add: searxng

projects/searxng/manifests/config.yml

@@ -0,0 +1,85 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: searxng-config
+  namespace: searxng
+data:
+  settings.yml: |
+    ---
+    use_default_settings:
+      engines:
+        remove:
+          - soundcloud
+
+    server:
+      limiter: false
+      image_proxy: false
+
+    search:
+      default_lang: en
+      formats:
+        - html
+        - json
+    #   autocomplete: google
+
+    general:
+      instance_name: HiveSearch
+
+    ui:
+      static_use_hash: true
+      default_theme: simple
+      theme_args:
+        simple_style: dark
+      infinite_scroll: true
+      results_on_new_tab: true
+
+    enabled_plugins:
+      - Basic Calculator
+      - Hash plugin
+      - Hostname replace
+      - Open Access DOI rewrite
+      - Self Informations
+      - Tracker URL remover
+      - Unit converter plugin
+
+    hostname_replace:
+      (www\.)?reddit\.com$: redlib.rostvik.site
+
+  limiter.toml: |
+    [real_ip]
+
+    # Number of values to trust for X-Forwarded-For.
+
+    x_for = 1
+
+    # The prefix defines the number of leading bits in an address that are compared
+    # to determine whether or not an address is part of a (client) network.
+
+    ipv4_prefix = 32
+    ipv6_prefix = 48
+
+    [botdetection.ip_limit]
+
+    # To get unlimited access in a local network, by default link-lokal addresses
+    # (networks) are not monitored by the ip_limit
+    filter_link_local = true
+
+    # activate link_token method in the ip_limit method
+    link_token = false
+
+    [botdetection.ip_lists]
+
+    # In the limiter, the ip_lists method has priority over all other methods -> if
+    # an IP is in the pass_ip list, it has unrestricted access and it is also not
+    # checked if e.g. the "user agent" suggests a bot (e.g. curl).
+
+    block_ip = [
+    ]
+
+    pass_ip = [
+      '10.0.0.0/24',      # IPv4 private network
+    ]
+
+    # Activate passlist of (hardcoded) IPs from the SearXNG organization,
+    # e.g. `check.searx.space`.
+    pass_searxng_org = false

projects/searxng/project.yaml

@@ -0,0 +1,13 @@
+config:
+  description: Local Meta Search
+
+apps:
+- name: searxng
+  repo: bjw-s 
+  chart: app-template
+  targetRevision: 3.2.1
+  secrets:
+    - name: searxng 
+      keys:
+        - SEARXNG_SECRET
+

projects/searxng/values/searxng.yml

@@ -0,0 +1,97 @@
+controllers:
+  app:
+    replicas: 1
+    strategy: RollingUpdate
+    containers:
+      app:
+        image:
+          repository: searxng/searxng
+          tag: 2024.5.16-2f2d93b29
+
+        env:
+          BASE_URL: https://search.dc
+          AUTOCOMPLETE: "false"
+          INSTANCE_NAME: "HiveSearch"
+
+        envFrom:
+          - secretRef:
+              name: searxng
+
+        # probes:
+        #   liveness: 
+        #     enabled: true
+        #     custom: true
+        #     spec:
+        #       httpGet:
+        #         path: /stats
+        #         port: 8080
+        #       initialDelaySeconds: 0
+        #       periodSeconds: 10
+        #       timeoutSeconds: 1
+        #       failureThreshold: 3
+        #   readiness:
+        #     enabled: true
+        #     custom: true
+        #     spec:
+        #       httpGet:
+        #         path: /stats
+        #         port: 8080
+        #       initialDelaySeconds: 0
+        #       periodSeconds: 10
+        #       timeoutSeconds: 1
+        #       failureThreshold: 3
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          capabilities:
+            drop:
+              - ALL
+            add:
+              - CHOWN
+              - SETGID
+              - SETUID
+              - DAC_OVERRIDE
+        resources:
+          requests:
+            cpu: 10m
+          limits:
+            memory: 3Gi
+
+service:
+  app:
+    controller: app
+    ports:
+      http:
+        port: 8080
+
+persistence:
+  config:
+    type: configMap
+    name: searxng-config
+    advancedMounts:
+      app:
+        app:
+          - path: /etc/searxng/settings.yml
+            subPath: settings.yml
+            readOnly: true
+          - path: /etc/searxng/limiter.toml
+            subPath: limiter.toml
+            readOnly: true
+
+ingress:
+  app:
+    # className: ingress-internal
+    annotations:
+      cert-manager.io/cluster-issuer: vault-issuer
+    hosts:
+      - host: search.dc
+        paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+    tls:
+      - hosts:
+        - search.dc
+        secretName: searxng-tls