - 'Open Access DOI rewrite'
+# - 'Vim-like hotkeys'
+# - 'Tor check plugin'
+# # Read the docs before activate: auto-detection of the language could be
+# # detrimental to users expectations / users can activate the plugin in the
+# # preferences if they want.
+# - 'Autodetect search language'
+
+# Configuration of the "Hostname replace" plugin:
+#
+hostname_replace:
+# '(.*\.)?youtube\.com$': 'invidious.example.com'
+# '(.*\.)?youtu\.be$': 'invidious.example.com'
+# '(.*\.)?youtube-noocookie\.com$': 'yotter.example.com'
+# '(.*\.)?reddit\.com$': 'teddit.example.com'
+# '(.*\.)?redd\.it$': 'teddit.example.com'
+ '(www\.)?twitter\.com$': 'nitter.net'
+# # to remove matching host names from result list, set value to false
+# 'spam\.example\.com': false
A roles/searxng/tasks/main.yml => roles/searxng/tasks/main.yml +31 -0
@@ 0,0 1,31 @@
+---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ secret_key: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/searxng:secret_key') }}"
+
+- name: Create directories
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+ with_items:
+ - /opt/searxng
+ - /opt/searxng/searxng
+
+- name: Configure docker-compose
+ ansible.builtin.template:
+ src: docker-compose.yml.j2
+ dest: /opt/searxng/docker-compose.yml
+ owner: root
+ group: root
+ mode: "0600"
+
+- name: Configure searxng
+ ansible.builtin.copy:
+ src: settings.yml
+ dest: /opt/searxng/searxng/settings.yml
+ owner: root
+ group: root
+ mode: "0644"
A roles/searxng/templates/docker-compose.yml.j2 => roles/searxng/templates/docker-compose.yml.j2 +43 -0
@@ 0,0 1,43 @@
+version: "3.7"
+services:
+ redis:
+ container_name: redis
+ image: "redis:alpine"
+ command: redis-server --save "" --appendonly "no"
+ networks:
+ - searxng
+ tmpfs:
+ - /var/lib/redis
+ cap_drop:
+ - ALL
+ cap_add:
+ - SETGID
+ - SETUID
+ - DAC_OVERRIDE
+
+ searxng:
+ container_name: searxng
+ image: searxng/searxng:latest
+ networks:
+ - searxng
+ ports:
+ - "127.0.0.1:8888:8080"
+ volumes:
+ - ./searxng:/etc/searxng:rw
+ environment:
+ - SEARXNG_SECRET={{ secret_key }}
+ cap_drop:
+ - ALL
+ cap_add:
+ - CHOWN
+ - SETGID
+ - SETUID
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "1m"
+ max-file: "1"
+networks:
+ searxng:
+ ipam:
+ driver: default