searxing

kubernetes/main/apps/collab/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - ./obsidian-couchdb/ks.yaml
   - ./paperless/ks.yaml
   - ./paperless-ai/ks.yaml
+  - ./searxng/ks.yaml

kubernetes/main/apps/collab/searxng/app/externalsecret.yaml

@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: searxng
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: searxng-secret
+    template:
+      engineVersion: v2
+      data:
+        SEARXNG_SECRET: "{{ .SEARXNG_SECRET }}"
+  dataFrom:
+    - extract:
+        key: searxng

kubernetes/main/apps/collab/searxng/app/helmrelease.yaml

@@ -0,0 +1,111 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: searxng
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.6.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      searxng:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: docker.io/searxng/searxng
+              tag: 2024.7.7-ef103ba80
+            envFrom:
+              - secretRef:
+                  name: searxng-secret
+            env:
+              SEARXNG_BASE_URL: https://search.${SECRET_DOMAIN}
+              SEARXNG_URL: https://search.${SECRET_DOMAIN}
+              SEARXNG_PORT: &port 8080
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /stats
+                    port: *port
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+              startup:
+                enabled: false
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                  - ALL
+                add:
+                  - CHOWN
+                  - SETGID
+                  - SETUID
+                  - DAC_OVERRIDE
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 3Gi
+    service:
+      app:
+        controller: searxng
+        ports:
+          http:
+            port: *port
+    ingress:
+      app:
+        enabled: true
+        className: internal
+        hosts:
+          - host: &host "search.${SECRET_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        type: configMap
+        name: searxng-configmap
+        advancedMounts:
+          searxng:
+            app:
+              - path: /etc/searxng/settings.yml
+                subPath: settings.yml
+                readOnly: true
+              - path: /etc/searxng/limiter.toml
+                subPath: limiter.toml
+                readOnly: true
+      tmp:
+        type: emptyDir
+        advancedMounts:
+          searxng:
+            app:
+              - path: /etc/searxng

kubernetes/main/apps/collab/searxng/app/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: searxng-configmap
+    files:
+      - settings.yml=./resources/settings.yml
+      - limiter.toml=./resources/limiter.toml
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/main/apps/collab/searxng/app/resources/limiter.toml

@@ -0,0 +1,6 @@
+# This configuration file updates the default configuration file
+# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
+
+[botdetection.ip_limit]
+# activate link_token method in the ip_limit method
+link_token = true

kubernetes/main/apps/collab/searxng/app/resources/settings.yml

@@ -0,0 +1,51 @@
+---
+use_default_settings: true
+
+server:
+  limiter: false
+  image_proxy: true
+
+redis:
+  url: redis://dragonfly.databases.svc.cluster.local:6379?db=10
+
+search:
+  safe_search: 0
+  autocomplete: brave
+  formats:
+    - html
+    - json
+
+general:
+  instance_name: HansonSearch
+
+ui:
+  static_use_hash: true
+  default_theme: simple
+  theme_args:
+    simple_style: dark
+  infinite_scroll: true
+  results_on_new_tab: true
+
+enabled_plugins:
+  - Basic Calculator
+  - Hash plugin
+  - Hostnames plugin
+  - Open Access DOI rewrite
+  - Self Informations
+  - Tracker URL remover
+  - Unit converter plugin
+
+hostnames:
+  high_priority:
+    - (.*)\/blog\/(.*)
+    - (.*\.)?wikipedia.org$
+    - (.*\.)?github.com$
+    - (.*\.)?reddit.com$
+    - (.*\.)?linuxserver.io$
+    - (.*\.)?docker.com$
+    - (.*\.)?archlinux.org$
+    - (.*\.)?stackoverflow.com$
+    - (.*\.)?askubuntu.com$
+    - (.*\.)?superuser.com$
+  #replace:
+  #  (www\.)?reddit\.com$: red.hsn.dev

kubernetes/main/apps/collab/searxng/ks.yaml

@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: collab-searxng
+  namespace: flux-system
+spec:
+  targetNamespace: collab
+  dependsOn:
+    - name: databases-dragonfly-cluster
+    - name: system-external-secrets-stores
+  path: ./kubernetes/main/apps/collab/searxng/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  wait: false
+  interval: 30m
+  timeout: 5m