From 1a04e81df0cc3ff6d4df4388151adc653df2aa94 Mon Sep 17 00:00:00 2001 From: cuqmbr Date: Wed, 2 Jul 2025 00:08:54 +0300 Subject: [PATCH] change searxng role variable structure --- .../inventories/dev/group_vars/searxng.yml | 172 +++++++++--------- .../roles/forgejo_runner/defaults/main.yml | 2 + ansible/roles/searxng/.ansible-lint-ignore | 1 + ansible/roles/searxng/defaults/main.yml | 82 ++++----- .../searxng/molecule/default/molecule.yml | 2 + ansible/roles/searxng/tasks/main.yml | 74 ++++---- .../roles/searxng/templates/settings.yml.j2 | 2 +- 7 files changed, 162 insertions(+), 173 deletions(-) create mode 100644 ansible/roles/searxng/.ansible-lint-ignore diff --git a/ansible/inventories/dev/group_vars/searxng.yml b/ansible/inventories/dev/group_vars/searxng.yml index 7598498..c15f52c 100644 --- a/ansible/inventories/dev/group_vars/searxng.yml +++ b/ansible/inventories/dev/group_vars/searxng.yml @@ -29,98 +29,90 @@ users: opendoas_settings: "permit nopass ansible" -searxng_homedir: /opt/searxng - -searxng_git_commit: 60be0f453e9e4a5fc48aeb4706e75af0a4047b36 - searxng_settings: - use_default_settings: true - - general: - debug: false - instance_name: "cuqmbr's SearXNG" - donation_url: "https://cuqmbr.xyz/en/donate" - contact_url: "https://cuqmbr.xyz/en/contact" - enable_metrics: true - - search: - safe_search: 0 - autocomplete: "" - formats: - - html - - csv - - json - - server: - base_url: "https://searxng.dev.cuqmbr.xyz" - bind_address: "0.0.0.0" - port: 8888 - secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36303663616233326563336237336164383966613633373735363562346533663933393936643036 - 6237626332643263386530306139383866353739616261650a376236663962643962653335313237 - 38313232363839383030373338643666333135613838366363363565643530336331613464386236 - 3039376137306339310a346139613363303433366362336539316632346232636663346664336334 - 35346366376262316134636262393262386364356336376333383664313637366630376463303232 - 64383765663032616633346231653563613065653961646666346461613732646233363266373065 - 33326563383238613135616431323661373165383431646337653361633065626638313937393361 - 62303634643662313637 - image_proxy: true - method: "POST" - default_http_headers: - X-Content-Type-Options: nosniff - X-Download-Options: noopen - X-Robots-Tag: noindex, nofollow - Referrer-Policy: no-referrer - limiter: true - - redis: - url: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66323631326264383161376136303730353336663065346235313464333237356436356566373233 - 3165633436383130383364303865666534313139666163640a316664653239373464366239343961 - 32653631323337633738626464633662313631636631623538376638656161356434633261383138 - 6163353138343135370a643034343837633534626237656263656138386135303661343837663166 - 38343839373564643964663630616230623962646164313732316631323263666231343931653634 - 66326234333163636331666230656530396262623037316136643534323338633630616134656464 - 36353633633065313666366331316238393134393035346232353462666161653162333632393233 - 62646332393065346434343636636131386136313938653539663865376661303238396563313633 - 38616138343337306233373733636634326334326635386361666662363834366166646337393266 - 34653739623364373135313638643938626635373362343966343664306661363334353061623434 - 36373135616561653133653066336464383737336134626337393261356630616532343233376264 - 62386135356263346562313034386334316532343038366435386564623038343634663033643963 - 62353363643163653763333335386235626666393434343136373832363566323730306134646130 - 37313163613733333835303363363932343264356662633262373661346463653936316162636332 - 33633237656362363938653735313834376537333532343039653038326563633063323965633463 - 37366662313263396637 - - ui: - static_use_hash: true - results_on_new_tab: true - - categories_as_tabs: + homedir: /opt/searxng + git_commit: 39c50dc013944a0a27b4354c23f406956ac45971 + config: + use_default_settings: true general: - images: - videos: - files: - - plugins: - searx.plugins.calculator.SXNGPlugin: - active: true - searx.plugins.hash_plugin.SXNGPlugin: - active: true - searx.plugins.self_info.SXNGPlugin: - active: true - searx.plugins.tracker_url_remover.SXNGPlugin: - active: true - searx.plugins.unit_converter.SXNGPlugin: - active: true - searx.plugins.ahmia_filter.SXNGPlugin: - active: true - searx.plugins.hostnames.SXNGPlugin: - active: true - searx.plugins.tor_check.SXNGPlugin: - active: true + debug: false + instance_name: "cuqmbr's SearXNG" + donation_url: "https://cuqmbr.xyz/en/donate" + contact_url: "https://cuqmbr.xyz/en/contact" + enable_metrics: true + search: + safe_search: 0 + autocomplete: "" + formats: + - html + - csv + - json + server: + base_url: "https://searxng.dev.cuqmbr.xyz" + bind_address: "0.0.0.0" + port: 8888 + secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36303663616233326563336237336164383966613633373735363562346533663933393936643036 + 6237626332643263386530306139383866353739616261650a376236663962643962653335313237 + 38313232363839383030373338643666333135613838366363363565643530336331613464386236 + 3039376137306339310a346139613363303433366362336539316632346232636663346664336334 + 35346366376262316134636262393262386364356336376333383664313637366630376463303232 + 64383765663032616633346231653563613065653961646666346461613732646233363266373065 + 33326563383238613135616431323661373165383431646337653361633065626638313937393361 + 62303634643662313637 + image_proxy: true + method: "POST" + default_http_headers: + X-Content-Type-Options: nosniff + X-Download-Options: noopen + X-Robots-Tag: noindex, nofollow + Referrer-Policy: no-referrer + limiter: true + redis: + url: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66323631326264383161376136303730353336663065346235313464333237356436356566373233 + 3165633436383130383364303865666534313139666163640a316664653239373464366239343961 + 32653631323337633738626464633662313631636631623538376638656161356434633261383138 + 6163353138343135370a643034343837633534626237656263656138386135303661343837663166 + 38343839373564643964663630616230623962646164313732316631323263666231343931653634 + 66326234333163636331666230656530396262623037316136643534323338633630616134656464 + 36353633633065313666366331316238393134393035346232353462666161653162333632393233 + 62646332393065346434343636636131386136313938653539663865376661303238396563313633 + 38616138343337306233373733636634326334326635386361666662363834366166646337393266 + 34653739623364373135313638643938626635373362343966343664306661363334353061623434 + 36373135616561653133653066336464383737336134626337393261356630616532343233376264 + 62386135356263346562313034386334316532343038366435386564623038343634663033643963 + 62353363643163653763333335386235626666393434343136373832363566323730306134646130 + 37313163613733333835303363363932343264356662633262373661346463653936316162636332 + 33633237656362363938653735313834376537333532343039653038326563633063323965633463 + 37366662313263396637 + ui: + static_use_hash: true + results_on_new_tab: true + categories_as_tabs: + general: + images: + videos: + files: + plugins: + searx.plugins.calculator.SXNGPlugin: + active: true + searx.plugins.hash_plugin.SXNGPlugin: + active: true + searx.plugins.self_info.SXNGPlugin: + active: true + searx.plugins.tracker_url_remover.SXNGPlugin: + active: true + searx.plugins.unit_converter.SXNGPlugin: + active: true + searx.plugins.ahmia_filter.SXNGPlugin: + active: true + searx.plugins.hostnames.SXNGPlugin: + active: true + searx.plugins.tor_check.SXNGPlugin: + active: true fluentbit_settings: diff --git a/ansible/roles/forgejo_runner/defaults/main.yml b/ansible/roles/forgejo_runner/defaults/main.yml index a98bf72..5ff3e6e 100644 --- a/ansible/roles/forgejo_runner/defaults/main.yml +++ b/ansible/roles/forgejo_runner/defaults/main.yml @@ -1,5 +1,7 @@ --- +forgejo_runner_settings: + forgejo_runner_default_settings: clean_binaries: false force_register: false diff --git a/ansible/roles/searxng/.ansible-lint-ignore b/ansible/roles/searxng/.ansible-lint-ignore new file mode 100644 index 0000000..3249bf0 --- /dev/null +++ b/ansible/roles/searxng/.ansible-lint-ignore @@ -0,0 +1 @@ +tasks/main.yml no-handler diff --git a/ansible/roles/searxng/defaults/main.yml b/ansible/roles/searxng/defaults/main.yml index 6e4e21b..1aed9d8 100644 --- a/ansible/roles/searxng/defaults/main.yml +++ b/ansible/roles/searxng/defaults/main.yml @@ -1,49 +1,41 @@ --- -searxng_homedir: /opt/searxng - -searxng_git_commit: c185d076894ebbdb5db921c448c240d04915847b - searxng_settings: - # SearXNG settings - use_default_settings: true - - general: - debug: false - instance_name: "cuqmbr's SearXNG" - - search: - safe_search: 2 - autocomplete: 'duckduckgo' - - server: - secret_key: "ultrasecretkey_change_me" - limiter: false - image_proxy: true - # public URL of the instance, to ensure correct inbound links. - # Is overwritten by ${SEARXNG_URL}. - base_url: http://example.com/location - - # redis: - # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}. - # url: unix:///usr/local/searxng-redis/run/redis.sock?db=0 - - ui: - static_use_hash: true - - # preferences: - # lock: - # - autocomplete - # - method - - enabled_plugins: - - 'Hash plugin' - - 'Self Information' - - 'Tracker URL remover' - - 'Ahmia blacklist' - # - 'Hostnames plugin' # see 'hostnames' configuration below - # - 'Open Access DOI rewrite' - - # plugins: - # - only_show_green_results +searxng_default_settings: + homedir: /opt/searxng + git_commit: c185d076894ebbdb5db921c448c240d04915847b + config: + # SearXNG settings + use_default_settings: true + general: + debug: false + instance_name: "cuqmbr's SearXNG" + search: + safe_search: 2 + autocomplete: 'duckduckgo' + server: + secret_key: "ultrasecretkey_change_me" + limiter: false + image_proxy: true + # public URL of the instance, to ensure correct inbound links. + # Is overwritten by ${SEARXNG_URL}. + base_url: http://example.com/location + # redis: + # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}. + # url: unix:///usr/local/searxng-redis/run/redis.sock?db=0 + ui: + static_use_hash: true + # preferences: + # lock: + # - autocomplete + # - method + enabled_plugins: + - 'Hash plugin' + - 'Self Information' + - 'Tracker URL remover' + - 'Ahmia blacklist' + # - 'Hostnames plugin' # see 'hostnames' configuration below + # - 'Open Access DOI rewrite' + # plugins: + # - only_show_green_results diff --git a/ansible/roles/searxng/molecule/default/molecule.yml b/ansible/roles/searxng/molecule/default/molecule.yml index 0327124..b5a91cf 100644 --- a/ansible/roles/searxng/molecule/default/molecule.yml +++ b/ansible/roles/searxng/molecule/default/molecule.yml @@ -10,3 +10,5 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:rw cgroupns_mode: host privileged: true + published_ports: + - 127.0.0.1:80:8888 diff --git a/ansible/roles/searxng/tasks/main.yml b/ansible/roles/searxng/tasks/main.yml index 08c6f84..68375e4 100644 --- a/ansible/roles/searxng/tasks/main.yml +++ b/ansible/roles/searxng/tasks/main.yml @@ -1,5 +1,11 @@ --- +- name: Combine default and user settings, decrypt vault. + ansible.builtin.set_fact: + searxng_settings: "{{ searxng_default_settings | + ansible.builtin.combine(searxng_settings, recursive=true) }}" + no_log: true + - name: Install dependencies. ansible.builtin.apt: name: @@ -23,14 +29,14 @@ password: ! system: true create_home: true - home: "{{ searxng_homedir }}" + home: "{{ searxng_settings.homedir }}" shell: /usr/sbin/nologin - name: Set searxng_source and searxng_pyenv variable. ansible.builtin.set_fact: - searxng_source: "{{ searxng_homedir }}/src" - searxng_pyenv: "{{ searxng_homedir }}/pyenv" - searxng_compiled: "{{ searxng_homedir }}/compiled" + searxng_source: "{{ searxng_settings.homedir }}/src" + searxng_pyenv: "{{ searxng_settings.homedir }}/pyenv" + searxng_compiled: "{{ searxng_settings.homedir }}/compiled" - name: Clone searxng git repository. ansible.builtin.git: @@ -38,7 +44,7 @@ repo: https://github.com/searxng/searxng.git dest: "{{ searxng_source }}" depth: 1 - version: "{{ searxng_git_commit }}" + version: "{{ searxng_settings.git_commit }}" force: true single_branch: true register: git_clone_result @@ -54,35 +60,35 @@ - pyyaml state: present -- name: Remove searxng settings file. - ansible.builtin.file: - path: /etc/searxng/settings.yml - state: absent - when: git_clone_result.changed - - name: Compile searxng. - ansible.builtin.pip: - virtualenv: "{{ searxng_pyenv }}" - requirements: "{{ searxng_source }}/requirements.txt" - extra_args: "--use-pep517 --no-build-isolation \ - -e {{ searxng_source }}" - state: present + when: git_clone_result.changed + block: + - name: Remove searxng settings file. + ansible.builtin.file: + path: /etc/searxng/settings.yml + state: absent -- name: Remove old program files. - ansible.builtin.file: - path: "{{ searxng_compiled }}" - state: absent - changed_when: false + - name: Compile searxng. + ansible.builtin.pip: + virtualenv: "{{ searxng_pyenv }}" + requirements: "{{ searxng_source }}/requirements.txt" + extra_args: "--use-pep517 --no-build-isolation \ + -e {{ searxng_source }}" + state: present -- name: Install new program files. - ansible.builtin.copy: - remote_src: true - src: "{{ searxng_source }}/" - dest: "{{ searxng_compiled }}" - owner: searxng - group: searxng - mode: "0775" - changed_when: false + - name: Remove old program files. + ansible.builtin.file: + path: "{{ searxng_compiled }}" + state: absent + + - name: Install new program files. + ansible.builtin.copy: + remote_src: true + src: "{{ searxng_source }}/" + dest: "{{ searxng_compiled }}" + owner: searxng + group: searxng + mode: "0775" - name: Create searxng settings directory. ansible.builtin.file: @@ -92,12 +98,6 @@ mode: "0775" path: /etc/searxng -- name: Decrypt secrets in settings file. - ansible.builtin.set_fact: - searxng_settings: >- - {{ searxng_settings | combine(searxng_settings, recursive=true) }} - no_log: true - - name: Install searxng settings file. ansible.builtin.template: src: settings.yml.j2 diff --git a/ansible/roles/searxng/templates/settings.yml.j2 b/ansible/roles/searxng/templates/settings.yml.j2 index fdb81c4..5d6d1d1 100644 --- a/ansible/roles/searxng/templates/settings.yml.j2 +++ b/ansible/roles/searxng/templates/settings.yml.j2 @@ -1,4 +1,4 @@ --- # Managed with Ansible -{{ searxng_settings | ansible.builtin.to_nice_yaml(indent=2, width=80) }} +{{ searxng_settings.config | ansible.builtin.to_nice_yaml(indent=2, width=80) }}