Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/containers/searxng/tasks
1 files changed, 170 insertions, 0 deletions
diff --git a/roles/services/containers/searxng/tasks/main.yml b/roles/services/containers/searxng/tasks/main.yml
new file mode 100644
index 0000000..fa7609c
--- /dev/null
+++ b/roles/services/containers/searxng/tasks/main.yml
@@ -0,0 +1,170 @@
+- name: set image fact
+  set_fact:
+    image: "searxng/searxng:2023.6.16-71b6ff07"
+- name: set other facts
+  vars:
+    array: "{{ image.split('/', 1) }}"
+  set_fact:
+    repo_tag: "{{ array.1 }}"
+    custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
+- name: create searxng directory
+  file:
+    path: "{{ docker_home }}/searxng"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+- name: login to docker registry
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_login:
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    registry_url: "{{ docker_registry_url }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+- name: get searxng image
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_image:
+    source: pull
+    force_source: yes
+    name: "{{ image }}"
+    repository: "{{ custom_registry }}/{{ repo_tag }}"
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    push: yes
+- name: create searxng config directory
+  file:
+    path: "{{ docker_home }}/searxng/config"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+- name: create redis_searxng directory
+  file:
+    path: "{{ docker_home }}/redis_searxng"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+- name: create redis_searxng data directory
+  file:
+    path: "{{ docker_home }}/redis_searxng/data"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+- name: place searxng config in proper location
+  copy:
+    src: "{{ searxng_config }}"
+    dest: "{{ docker_home }}/searxng/config/settings.yml"
+    owner: root
+    group: docker
+    mode: '0644'
+- name: place uwsgi config
+  copy:
+    src: "{{ searxng_uwsgi_config }}"
+    dest: "{{ docker_home }}/searxng/config/uwsgi.ini"
+    owner: root
+    group: docker
+    mode: '0644'
+- name: create searxng docker network
+  docker_network:
+    name: "{{ searxng_network_name }}"
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    driver: bridge
+    ipam_config:
+      - subnet: "{{ searxng_subnet }}"
+        gateway: "{{ searxng_gateway }}"
+- name: create and deploy searxng container
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_container:
+    name: "searxng"
+    image: "{{ custom_registry }}/{{ repo_tag }}"
+    pull: yes
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    purge_networks: yes
+    networks:
+      - name: "{{ searxng_network_name }}"
+        ipv4_address: "{{ searxng_ipv4 }}"
+    ports:
+      - "127.0.0.1:8080:8080"
+    volumes:
+      - "{{ docker_home }}/searxng/config:/etc/searxng"
+    env:
+      SEARXNG_BASE_URL: "https://searxng.chudnick.com/"
+    cap_drop:
+      - all
+    capabilities:
+      - CHOWN
+      - SETGID
+      - SETUID
+      - DAC_OVERRIDE
+    hostname: "searxng"
+    restart_policy: unless-stopped
+    state: 'started'
+    recreate: yes
+- name: create and deploy redis container
+  become: yes
+  become_user: "{{ docker_username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_container:
+    restart_policy: unless-stopped
+    name: "redis_searxng"
+    image: redis:alpine
+    pull: yes
+    command: redis-server --save "" --appendonly "no"
+    purge_networks: yes
+    networks:
+      - name: "{{ searxng_network_name }}"
+        ipv4_address: "{{ redis_searxng_ipv4 }}"
+    tmpfs:
+      - /var/lib/redis
+    cap_drop:
+      - all
+    capabilities:
+      - SETGID
+      - SETUID
+      - DAC_OVERRIDE
+    hostname: "redis"
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    state: 'started'
+    comparisons:
+      '*': strict
+- name: deploy nginx configuration
+  notify: restart nginx
+  register: nginx_config
+  copy:
+    src: "{{ searxng_nginx_config }}"
+    dest: /etc/nginx/sites-available/searxng.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/searxng.conf
+    dest: /etc/nginx/sites-enabled/searxng.conf
+    owner: root
+    group: root
+    state: link
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/containers/searxng/tasks

diff --git a/roles/services/containers/searxng/tasks/main.yml b/roles/services/containers/searxng/tasks/main.yml new file mode 100644 index 0000000..fa7609c --- /dev/null +++ b/roles/services/containers/searxng/tasks/main.yml
@@ -0,0 +1,170 @@
	1	- name: set image fact
	2	set_fact:
	3	image: "searxng/searxng:2023.6.16-71b6ff07"
	4
	5	- name: set other facts
	6	vars:
	7	array: "{{ image.split('/', 1) }}"
	8	set_fact:
	9	repo_tag: "{{ array.1 }}"
	10	custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
	11
	12	- name: create searxng directory
	13	file:
	14	path: "{{ docker_home }}/searxng"
	15	state: directory
	16	owner: "{{ docker_username }}"
	17	group: "{{ docker_username }}"
	18	mode: '0755'
	19
	20	- name: login to docker registry
	21	become: yes
	22	become_user: "{{ docker_username }}"
	23	environment:
	24	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	25	docker_login:
	26	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	27	registry_url: "{{ docker_registry_url }}"
	28	username: "{{ docker_registry_username }}"
	29	password: "{{ docker_registry_password }}"
	30
	31	- name: get searxng image
	32	become: yes
	33	become_user: "{{ docker_username }}"
	34	environment:
	35	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	36	docker_image:
	37	source: pull
	38	force_source: yes
	39	name: "{{ image }}"
	40	repository: "{{ custom_registry }}/{{ repo_tag }}"
	41	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	42	push: yes
	43
	44	- name: create searxng config directory
	45	file:
	46	path: "{{ docker_home }}/searxng/config"
	47	state: directory
	48	owner: "{{ docker_username }}"
	49	group: "{{ docker_username }}"
	50	mode: '0755'
	51
	52	- name: create redis_searxng directory
	53	file:
	54	path: "{{ docker_home }}/redis_searxng"
	55	state: directory
	56	owner: "{{ docker_username }}"
	57	group: "{{ docker_username }}"
	58	mode: '0755'
	59
	60	- name: create redis_searxng data directory
	61	file:
	62	path: "{{ docker_home }}/redis_searxng/data"
	63	state: directory
	64	owner: "{{ docker_username }}"
	65	group: "{{ docker_username }}"
	66	mode: '0755'
	67
	68	- name: place searxng config in proper location
	69	copy:
	70	src: "{{ searxng_config }}"
	71	dest: "{{ docker_home }}/searxng/config/settings.yml"
	72	owner: root
	73	group: docker
	74	mode: '0644'
	75
	76	- name: place uwsgi config
	77	copy:
	78	src: "{{ searxng_uwsgi_config }}"
	79	dest: "{{ docker_home }}/searxng/config/uwsgi.ini"
	80	owner: root
	81	group: docker
	82	mode: '0644'
	83
	84	- name: create searxng docker network
	85	docker_network:
	86	name: "{{ searxng_network_name }}"
	87	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	88	driver: bridge
	89	ipam_config:
	90	- subnet: "{{ searxng_subnet }}"
	91	gateway: "{{ searxng_gateway }}"
	92
	93	- name: create and deploy searxng container
	94	become: yes
	95	become_user: "{{ docker_username }}"
	96	environment:
	97	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	98	docker_container:
	99	name: "searxng"
	100	image: "{{ custom_registry }}/{{ repo_tag }}"
	101	pull: yes
	102	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	103	purge_networks: yes
	104	networks:
	105	- name: "{{ searxng_network_name }}"
	106	ipv4_address: "{{ searxng_ipv4 }}"
	107	ports:
	108	- "127.0.0.1:8080:8080"
	109	volumes:
	110	- "{{ docker_home }}/searxng/config:/etc/searxng"
	111	env:
	112	SEARXNG_BASE_URL: "https://searxng.chudnick.com/"
	113	cap_drop:
	114	- all
	115	capabilities:
	116	- CHOWN
	117	- SETGID
	118	- SETUID
	119	- DAC_OVERRIDE
	120	hostname: "searxng"
	121	restart_policy: unless-stopped
	122	state: 'started'
	123	recreate: yes
	124
	125	- name: create and deploy redis container
	126	become: yes
	127	become_user: "{{ docker_username }}"
	128	environment:
	129	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	130	docker_container:
	131	restart_policy: unless-stopped
	132	name: "redis_searxng"
	133	image: redis:alpine
	134	pull: yes
	135	command: redis-server --save "" --appendonly "no"
	136	purge_networks: yes
	137	networks:
	138	- name: "{{ searxng_network_name }}"
	139	ipv4_address: "{{ redis_searxng_ipv4 }}"
	140	tmpfs:
	141	- /var/lib/redis
	142	cap_drop:
	143	- all
	144	capabilities:
	145	- SETGID
	146	- SETUID
	147	- DAC_OVERRIDE
	148	hostname: "redis"
	149	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	150	state: 'started'
	151	comparisons:
	152	'*': strict
	153
	154	- name: deploy nginx configuration
	155	notify: restart nginx
	156	register: nginx_config
	157	copy:
	158	src: "{{ searxng_nginx_config }}"
	159	dest: /etc/nginx/sites-available/searxng.conf
	160	owner: root
	161	group: root
	162	mode: '0644'
	163
	164	- name: symlink site
	165	file:
	166	src: /etc/nginx/sites-available/searxng.conf
	167	dest: /etc/nginx/sites-enabled/searxng.conf
	168	owner: root
	169	group: root
	170	state: link