From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sun, 25 Jun 2023 09:52:36 -0400 Subject: Initial Commit --- .../services/containers/searxng/handlers/main.yml | 4 + roles/services/containers/searxng/tasks/main.yml | 170 +++++++++++++++++++++ 2 files changed, 174 insertions(+) create mode 100644 roles/services/containers/searxng/handlers/main.yml create mode 100644 roles/services/containers/searxng/tasks/main.yml (limited to 'roles/services/containers/searxng') diff --git a/roles/services/containers/searxng/handlers/main.yml b/roles/services/containers/searxng/handlers/main.yml new file mode 100644 index 0000000..5463835 --- /dev/null +++ b/roles/services/containers/searxng/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/roles/services/containers/searxng/tasks/main.yml b/roles/services/containers/searxng/tasks/main.yml new file mode 100644 index 0000000..fa7609c --- /dev/null +++ b/roles/services/containers/searxng/tasks/main.yml @@ -0,0 +1,170 @@ +- name: set image fact + set_fact: + image: "searxng/searxng:2023.6.16-71b6ff07" + +- name: set other facts + vars: + array: "{{ image.split('/', 1) }}" + set_fact: + repo_tag: "{{ array.1 }}" + custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}" + +- name: create searxng directory + file: + path: "{{ docker_home }}/searxng" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: login to docker registry + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_login: + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + registry_url: "{{ docker_registry_url }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + +- name: get searxng image + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_image: + source: pull + force_source: yes + name: "{{ image }}" + repository: "{{ custom_registry }}/{{ repo_tag }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + push: yes + +- name: create searxng config directory + file: + path: "{{ docker_home }}/searxng/config" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis_searxng directory + file: + path: "{{ docker_home }}/redis_searxng" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: create redis_searxng data directory + file: + path: "{{ docker_home }}/redis_searxng/data" + state: directory + owner: "{{ docker_username }}" + group: "{{ docker_username }}" + mode: '0755' + +- name: place searxng config in proper location + copy: + src: "{{ searxng_config }}" + dest: "{{ docker_home }}/searxng/config/settings.yml" + owner: root + group: docker + mode: '0644' + +- name: place uwsgi config + copy: + src: "{{ searxng_uwsgi_config }}" + dest: "{{ docker_home }}/searxng/config/uwsgi.ini" + owner: root + group: docker + mode: '0644' + +- name: create searxng docker network + docker_network: + name: "{{ searxng_network_name }}" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + driver: bridge + ipam_config: + - subnet: "{{ searxng_subnet }}" + gateway: "{{ searxng_gateway }}" + +- name: create and deploy searxng container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + name: "searxng" + image: "{{ custom_registry }}/{{ repo_tag }}" + pull: yes + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + purge_networks: yes + networks: + - name: "{{ searxng_network_name }}" + ipv4_address: "{{ searxng_ipv4 }}" + ports: + - "127.0.0.1:8080:8080" + volumes: + - "{{ docker_home }}/searxng/config:/etc/searxng" + env: + SEARXNG_BASE_URL: "https://searxng.chudnick.com/" + cap_drop: + - all + capabilities: + - CHOWN + - SETGID + - SETUID + - DAC_OVERRIDE + hostname: "searxng" + restart_policy: unless-stopped + state: 'started' + recreate: yes + +- name: create and deploy redis container + become: yes + become_user: "{{ docker_username }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}" + docker_container: + restart_policy: unless-stopped + name: "redis_searxng" + image: redis:alpine + pull: yes + command: redis-server --save "" --appendonly "no" + purge_networks: yes + networks: + - name: "{{ searxng_network_name }}" + ipv4_address: "{{ redis_searxng_ipv4 }}" + tmpfs: + - /var/lib/redis + cap_drop: + - all + capabilities: + - SETGID + - SETUID + - DAC_OVERRIDE + hostname: "redis" + docker_host: "unix://run/user/{{ docker_uid }}/docker.sock" + state: 'started' + comparisons: + '*': strict + +- name: deploy nginx configuration + notify: restart nginx + register: nginx_config + copy: + src: "{{ searxng_nginx_config }}" + dest: /etc/nginx/sites-available/searxng.conf + owner: root + group: root + mode: '0644' + +- name: symlink site + file: + src: /etc/nginx/sites-available/searxng.conf + dest: /etc/nginx/sites-enabled/searxng.conf + owner: root + group: root + state: link -- cgit v1.2.3