searxng instances fix (#25)

There was a confusion between instances and instance which are two different vars in settings.ini

Reviewed-on: #25
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>

README.md

@@ -14,3 +14,9 @@ Then you can access SearX from your computer on http://192.168.33.10
 ## Playbook
 The playbook includes nginx role and deploys entire stack needed to run Searx. Additional role is also available in the Ansible roles repos in git.
 
+## Searx or Searxng?
+You can choose to deploy either searx or searxng by setting `searx_or_searxng` var in `/defaults/main.yml` to one or the other. Default is set to `searxng`.
+You can also decide to deploy filtron for searx or limiter for searxng. Default is set to deploy limiter for searxng.
+
+## Theme
+You can deploy/update custom theme with `--tags theme`.

Vagrantfile

@@ -13,6 +13,6 @@ Vagrant.configure("2") do |config|
       libvirt.memory = 256
     end
     searx.vm.network "private_network", ip: "192.168.33.10"
-
+    config.vm.provision "shell", inline: "apt install acl"
 end
 end

defaults/main.yml

@@ -1,8 +1,14 @@
 ---
 
-searx_git_repo: 'https://github.com/asciimoo/searx.git'
+# What do you want to install?
+searx_or_searxng: 'searxng'
+searx_filtron: 'false' # Set it to true to deploy filtron with searx
+searx_limiter: 'true' # Set it to true to deploy filtron with searxng
+
+# Deployement
+searx_git_repo: 'https://github.com/{{ searx_or_searxng }}/{{ searx_or_searxng }}.git'
 searx_instance_name: 'searx'
-searx_version: 'master'
+searx_git_branch: 'master'
 searx_username: 'searx'
 searx_group: 'searx'
 searx_pkg:
@@ -26,23 +32,13 @@ searx_pip_pkgs:
   - wheel
   - pip
   - pyyaml
-searx_config_path: '/etc/searx'
-searx_contact_url: 'contact@example.com'
-searx_git_url: 'https://github.com/searx/searx'
-searx_git_branch: 'master'
-searx_git_issues: 'https://github.com/searx/searx/issues'
-searx_git_docs: 'https://searx.github.io/searx'
-searx_public_instance: 'https://searx.space'
-searx_git_wiki: 'https://github.com/searx/searx/wiki'
-searx_twitter_url: 'https://twitter.com/Searx_engine'
 
-searx_filtron_username: 'filtron'
-searx_filtron_group: 'filtron'
-searx_filtron_home: '/home/filtron'
-searx_filtron_work: 'work'
 searx_userhome: '/var/www/searx'
 searx_app_dir: '{{ searx_userhome }}/searx-src'
-searx_theme_dir: '/var/www/searx-themes'
+
+
+# searx.ini
+searx_config_path: '/etc/{{ searx_or_searxng }}'
 searx_disable_logging: 'true'
 searx_workers: '4'
 searx_chmod_socket: '666'
@@ -50,23 +46,53 @@ searx_single_interpreter: 'true'
 searx_master: 'true'
 searx_plugin: 'python3,http'
 searx_module: 'searx.webapp'
+
+# Filtron (searx)
+searx_filtron_username: 'filtron'
+searx_filtron_group: 'filtron'
+searx_filtron_home: '/home/filtron'
+searx_filtron_work: 'work'
 searx_host_listen: '127.0.0.1:8888'
 
+# Socket
+searx_redis_socket: '/var/run/redis/redis-server.sock' # This for limiter (searxng).
+searx_socket: '/var/run/uwsgi/app/searx/searx.sock'
+
+## Settings file
+searx_contact_url: 'contact@example.com'
+searx_onion_url: 'False'
+searx_git_issues: 'https://github.com/{{ searx_or_searxng }}/{{ searx_or_searxng }}/issues'
+searx_git_docs: 'https://{{ searx_or_searxng }}.github.io/{{ searx_or_searxng }}'
+searx_public_instances: 'https://searx.space'
+searx_public_instance: 'false'
+searx_git_wiki: 'https://github.com/{{ searx_or_searxng }}/{{ searx_or_searxng }}/wiki'
+searx_secretkey: '909cb8a9c66a1ab97bab80010bf8b22b' # run openssl rand -hex 16 to generate new random key
+searx_image_proxy: 'true'
+searx_bind_address: '192.168.33.10'
+searx_safe_search: 1 # Filter results. 0: None, 1: Moderate, 2: Strict
+searx_static_use_hash: 'false'
+searx_query_in_title: 'false'
+
+
+### Searx settings only
+searx_twitter_url: 'https://twitter.com/Searx_engine'
+
+### Searx ui settings
+searxng_category_select: 'true'
+
+## Theme
+searx_theme_dir: '/var/www/searx-themes'
+searx_default_theme: 'oscar'
+searx_theme_args: 'logicodev'
+searxng_default_theme: 'simple'
 #searx_custom_themes:
 #  - name: '' #add name of the theme
 #    repo: '' #add git repository of the theme
+#    version: 'main' #add branch name
 #    static_folder: '' #add static folder name
 #    template_folder: '' #add template folder name
 
-# settings file
-searx_secretkey: '909cb8a9c66a1ab97bab80010bf8b22b' # run openssl rand -hex 16 to generate new random key
-searx_default_theme: 'oscar'
-searx_image_proxy: 'True'
-searx_bind_address: '192.168.33.10'
-searx_theme_args: 'logicodev'
-searx_safe_search: 1 # Filter results. 0: None, 1: Moderate, 2: Strict
-
-#nginx
+# Nginx
 nginx_default_vhost: 'searx'
 nginx_default_vhost_ssl: 'searx'
 nginx_www_dir: '/var/www/'
@@ -76,10 +102,17 @@ nginx_vhosts:
   template: 'searx'
   proto: 'http'
   listen: '80'
+  upstream_proto: 'http'
+  upstream_port: '8888' # change to 4004 if using Filtron
+  #upstream_name: '127.0.0.1' # if defined, it will deploy filtron or limiter
+  #real_ip_from: '10.0.0.0/22' uncomment and set proper ip if your instqnce is behind extra reverse proxy
   root: 'searx'
   use_access_log: 'true'
   use_error_log: 'true'
   nginx_error_log_level: 'warn'
-  state: 'enable'
+  header_cto: 'none'
+  header_xss: 'none'
+  header_csp: "default-src 'self'; script-src 'self'; connect-src 'self'; img- src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';"
   letsencrypt: 'false'
   filtron: 'true'
+  state: 'enable'

handlers/main.yml

@@ -9,3 +9,8 @@
   service:
     name: filtron
     state: restarted
+
+- name: restart redis
+  service:
+    name: redis
+    state: restarted

tasks/check.yml

@@ -1,6 +1,11 @@
 ---
 
-- name: '[Check] - Make sure searx direcotry does not exist'
+- name: '[Check] - Make sure searx directory does not exist'
   file:
     state: 'absent'
     path: '{{ searx_userhome }}'
+
+- name: '[Check] - Make sure filron directory does not exist'
+  file:
+    state: 'absent'
+    path: '{{ searx_filtron_home }}'

tasks/configure.yml

@@ -10,11 +10,23 @@
 
 - name: '[CONFIG] - Deploy searx config'
   template:
-    src: 'settings.yml.j2'
+    src: 'settings.searx.yml.j2'
     dest: "{{ searx_config_path }}/settings.yml"
     owner: "{{ searx_username }}"
     group: "{{ searx_group }}"
     mode: 0644
+  when: searx_or_searxng == 'searx'
+  notify:
+    restart searx
+
+- name: '[CONFIG] - Deploy searxng config'
+  template:
+    src: 'settings.searxng.yml.j2'
+    dest: "{{ searx_config_path }}/settings.yml"
+    owner: "{{ searx_username }}"
+    group: "{{ searx_group }}"
+    mode: 0644
+  when: searx_or_searxng == 'searxng'
   notify:
     restart searx
 

tasks/custom_themes.yml

@@ -4,11 +4,17 @@
   git:
     repo: "{{ item.repo }}"
     dest: "{{ searx_theme_dir }}/{{ item.name }}"
+    version: "{{ item.version }}"
   with_items: "{{ searx_custom_themes }}"
+  tags: theme
+  become: true
+  become_user: "{{ searx_username }}"
+  
 - file:
     path: "{{ searx_app_dir }}/searx/static/themes/{{ item.name }}"
     state: absent
   with_items: "{{ searx_custom_themes }}"
+  tags: theme
 
 - name: "[THEME] - Sync static folder"
   synchronize:
@@ -22,6 +28,7 @@
   with_items: "{{ searx_custom_themes }}"
   notify:
     - "restart searx"
+  tags: theme
 
 - name: "[THEME] - Sync templates folder"
   synchronize:
@@ -35,11 +42,4 @@
   with_items: "{{ searx_custom_themes }}"
   notify:
     - "restart searx" 
-
-- name: "[THEME] - Change owner"
-  file:
-    path:  "{{ searx_theme_dir }}"
-    owner: '{{ searx_username }}'
-    group: '{{ searx_group }}'
-    state: directory
-    recurse: yes
+  tags: theme

tasks/filtron.yml

@@ -1,5 +1,26 @@
 ---
 
+- name: "[USER] - Add user filtron"
+  user:
+    name: '{{ searx_filtron_username }}'
+    shell: /bin/bash
+  #  group: '{{ searx_filtron_group }}'
+    home: '{{ searx_filtron_home }}'
+
+- name: "[USER] - Setup filtron user profile"
+  copy:
+    src: filtron_profile
+    dest: "{{ searx_filtron_home }}/.profile"
+    owner: "{{ searx_filtron_username }}"
+
+- name: '[USER] - Make sure .profile file exists for searx user'
+  file:
+    path: '{{ searx_userhome }}/.profile'
+    state: 'touch'
+    mode: 0644
+    owner: '{{ searx_username }}'
+    group: '{{ searx_group }}'
+
 - name: "[FILTRON] - Create work dir"
   file:
     path: '{{ searx_filtron_home }}/work'
@@ -8,11 +29,19 @@
     state: directory
     recurse: yes
 
-- name: "[FILTRON] - get filtron"
+- name: "[FILTRON] - get filtron for searx"
   shell: "export GOPATH=$HOME/work; /usr/bin/go get github.com/asciimoo/filtron"
   become: true
   become_method: sudo
   become_user: "{{ searx_filtron_username }}"
+  when: searx_or_searxng == 'searx'
+
+- name: "[FILTRON] - get filtron for searxng"
+  shell: "export GOPATH=$HOME/work; /usr/bin/go get github.com/searxng/filtron"
+  become: true
+  become_method: sudo
+  become_user: "{{ searx_filtron_username }}"
+  when: searx_or_searxng == 'searxng'
 
 - name: "[FILTRON] - deploy rules"
   copy:

tasks/git.yml

@@ -1,8 +1,18 @@
 ---
 
-- name: '[GIT] - Clone git repo'
+- name: '[GIT] - Give www dir ownership to {{ searx_username }}'
+  file:
+    path: '/var/www/'
+    state: directory
+    recurse: true
+    owner: "{{ searx_username }}"
+    group: "{{ searx_group }}"
+
+- name: '[GIT] - Clone searx git repo'
   git:
     repo: '{{ searx_git_repo }}'
     dest: '{{ searx_app_dir }}'
-    version: '{{ searx_version }}'
+    version: '{{ searx_git_branch }}'
     force: yes
+  become: true
+  become_user: "{{ searx_username }}"

tasks/main.yml

@@ -1,28 +1,35 @@
 ---
 
 - name: remove existing searx dir
-  include: check.yml
+  include_tasks: check.yml
 
 - name: Install dependencies
-  include: installdeps.yml
-
-- name: Clone git repo
-  include: git.yml
+  include_tasks: installdeps.yml
 
 - name: Add user
-  include: user.yml
+  include_tasks: user.yml
+
+- name: Clone git repo
+  include_tasks: git.yml
 
 - name: Install filtron
-  include: filtron.yml
+  include_tasks: filtron.yml
+  when: searx_or_searxng == 'searx' and searx_filtron == "true"
+
+- name: Install redis
+  include_tasks: redis.yml
+  when: searx_or_searxng == 'searxng' and searx_limiter == "true"
 
 - name: Deploy systemd
-  include: systemd.yml
+  include_tasks: systemd.yml
+  when: searx_or_searxng == 'searx' and searx_filtron == "true"
 
 - name: Install the app
-  include: installapp.yml
+  include_tasks: installapp.yml
 
 - name: Configure app
-  include: configure.yml
+  include_tasks: configure.yml
 
-- include: custom_themes.yml
+- include_tasks: custom_themes.yml
   when: searx_custom_themes is defined
+  tags: theme

tasks/redis.yml

@@ -0,0 +1,30 @@
+---
+
+- name: '[REDIS] - Install Redis'
+  apt:
+    name: "redis"
+    update_cache: yes
+
+- name: '[REDIS] - Enable Redis socket path'
+  lineinfile:
+    path: /etc/redis/redis.conf
+    regexp: '^# unixsocket '
+    line: unixsocket {{ searx_redis_socket }}
+  notify:
+    restart redis
+
+- name: '[REDIS] - Set permission to the socket to all members of the redis user group'
+  lineinfile:
+    path: /etc/redis/redis.conf
+    regexp: '^# unixsocketperm 700'
+    line: unixsocketperm 770
+  notify:
+    restart redis
+
+- name: '[REDIS] - Add {{ searx_username }} user to redis group'
+  user:
+    name: '{{ searx_username }}'
+    shell: /bin/bash
+    groups: '{{ searx_group }},redis'
+    home: '{{ searx_userhome }}'
+    append: yes

tasks/user.yml

@@ -19,24 +19,3 @@
     group: '{{ searx_group }}'
     state: directory
     recurse: yes
-
-- name: "[USER] - Add user filtron"
-  user:
-    name: '{{ searx_filtron_username }}'
-    shell: /bin/bash
-  #  group: '{{ searx_filtron_group }}'
-    home: '{{ searx_filtron_home }}'
-
-- name: "[USER] - Setup filtron user  profile"
-  copy:
-    src: filtron_profile
-    dest: "{{ searx_filtron_home }}/.profile"
-    owner: "{{ searx_filtron_username }}"
-
-- name: '[USER] - Make sure .profile file exists for seax user'
-  file:
-    path: '{{ searx_userhome }}/.profile'
-    state: 'touch'
-    mode: 0644
-    owner: '{{ searx_username }}'
-    group: '{{ searx_group }}'

templates/etc/uwsgi/apps-available/searx.ini.j2

@@ -1,7 +1,18 @@
 # {{ ansible_managed }}
 
+# -*- mode: conf; coding: utf-8  -*-
 [uwsgi]
-# Who will run the code
+
+# uWSGI core
+# ----------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
+
+# Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be
+# ignored [1].  Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini).
+#
+# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
+#
 uid = {{ searx_username }}
 gid = {{ searx_group }}
 
@@ -13,34 +24,92 @@ env = LC_ALL=C.UTF-8
 # chdir to specified directory before apps loading
 chdir = {{ searx_app_dir }}/searx
 
-# searx configuration (settings.yml)
+# SearXNG configuration (settings.yml)
+{% if searx_or_searxng == 'searx' %}
 env = SEARX_SETTINGS_PATH={{ searx_config_path }}/settings.yml
+{% else %}
+env = SEARXNG_SETTINGS_PATH={{ searx_config_path }}/settings.yml
+{% endif %}
 
 # disable logging for privacy
+# logger = systemd
 disable-logging = {{ searx_disable_logging }}
 
-# Number of workers (usually CPU count)
-workers = {{ searx_workers }}
-
 # The right granted on the created socket
 chmod-socket = {{ searx_chmod_socket }}
 
-# Plugin to use and interpretor config
+# Plugin to use and interpreter config
 single-interpreter = {{ searx_single_interpreter }}
+
+# enable master process
 master = {{ searx_master }}
-plugin = {{ searx_plugin }}
+
+# load apps in each worker instead of the master
 lazy-apps = true
+
+# load uWSGI plugins
+plugin = {{ searx_plugin }}
+
+# By default the Python plugin does not initialize the GIL.  This means your
+# app-generated threads will not run.  If you need threads, remember to enable
+# them with enable-threads.  Running uWSGI in multithreading mode (with the
+# threads options) will automatically enable threading support. This *strange*
+# default behaviour is for performance reasons.
 enable-threads = true
 
-# Module to import
+{% if searx_or_searxng == 'searx' %}
+# Number of workers (usually CPU count)
+workers = {{ searx_workers }}
+threads = ${UWSGI_THREADS:-4}
+{% endif %}
+
+# plugin: python
+# --------------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python
+
+# load a WSGI module
 module = {{ searx_module }}
 
-# Virtualenv and python path
+# set PYTHONHOME/virtualenv
 virtualenv = {{ searx_userhome }}/searx-pyenv/
+
+# add directory (or glob) to pythonpath
 pythonpath = {{ searx_app_dir }}
 
+
+# speak to upstream
+# -----------------
+
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
+# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
+
+{% if searx_or_searxng == 'searx' and searx_filtron == 'true' %}
 # Filtron
 http-socket = {{ searx_host_listen }}
+{% elif searx_socket is defined %}
+socket = {{ searx_socket }}
+{% else %}
+http = {{ searx_host_listen }}
+{% endif %}
+buffer-size = 8192
+
+{% if searx_or_searxng == 'searxng' %}
+# uWSGI serves the static files and in settings.yml we use::
+#
+#   ui:
+#     static_use_hash: true
+#
+#static-map = /static={{ searx_app_dir }}/searx/static
+# expires set to one year since there are hashes
+static-expires = /* 31557600
+static-gzip-all = True
+offload-threads = %k
+{% endif %}
 
 # Cache
+{% if searx_or_searxng == 'searx' %}
 cache2 = name=searxcache,items=2000,blocks=2000,blocksize=4096,bitmap=1
+{% else %}
+cache2 = name=searxngcache,items=2000,blocks=2000,blocksize=4096,bitmap=1
+{% endif %}

templates/settings.searx.yml.j2

@@ -4,7 +4,7 @@ general:
     contact_url: False # mailto:{{ searx_contact_url }}
 
 brand:
-    git_url: {{ searx_git_url }}
+    git_url: {{ searx_git_repo }}
     git_branch: {{ searx_git_branch }}
     issue_url: {{ searx_git_issues }}
     docs_url: {{ searx_git_docs }}
@@ -40,7 +40,7 @@ ui:
     default_theme : {{ searx_default_theme }} # ui theme
     default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section
     theme_args :
-        {{ searx_default_theme }}_style : logicodev # default style of oscar
+        {{ searx_default_theme }}_style : {{ searx_theme_args }} # default style of oscar
 #   results_on_new_tab: False  # Open result links in a new tab by default
 #   categories_order :
 #     - general