initial commit

This commit is contained in:
surtur 2022-08-20 00:37:43 +02:00
commit f43a58f9ed
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
9 changed files with 365 additions and 0 deletions

1
.gitattributes vendored Normal file

@ -0,0 +1 @@
*.service linguist-language=systemd

12
.yamllint Normal file

@ -0,0 +1,12 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
line-length:
level: warning
# vim: ft=yaml bs=2 ts=2
...

14
LICENSE Normal file

@ -0,0 +1,14 @@
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2022 dotya.ml authors
Everyone is permitted to copy and distribute verbatim or modified copies of
this license document, and changing it is allowed as long as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.

9
README.md Normal file

@ -0,0 +1,9 @@
# [searxng](https://git.dotya.ml/dotya.ml/searxng)
this repo holds configs of [dotya.ml's SearxNG instance](https://searxng.dotya.ml/).
see what engines are configured in the ENGINES tab of
[preferences](https://searxng.dotya.ml/searxng/preferences).
### LICENSE
WTFPLv2, see [LICENSE](LICENSE) for details

@ -0,0 +1,59 @@
---
version: '3.7'
services:
redis:
image: docker.io/library/redis:alpine
restart: always
labels: [traefik.enable=false]
command: redis-server --save "" --appendonly "no"
networks:
- searxng
# tmpfs:
# - /var/lib/redis
volumes:
- /var/lib/searxng/redis:/var/lib/redis
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
searxng:
image: docker.io/searxng/searxng:2022.08.19-6f28a69f
restart: always
labels: [traefik.enable=false]
networks:
- searxng
ports:
- 127.0.0.1:8480:8080
volumes:
- /etc/searxng/searxng:/etc/searxng:rw
env_file:
- /etc/searxng/searxng.env
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
healthcheck:
# DON'T
# test:i "/usr/bin/wget -q -Y off http://localhost:8080/about -O /dev/null > /dev/null 2>&1"
# DO:
test: "/usr/bin/wget -q -Y off http://localhost:8080/about -O /dev/null 2>&-"
interval: 10s
retries: 20
networks:
searxng:
ipam:
driver: default
...

3
etc/searxng/searxng.env Normal file

@ -0,0 +1,3 @@
SEARXNG_HOSTNAME=https://searxng.dotya.ml
BASE_URL=https://searxng.dotya.ml/
INSTANCE_NAME="dotya.ml's SearXNG"

@ -0,0 +1,171 @@
---
# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings
use_default_settings: true
general:
debug: false
instance_name: "dotya.ml's SearXNG"
# keep stats on what engines are being used and their performance.
enable_metrics: true
contact_url: https://dotya.ml/contact/
search:
safe_search: 0
autocomplete: 'google'
autocomplete_min: 2
formats:
- html
- csv
- json
- rss
server:
base_url: https://searxng.dotya.ml/
method: "GET"
http_protocol_version: "1.1"
default_http_headers:
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Robots-Tag: noindex, nofollow
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
secret_key: "secretplsofcourseichangedit"
limiter: true # can be disabled for a private instance, blocks some bots
image_proxy: true
brand:
issue_url: https://git.dotya.ml/dotya.ml/searxng/issues
ui:
static_use_hash: true
results_on_new_tab: true
infinite_scroll: false
query_in_title: false
default_theme: simple
theme_args:
simple_style: dark
preferences:
lock:
- method
- query_in_title
redis:
url: redis://redis:6379/0
outgoing:
enable_http2: true
# default timeout in seconds, can be overriden by engine
request_timeout: 1.0
max_request_timeout: 2.5 # the maximum timeout in seconds
useragent_suffix: ""
# Maximum number of allowable connections, or null for no limits.
# The default is 100.
pool_connections: 1024
# Number of allowable keep-alive connections, or null to always allow.
# The default is 10.
pool_maxsize: 64
engines:
- name: google
use_mobile_ui: true
shortcut: g
- name: google sk
engine: google
use_mobile_ui: true
language: sk
shortcut: gsk
disabled: true
- name: google de
engine: google
use_mobile_ui: true
language: de
shortcut: gde
disabled: true
- name: arch linux wiki
engine: archlinux
shortcut: aw
- name: fdroid
disabled: false
- name: ddg definitions
disabled: false
- name: lingva
disabled: false
- name: lib.rs
disabled: false
- name: sourcehut
disabled: false
- name: github
disabled: false
- name: codeberg
disabled: false
- name: lobste.rs
disabled: false
- name: stackoverflow
engine: stackoverflow
shortcut: so
- name: searchcode code
disabled: false
- name: tineye
timeout: 4.0
- name: soundcloud
timeout: 3.0
- name: youtube
timeout: 3.0
- name: bandcamp
timeout: 3.0
- name: google news
timeout: 3.0
# disabled
- name: brave
disabled: true
# needs a token
- name: deviantart
disabled: true
- name: artic
disabled: true
- name: mymemory translated
disabled: true
- name: wordnik
disabled: true
- name: btdigg
disabled: true
- name: solidtorrents
disabled: true
- name: vimeo
disabled: true
- name: google videos
disabled: true
- name: openairedatasets
disabled: true
- name: openairepublications
disabled: true
- name: library of congress
disabled: true
- name: dictzone
disabled: true
- name: genius
disabled: true
categories_as_tabs:
general:
images:
videos:
news:
map:
music:
it:
science:
files:
social media:
enabled_plugins:
- 'Hash plugin'
- 'Search on category select'
- 'Self Informations'
- 'Tracker URL remover'
- 'Ahmia blacklist'
- 'Infinite scroll'
- 'Results on new tabs'
- 'Open Access DOI rewrite'
- 'Vim-like hotkeys'

@ -0,0 +1,49 @@
[uwsgi]
# Who will run the code
uid = searxng
gid = searxng
# Number of workers (usually CPU count)
workers = %k
threads = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python3
lazy-apps = true
enable-threads = true
# Module to import
module = searx.webapp
# Virtualenv and python path
pythonpath = /usr/local/searxng/
chdir = /usr/local/searxng/searx/
# automatically set processes name to something meaningful
auto-procname = true
# Disable request logging for privacy
disable-logging = true
log-5xx = true
# Set the max size of a request (request-body excluded)
buffer-size = 8192
# No keep alive
# See https://github.com/searx/searx-docker/issues/24
add-header = Connection: close
# uwsgi serves the static files
# expires set to one year since there are hashes
static-map = /static=/usr/local/searxng/searx/static
static-expires = /* 31557600
static-gzip-all = True
offload-threads = %k
# Cache
cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1

@ -0,0 +1,47 @@
[Unit]
Description=SearXNG service
Requires=docker.service nginx.service
Upholds=docker.service nginx.service
After=docker.service nginx.service
[Service]
Restart=on-failure
Environment=SEARXNG_DOCKERCOMPOSEFILE=/etc/searxng/docker-compose.yml
; WorkingDirectory=/var/lib/searxng
WorkingDirectory=/etc/searxng/searxng
Restart=always
RestartSec=7
ExecStartPre=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} down
ExecStart=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
ExecStop=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} down
SystemCallFilter=~memfd_create @reboot @swap @cpu-emulation @debug @module @clock @raw-io @obsolete
ProtectProc=invisible
ProcSubset=pid
ProtectHome=true
; RestrictNamespaces=uts ipc pid user cgroup
RestrictNamespaces=true
NoNewPrivileges=true
#SecureBits=noroot-locked
ProtectSystem=strict
PrivateTmp=true
DevicePolicy=closed
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target