From f43a58f9ed92ee72b3feea044835a0365261be82 Mon Sep 17 00:00:00 2001 From: surtur Date: Sat, 20 Aug 2022 00:37:43 +0200 Subject: [PATCH] initial commit --- .gitattributes | 1 + .yamllint | 12 ++ LICENSE | 14 +++ README.md | 9 ++ etc/searxng/docker-compose.yml | 59 ++++++++++ etc/searxng/searxng.env | 3 + etc/searxng/searxng/settings.yml | 171 +++++++++++++++++++++++++++++ etc/searxng/searxng/uwsgi.ini | 49 +++++++++ etc/systemd/system/searxng.service | 47 ++++++++ 9 files changed, 365 insertions(+) create mode 100644 .gitattributes create mode 100644 .yamllint create mode 100644 LICENSE create mode 100644 README.md create mode 100644 etc/searxng/docker-compose.yml create mode 100644 etc/searxng/searxng.env create mode 100644 etc/searxng/searxng/settings.yml create mode 100644 etc/searxng/searxng/uwsgi.ini create mode 100644 etc/systemd/system/searxng.service diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..98b3954 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.service linguist-language=systemd diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..05e4822 --- /dev/null +++ b/.yamllint @@ -0,0 +1,12 @@ +--- +yaml-files: + - '*.yaml' + - '*.yml' + - '.yamllint' + +rules: + line-length: + level: warning + +# vim: ft=yaml bs=2 ts=2 +... diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2fc469c --- /dev/null +++ b/LICENSE @@ -0,0 +1,14 @@ +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + +Version 2, December 2004 + +Copyright (C) 2022 dotya.ml authors + +Everyone is permitted to copy and distribute verbatim or modified copies of +this license document, and changing it is allowed as long as the name is changed. + +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md new file mode 100644 index 0000000..419bb11 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# [searxng](https://git.dotya.ml/dotya.ml/searxng) + +this repo holds configs of [dotya.ml's SearxNG instance](https://searxng.dotya.ml/). + +see what engines are configured in the ENGINES tab of +[preferences](https://searxng.dotya.ml/searxng/preferences). + +### LICENSE +WTFPLv2, see [LICENSE](LICENSE) for details diff --git a/etc/searxng/docker-compose.yml b/etc/searxng/docker-compose.yml new file mode 100644 index 0000000..42d9f12 --- /dev/null +++ b/etc/searxng/docker-compose.yml @@ -0,0 +1,59 @@ +--- +version: '3.7' + +services: + redis: + image: docker.io/library/redis:alpine + restart: always + labels: [traefik.enable=false] + command: redis-server --save "" --appendonly "no" + networks: + - searxng + # tmpfs: + # - /var/lib/redis + volumes: + - /var/lib/searxng/redis:/var/lib/redis + cap_drop: + - ALL + cap_add: + - SETGID + - SETUID + - DAC_OVERRIDE + + searxng: + image: docker.io/searxng/searxng:2022.08.19-6f28a69f + restart: always + labels: [traefik.enable=false] + networks: + - searxng + ports: + - 127.0.0.1:8480:8080 + volumes: + - /etc/searxng/searxng:/etc/searxng:rw + env_file: + - /etc/searxng/searxng.env + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - DAC_OVERRIDE + logging: + driver: "json-file" + options: + max-size: "1m" + max-file: "1" + healthcheck: + # DON'T + # test:i "/usr/bin/wget -q -Y off http://localhost:8080/about -O /dev/null > /dev/null 2>&1" + # DO: + test: "/usr/bin/wget -q -Y off http://localhost:8080/about -O /dev/null 2>&-" + interval: 10s + retries: 20 + +networks: + searxng: + ipam: + driver: default +... diff --git a/etc/searxng/searxng.env b/etc/searxng/searxng.env new file mode 100644 index 0000000..c4cbb4f --- /dev/null +++ b/etc/searxng/searxng.env @@ -0,0 +1,3 @@ +SEARXNG_HOSTNAME=https://searxng.dotya.ml +BASE_URL=https://searxng.dotya.ml/ +INSTANCE_NAME="dotya.ml's SearXNG" diff --git a/etc/searxng/searxng/settings.yml b/etc/searxng/searxng/settings.yml new file mode 100644 index 0000000..fd678f0 --- /dev/null +++ b/etc/searxng/searxng/settings.yml @@ -0,0 +1,171 @@ +--- +# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings +use_default_settings: true + +general: + debug: false + instance_name: "dotya.ml's SearXNG" + # keep stats on what engines are being used and their performance. + enable_metrics: true + contact_url: https://dotya.ml/contact/ + +search: + safe_search: 0 + autocomplete: 'google' + autocomplete_min: 2 + formats: + - html + - csv + - json + - rss + +server: + base_url: https://searxng.dotya.ml/ + method: "GET" + http_protocol_version: "1.1" + default_http_headers: + X-Content-Type-Options: nosniff + X-XSS-Protection: 1; mode=block + X-Download-Options: noopen + X-Robots-Tag: noindex, nofollow + Referrer-Policy: no-referrer, strict-origin-when-cross-origin + secret_key: "secretplsofcourseichangedit" + limiter: true # can be disabled for a private instance, blocks some bots + image_proxy: true + +brand: + issue_url: https://git.dotya.ml/dotya.ml/searxng/issues + +ui: + static_use_hash: true + results_on_new_tab: true + infinite_scroll: false + query_in_title: false + default_theme: simple + theme_args: + simple_style: dark + +preferences: + lock: + - method + - query_in_title + +redis: + url: redis://redis:6379/0 + +outgoing: + enable_http2: true + # default timeout in seconds, can be overriden by engine + request_timeout: 1.0 + max_request_timeout: 2.5 # the maximum timeout in seconds + useragent_suffix: "" + # Maximum number of allowable connections, or null for no limits. + # The default is 100. + pool_connections: 1024 + # Number of allowable keep-alive connections, or null to always allow. + # The default is 10. + pool_maxsize: 64 + +engines: + - name: google + use_mobile_ui: true + shortcut: g + - name: google sk + engine: google + use_mobile_ui: true + language: sk + shortcut: gsk + disabled: true + - name: google de + engine: google + use_mobile_ui: true + language: de + shortcut: gde + disabled: true + - name: arch linux wiki + engine: archlinux + shortcut: aw + - name: fdroid + disabled: false + - name: ddg definitions + disabled: false + - name: lingva + disabled: false + - name: lib.rs + disabled: false + - name: sourcehut + disabled: false + - name: github + disabled: false + - name: codeberg + disabled: false + - name: lobste.rs + disabled: false + - name: stackoverflow + engine: stackoverflow + shortcut: so + - name: searchcode code + disabled: false + - name: tineye + timeout: 4.0 + - name: soundcloud + timeout: 3.0 + - name: youtube + timeout: 3.0 + - name: bandcamp + timeout: 3.0 + - name: google news + timeout: 3.0 + # disabled + - name: brave + disabled: true + # needs a token + - name: deviantart + disabled: true + - name: artic + disabled: true + - name: mymemory translated + disabled: true + - name: wordnik + disabled: true + - name: btdigg + disabled: true + - name: solidtorrents + disabled: true + - name: vimeo + disabled: true + - name: google videos + disabled: true + - name: openairedatasets + disabled: true + - name: openairepublications + disabled: true + - name: library of congress + disabled: true + - name: dictzone + disabled: true + - name: genius + disabled: true + +categories_as_tabs: + general: + images: + videos: + news: + map: + music: + it: + science: + files: + social media: + +enabled_plugins: + - 'Hash plugin' + - 'Search on category select' + - 'Self Informations' + - 'Tracker URL remover' + - 'Ahmia blacklist' + - 'Infinite scroll' + - 'Results on new tabs' + - 'Open Access DOI rewrite' + - 'Vim-like hotkeys' diff --git a/etc/searxng/searxng/uwsgi.ini b/etc/searxng/searxng/uwsgi.ini new file mode 100644 index 0000000..7574799 --- /dev/null +++ b/etc/searxng/searxng/uwsgi.ini @@ -0,0 +1,49 @@ +[uwsgi] +# Who will run the code +uid = searxng +gid = searxng + +# Number of workers (usually CPU count) +workers = %k +threads = 4 + +# The right granted on the created socket +chmod-socket = 666 + +# Plugin to use and interpretor config +single-interpreter = true +master = true +plugin = python3 +lazy-apps = true +enable-threads = true + +# Module to import +module = searx.webapp + +# Virtualenv and python path +pythonpath = /usr/local/searxng/ +chdir = /usr/local/searxng/searx/ + +# automatically set processes name to something meaningful +auto-procname = true + +# Disable request logging for privacy +disable-logging = true +log-5xx = true + +# Set the max size of a request (request-body excluded) +buffer-size = 8192 + +# No keep alive +# See https://github.com/searx/searx-docker/issues/24 +add-header = Connection: close + +# uwsgi serves the static files +# expires set to one year since there are hashes +static-map = /static=/usr/local/searxng/searx/static +static-expires = /* 31557600 +static-gzip-all = True +offload-threads = %k + +# Cache +cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1 diff --git a/etc/systemd/system/searxng.service b/etc/systemd/system/searxng.service new file mode 100644 index 0000000..61b4725 --- /dev/null +++ b/etc/systemd/system/searxng.service @@ -0,0 +1,47 @@ +[Unit] +Description=SearXNG service +Requires=docker.service nginx.service +Upholds=docker.service nginx.service +After=docker.service nginx.service + +[Service] +Restart=on-failure + +Environment=SEARXNG_DOCKERCOMPOSEFILE=/etc/searxng/docker-compose.yml + +; WorkingDirectory=/var/lib/searxng +WorkingDirectory=/etc/searxng/searxng +Restart=always +RestartSec=7 +ExecStartPre=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} down +ExecStart=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans +ExecStop=/usr/bin/docker-compose -p searxng -f ${SEARXNG_DOCKERCOMPOSEFILE} down + +SystemCallFilter=~memfd_create @reboot @swap @cpu-emulation @debug @module @clock @raw-io @obsolete +ProtectProc=invisible +ProcSubset=pid +ProtectHome=true +; RestrictNamespaces=uts ipc pid user cgroup +RestrictNamespaces=true +NoNewPrivileges=true +#SecureBits=noroot-locked +ProtectSystem=strict +PrivateTmp=true +DevicePolicy=closed +PrivateDevices=true +PrivateUsers=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +LockPersonality=true +MemoryDenyWriteExecute=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictRealtime=true +RestrictSUIDSGID=true +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target