gmoker/searxng
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
ange 2024-05-01 10:36:34 +02:00
commit 6e5f3434bd
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
14 changed files with 2623 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env Normal file
View File

@ -0,0 +1 @@
IMAGEAPP=docker.io/searxng/searxng:2024.4.29-c0b6c26ee

18
.gitea/workflows/deploy.yaml Normal file
View File

@ -0,0 +1,18 @@
on: push
jobs:
build:
name: test
runs-on: debian
steps:
- uses: actions/checkout@v1
- name: setup env
run: |
cat <<EOF >> .env
BASE_URL="${{ gitea.ref_name }}.$(tr / '\n' <<< "${{ gitea.repository }}" | tac | tr '\n' .)k8s.gmoker.com"
EOF
cat .env
- uses: actions/k8sdeploy@v1
with:
kubeconfig: "${{ secrets.K8S }}"

1
README.md Normal file
View File

@ -0,0 +1 @@
# SearXNG

18
compose.yaml Normal file
View File

@ -0,0 +1,18 @@
---
services:
redis:
image: docker.io/redis:latest
restart: unless-stopped
tmpfs:
- /data/
app:
image: "$IMAGEAPP"
restart: unless-stopped
ports:
- "8080:8080"
environment:
- SEARXNG_SECRET=secret
volumes:
- ./limiter.toml:/etc/searxng/limiter.toml:ro
- ./settings.yml:/etc/searxng/settings.yml:ro

13
diff.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash -e
. ./.env
DOCKER_API='https://hub.docker.com/v2/namespaces/searxng/repositories/searxng'
REPO='https://github.com/searxng/searxng/raw'
new_tag="$(curl -L "$DOCKER_API/tags" | jq -r '.results[3].name')"
new_commit="$(grep -Eo '\w+$' <<< "$new_tag")"
$EDITOR -d -c "wincmd l" -- "$REPO/$new_commit/searx/settings.yml" settings.yml
sed -i "/^IMAGEAPP=/s/:.*/:$new_tag/" .env

40
limiter.toml Normal file
View File

@ -0,0 +1,40 @@
[real_ip]
# Number of values to trust for X-Forwarded-For.
x_for = 1
# The prefix defines the number of leading bits in an address that are compared
# to determine whether or not an address is part of a (client) network.
ipv4_prefix = 32
ipv6_prefix = 48
[botdetection.ip_limit]
# To get unlimited access in a local network, by default link-lokal addresses
# (networks) are not monitored by the ip_limit
filter_link_local = false
# activate link_token method in the ip_limit method
link_token = false
[botdetection.ip_lists]
# In the limiter, the ip_lists method has priority over all other methods -> if
# an IP is in the pass_ip list, it has unrestricted access and it is also not
# checked if e.g. the "user agent" suggests a bot (e.g. curl).
block_ip = [
# '93.184.216.34', # IPv4 of example.org
# '257.1.1.1', # invalid IP --> will be ignored, logged in ERROR class
]
pass_ip = [
# '192.168.0.0/16', # IPv4 private network
# 'fe80::/10' # IPv6 linklocal / wins over botdetection.ip_limit.filter_link_local
]
# Activate passlist of (hardcoded) IPs from the SearXNG organization,
# e.g. `check.searx.space`.
pass_searxng_org = true

42
manifests/bin/deploy.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash -e
set -o pipefail
function kapply() {
for f in "$@"; do
kubectl apply -f \
<(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
done
}
function kcreatesec() {
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kcreatecm() {
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}
function kgseckey() {
local sec="$1"; shift
local key="$1"; shift
kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
}
function kgcmkey() {
local cm="$1"; shift
local key="$1"; shift
kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
}
kcreatesec searxng-secrets \
--from-literal=SEARXNG_SECRET="$(kgseckey searxng-secrets SEARXNG_SECRET || openssl rand -hex 32)"
kcreatecm searxng-settings --from-file=settings.yml
kcreatecm searxng-limiter --from-file=limiter.toml
kapply common/redis.yaml common/app.yaml
kubectl rollout restart deployment app

5
manifests/bin/devel.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash -e
export NB_REPLICAS=1
. ./manifests/bin/deploy.sh

5
manifests/bin/prod.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash -e
export NB_REPLICAS=3
. ./manifests/bin/deploy.sh

82
manifests/common/app.yaml Normal file
View File

@ -0,0 +1,82 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- secretName: tls-app
hosts:
- "$BASE_URL"
rules:
- host: "$BASE_URL"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app
port:
name: http
---
apiVersion: v1
kind: Service
metadata:
name: app
labels:
app: app
spec:
selector:
app: app
ports:
- name: http
port: 80
targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: app
spec:
replicas: $NB_REPLICAS
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
imagePullSecrets:
- name: regcred
containers:
- name: app
image: "$IMAGEAPP"
ports:
- name: http
containerPort: 8080
envFrom:
- secretRef:
name: searxng-secrets
volumeMounts:
- name: limiter
mountPath: /etc/searxng/limiter.toml
subPath: limiter.toml
readOnly: true
- name: settings
mountPath: /etc/searxng/settings.yml
subPath: settings.yml
readOnly: true
volumes:
- name: settings
configMap:
name: searxng-settings
- name: limiter
configMap:
name: searxng-limiter

42
manifests/common/redis.yaml Normal file
View File

@ -0,0 +1,42 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
labels:
app: redis
spec:
selector:
app: redis
ports:
- name: redis
port: 6379
targetPort: redis
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
spec:
selector:
matchLabels:
app: redis
serviceName: redis
replicas: $NB_REPLICAS
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: docker.io/redis:latest
ports:
- name: redis
containerPort: 6379
volumeMounts:
- name: data
mountPath: /data/
volumes:
- name: data
emptyDir: {}

0
manifests/devel/.gitkeep Normal file
View File

0
manifests/prod/.gitkeep Normal file
View File

2356
settings.yml Normal file
View File

File diff suppressed because it is too large Load Diff