WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(searxng): added new role to install and configure searxng

Browse source
This commit is contained in:
NaeiKinDus 2025-05-23 00:00:00 +00:00
parent 768a8133b5
commit 63eab11b85
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
19 changed files with 923 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

48
ansible_collections/nullified/infrastructure/roles/searxng/tasks/backend_uwsgi_setup.yml Normal file
View file

@ -0,0 +1,48 @@
---
- name: setup uWSGI
become: true
when: searxng_install_uwsgi is truthy
block:
- name: setup directories
ansible.builtin.file:
path: '{{ item }}'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
mode: '0700'
state: directory
loop:
- '{{ searxng_uwsgi_config_filepath | dirname }}'
- name: install dependencies
ansible.builtin.apt:
update_cache: true
force_apt_get: true
state: present
cache_valid_time: 3600
pkg:
- libpcre3
- libpcre3-dev
- name: install uWSGI
ansible.builtin.pip:
name:
- 'uwsgi{{ searxng_uwsgi_version_constraint if searxng_uwsgi_version_constraint is truthy }}'
virtualenv: '{{ searxng_install_dir }}/.venv'
- name: install uWSGI configuration
ansible.builtin.template:
src: ../templates/uwsgi/uwsgi.ini.j2
dest: '{{ searxng_uwsgi_config_filepath }}'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
mode: 'u=rw,g=r,o='
- name: install systemd unit files
become: true
ansible.builtin.template:
src: '../templates/systemd/searxng.{{ item }}.j2'
dest: '{{ systemd_unit_directory }}/searxng.{{ item }}'
owner: root
group: root
mode: 'u=rwX,g=rX,o='
notify:
- 'searxng : restart service'
loop:
- service
- socket

17
ansible_collections/nullified/infrastructure/roles/searxng/tasks/gather_facts.yml Normal file
View file

@ -0,0 +1,17 @@
---
- name: find systemd unit directory
become: true
ansible.builtin.command: pkg-config systemd --variable=systemd_system_conf_dir
changed_when: false
register: systemd_unit_directory_cmd
- name: find systemd version
become: true
ansible.builtin.shell: >
systemctl --version | awk '{if($1=="systemd" && $2~"^[0-9]+$"){print $2}}'
changed_when: false
register: systemd_version_cmd
- name: set facts
ansible.builtin.set_fact:
systemd_unit_directory: "{{ systemd_unit_directory_cmd.stdout }}"
systemd_version: "{{ systemd_version_cmd.stdout | int }}"
searxng_conf_server_secret_key: "{{ searxng_conf_server_secret_key | default(lookup('ansible.builtin.password', '/dev/null', length=64), true) }}"

106
ansible_collections/nullified/infrastructure/roles/searxng/tasks/main.yml Normal file
View file

@ -0,0 +1,106 @@
---
- name: install dependencies
become: true
ansible.builtin.apt:
update_cache: true
force_apt_get: true
state: present
cache_valid_time: 3600
pkg:
- build-essential
- git
- libffi-dev
- libssl-dev
- libxslt-dev
- pkgconf
- python3-babel
- python3-dev
- python3-virtualenv
- python3-yaml
- zlib1g-dev
- name: gather facts
ansible.builtin.include_tasks: gather_facts.yml
- name: create service group
become: true
ansible.builtin.group:
name: '{{ searxng_group }}'
system: true
state: present
- name: create service user
become: true
ansible.builtin.user:
name: '{{ searxng_user }}'
group: '{{ searxng_group }}'
shell: '/usr/bin/bash'
home: '{{ searxng_install_dir }}'
create_home: true
system: true
state: present
- name: mark git repository as safe
become: true
ansible.builtin.shell: >
git config --global --get safe.directory {{ searxng_git_dir }} ||
git config --global --add safe.directory {{ searxng_git_dir }}
- name: clone repository
become: true
ansible.builtin.git:
repo: '{{ searxng_git_repository }}'
dest: '{{ searxng_git_dir }}'
single_branch: true
version: '{{ searxng_git_version }}'
- name: setup virtualenv
become: true
ansible.builtin.pip:
requirements: '{{ searxng_git_dir }}/requirements.txt'
virtualenv: '{{ searxng_install_dir }}/.venv'
virtualenv_site_packages: true
extra_args: '--use-pep517 --no-build-isolation -e {{ searxng_git_dir }}'
- name: set ownership
become: true
ansible.builtin.file:
path: '{{ searxng_install_dir }}'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
mode: 'u=rwX,g=rX,o='
recurse: yes
follow: false
- name: setup shell environment
become: true
ansible.builtin.lineinfile:
path: '{{ searxng_install_dir }}/.profile'
line: 'source {{ searxng_install_dir }}/.venv/bin/activate'
search_string: 'source {{ searxng_install_dir }}/.venv/bin/activate'
create: true
mode: '0640'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
state: present
- name: setup configuration file
become: true
ansible.builtin.template:
src: '../templates/settings.yml.j2'
dest: '{{ searxng_install_dir }}/settings.yml'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
mode: 'u=rw,g=r,o='
- name: setup limiter configuration
become: true
when: (searxng_conf_server_limiter | default(True, True)) is truthy
ansible.builtin.template:
src: '../templates/limiter.toml.j2'
dest: '{{ searxng_install_dir }}/limiter.toml'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
mode: 'u=rw,g=r,o='
- name: setup backend
ansible.builtin.include_tasks: 'backend_{{ searxng_backend }}_setup.yml'
- name: fix permissions
become: true
ansible.builtin.file:
path: '{{ searxng_git_dir }}'
owner: '{{ searxng_user }}'
group: '{{ searxng_group }}'
recurse: true
state: directory
- name: flush handlers
ansible.builtin.meta: flush_handlers