add redis support to searxng role
valkey container is created but the software must be installed manually
This commit is contained in:
parent
c5ce4faae6
commit
5ad54f4cac
GPG Key ID:
0AA446880C766199
3
README.md
Normal file
3
README.md
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
### Todo
|
||||||
|
|
||||||
|
- Create role for installing and configuring Valkey
|
||||||
@ -48,7 +48,9 @@ nginx_settings:
|
|||||||
names:
|
names:
|
||||||
- searxng.dev.cuqmbr.xyz
|
- searxng.dev.cuqmbr.xyz
|
||||||
- searxng.dev.cuqmbr.home
|
- searxng.dev.cuqmbr.home
|
||||||
# - upstream:
|
statements:
|
||||||
|
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
|
||||||
|
- proxy_set_header X-Real-IP $remote_addr
|
||||||
# name: prometheus
|
# name: prometheus
|
||||||
# servers:
|
# servers:
|
||||||
# - 192.168.0.252:9090
|
# - 192.168.0.252:9090
|
||||||
|
|||||||
@ -25,7 +25,7 @@ users:
|
|||||||
|
|
||||||
searxng_homedir: /opt/searxng
|
searxng_homedir: /opt/searxng
|
||||||
|
|
||||||
searxng_git_commit: e52e9bb4b699e39d9ce51874ea339d4773717389
|
searxng_git_commit: 60be0f453e9e4a5fc48aeb4706e75af0a4047b36
|
||||||
|
|
||||||
searxng_settings:
|
searxng_settings:
|
||||||
use_default_settings: true
|
use_default_settings: true
|
||||||
@ -66,7 +66,27 @@ searxng_settings:
|
|||||||
X-Download-Options: noopen
|
X-Download-Options: noopen
|
||||||
X-Robots-Tag: noindex, nofollow
|
X-Robots-Tag: noindex, nofollow
|
||||||
Referrer-Policy: no-referrer
|
Referrer-Policy: no-referrer
|
||||||
limiter: false
|
limiter: true
|
||||||
|
|
||||||
|
redis:
|
||||||
|
url: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
66323631326264383161376136303730353336663065346235313464333237356436356566373233
|
||||||
|
3165633436383130383364303865666534313139666163640a316664653239373464366239343961
|
||||||
|
32653631323337633738626464633662313631636631623538376638656161356434633261383138
|
||||||
|
6163353138343135370a643034343837633534626237656263656138386135303661343837663166
|
||||||
|
38343839373564643964663630616230623962646164313732316631323263666231343931653634
|
||||||
|
66326234333163636331666230656530396262623037316136643534323338633630616134656464
|
||||||
|
36353633633065313666366331316238393134393035346232353462666161653162333632393233
|
||||||
|
62646332393065346434343636636131386136313938653539663865376661303238396563313633
|
||||||
|
38616138343337306233373733636634326334326635386361666662363834366166646337393266
|
||||||
|
34653739623364373135313638643938626635373362343966343664306661363334353061623434
|
||||||
|
36373135616561653133653066336464383737336134626337393261356630616532343233376264
|
||||||
|
62386135356263346562313034386334316532343038366435386564623038343634663033643963
|
||||||
|
62353363643163653763333335386235626666393434343136373832363566323730306134646130
|
||||||
|
37313163613733333835303363363932343264356662633262373661346463653936316162636332
|
||||||
|
33633237656362363938653735313834376537333532343039653038326563633063323965633463
|
||||||
|
37366662313263396637
|
||||||
|
|
||||||
ui:
|
ui:
|
||||||
static_use_hash: true
|
static_use_hash: true
|
||||||
|
|||||||
@ -41,6 +41,7 @@
|
|||||||
version: "{{ searxng_git_commit }}"
|
version: "{{ searxng_git_commit }}"
|
||||||
force: true
|
force: true
|
||||||
single_branch: true
|
single_branch: true
|
||||||
|
register: git_clone_result
|
||||||
|
|
||||||
- name: Install pip dependencies.
|
- name: Install pip dependencies.
|
||||||
ansible.builtin.pip:
|
ansible.builtin.pip:
|
||||||
@ -53,6 +54,12 @@
|
|||||||
- pyyaml
|
- pyyaml
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Remove searxng settings file.
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/searxng/settings.yml
|
||||||
|
state: absent
|
||||||
|
when: git_clone_result.changed
|
||||||
|
|
||||||
- name: Compile searxng.
|
- name: Compile searxng.
|
||||||
ansible.builtin.pip:
|
ansible.builtin.pip:
|
||||||
virtualenv: "{{ searxng_pyenv }}"
|
virtualenv: "{{ searxng_pyenv }}"
|
||||||
|
|||||||
@ -33,3 +33,19 @@ resource "proxmox_virtual_environment_firewall_ipset" "dev_loggers" {
|
|||||||
comment = "searxng"
|
comment = "searxng"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "proxmox_virtual_environment_firewall_ipset" "dev_valkey_clients" {
|
||||||
|
|
||||||
|
name = "valkey_clients"
|
||||||
|
comment = "Nodes that can connect to valkey Node."
|
||||||
|
|
||||||
|
cidr {
|
||||||
|
name = "192.168.0.15"
|
||||||
|
comment = "searxng"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "dev_valkey_clients_ipset" {
|
||||||
|
value = proxmox_virtual_environment_firewall_ipset.dev_valkey_clients
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|||||||
109
terraform/dev/valkey.tf
Normal file
109
terraform/dev/valkey.tf
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
resource "proxmox_virtual_environment_container" "valkey" {
|
||||||
|
node_name = "pve"
|
||||||
|
|
||||||
|
vm_id = 1040
|
||||||
|
|
||||||
|
tags = ["dev", "database", "cache"]
|
||||||
|
|
||||||
|
unprivileged = true
|
||||||
|
|
||||||
|
cpu {
|
||||||
|
cores = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
memory {
|
||||||
|
dedicated = 512
|
||||||
|
}
|
||||||
|
|
||||||
|
disk {
|
||||||
|
datastore_id = var.datastore_id
|
||||||
|
size = 4
|
||||||
|
}
|
||||||
|
|
||||||
|
network_interface {
|
||||||
|
bridge = var.internal_network_bridge_name
|
||||||
|
name = "eth-dev"
|
||||||
|
firewall = true
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
||||||
|
initialization {
|
||||||
|
hostname = "valkey"
|
||||||
|
ip_config {
|
||||||
|
ipv4 {
|
||||||
|
address = "192.168.0.4/24"
|
||||||
|
gateway = "192.168.0.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
user_account {
|
||||||
|
keys = [var.ssh_public_key]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
operating_system {
|
||||||
|
template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
|
||||||
|
type = "debian"
|
||||||
|
}
|
||||||
|
|
||||||
|
started = true
|
||||||
|
|
||||||
|
startup {
|
||||||
|
order = 100
|
||||||
|
up_delay = 0
|
||||||
|
down_delay = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
features {
|
||||||
|
nesting = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "proxmox_virtual_environment_firewall_options" "valkey" {
|
||||||
|
depends_on = [proxmox_virtual_environment_container.valkey]
|
||||||
|
|
||||||
|
node_name = proxmox_virtual_environment_container.valkey.node_name
|
||||||
|
vm_id = proxmox_virtual_environment_container.valkey.vm_id
|
||||||
|
|
||||||
|
enabled = true
|
||||||
|
dhcp = true
|
||||||
|
input_policy = "DROP"
|
||||||
|
output_policy = "ACCEPT"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "proxmox_virtual_environment_firewall_rules" "valkey" {
|
||||||
|
depends_on = [proxmox_virtual_environment_container.valkey]
|
||||||
|
|
||||||
|
node_name = proxmox_virtual_environment_container.valkey.node_name
|
||||||
|
vm_id = proxmox_virtual_environment_container.valkey.vm_id
|
||||||
|
|
||||||
|
rule {
|
||||||
|
type = "in"
|
||||||
|
source = split("/", data.terraform_remote_state.common.outputs.bastion_ct.initialization[0].ip_config[1].ipv4[0].address)[0]
|
||||||
|
proto = "tcp"
|
||||||
|
dport = "22"
|
||||||
|
action = "ACCEPT"
|
||||||
|
comment = "SSH from Bastion."
|
||||||
|
}
|
||||||
|
|
||||||
|
rule {
|
||||||
|
type = "in"
|
||||||
|
proto = "icmp"
|
||||||
|
dport = "8"
|
||||||
|
action = "ACCEPT"
|
||||||
|
comment = "Ping."
|
||||||
|
}
|
||||||
|
|
||||||
|
rule {
|
||||||
|
security_group = data.terraform_remote_state.common.outputs.prometheus_node_exporter_sg.name
|
||||||
|
comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node."
|
||||||
|
}
|
||||||
|
|
||||||
|
rule {
|
||||||
|
type = "in"
|
||||||
|
source = "+${data.terraform_remote_state.common.outputs.dev_valkey_clients_ipset.name}"
|
||||||
|
proto = "tcp"
|
||||||
|
dport = "6379"
|
||||||
|
action = "ACCEPT"
|
||||||
|
comment = "Access valkey from client nodes."
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user