diff --git a/projects/searxng/manifests/config.yml b/projects/searxng/manifests/config.yml new file mode 100644 index 00000000..2106fab1 --- /dev/null +++ b/projects/searxng/manifests/config.yml @@ -0,0 +1,85 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: searxng-config + namespace: searxng +data: + settings.yml: | + --- + use_default_settings: + engines: + remove: + - soundcloud + + server: + limiter: false + image_proxy: false + + search: + default_lang: en + formats: + - html + - json + # autocomplete: google + + general: + instance_name: HiveSearch + + ui: + static_use_hash: true + default_theme: simple + theme_args: + simple_style: dark + infinite_scroll: true + results_on_new_tab: true + + enabled_plugins: + - Basic Calculator + - Hash plugin + - Hostname replace + - Open Access DOI rewrite + - Self Informations + - Tracker URL remover + - Unit converter plugin + + hostname_replace: + (www\.)?reddit\.com$: redlib.rostvik.site + + limiter.toml: | + [real_ip] + + # Number of values to trust for X-Forwarded-For. + + x_for = 1 + + # The prefix defines the number of leading bits in an address that are compared + # to determine whether or not an address is part of a (client) network. + + ipv4_prefix = 32 + ipv6_prefix = 48 + + [botdetection.ip_limit] + + # To get unlimited access in a local network, by default link-lokal addresses + # (networks) are not monitored by the ip_limit + filter_link_local = true + + # activate link_token method in the ip_limit method + link_token = false + + [botdetection.ip_lists] + + # In the limiter, the ip_lists method has priority over all other methods -> if + # an IP is in the pass_ip list, it has unrestricted access and it is also not + # checked if e.g. the "user agent" suggests a bot (e.g. curl). + + block_ip = [ + ] + + pass_ip = [ + '10.0.0.0/24', # IPv4 private network + ] + + # Activate passlist of (hardcoded) IPs from the SearXNG organization, + # e.g. `check.searx.space`. + pass_searxng_org = false diff --git a/projects/searxng/project.yaml b/projects/searxng/project.yaml new file mode 100644 index 00000000..9bb2e8ac --- /dev/null +++ b/projects/searxng/project.yaml @@ -0,0 +1,13 @@ +config: + description: Local Meta Search + +apps: +- name: searxng + repo: bjw-s + chart: app-template + targetRevision: 3.2.1 + secrets: + - name: searxng + keys: + - SEARXNG_SECRET + diff --git a/projects/searxng/values/searxng.yml b/projects/searxng/values/searxng.yml new file mode 100644 index 00000000..be395673 --- /dev/null +++ b/projects/searxng/values/searxng.yml @@ -0,0 +1,97 @@ +controllers: + app: + replicas: 1 + strategy: RollingUpdate + containers: + app: + image: + repository: searxng/searxng + tag: 2024.5.16-2f2d93b29 + + env: + BASE_URL: https://search.dc + AUTOCOMPLETE: "false" + INSTANCE_NAME: "HiveSearch" + + envFrom: + - secretRef: + name: searxng + + # probes: + # liveness: + # enabled: true + # custom: true + # spec: + # httpGet: + # path: /stats + # port: 8080 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + # failureThreshold: 3 + # readiness: + # enabled: true + # custom: true + # spec: + # httpGet: + # path: /stats + # port: 8080 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + # failureThreshold: 3 + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + add: + - CHOWN + - SETGID + - SETUID + - DAC_OVERRIDE + resources: + requests: + cpu: 10m + limits: + memory: 3Gi + +service: + app: + controller: app + ports: + http: + port: 8080 + +persistence: + config: + type: configMap + name: searxng-config + advancedMounts: + app: + app: + - path: /etc/searxng/settings.yml + subPath: settings.yml + readOnly: true + - path: /etc/searxng/limiter.toml + subPath: limiter.toml + readOnly: true + +ingress: + app: + # className: ingress-internal + annotations: + cert-manager.io/cluster-issuer: vault-issuer + hosts: + - host: search.dc + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - search.dc + secretName: searxng-tls