mirror of
https://github.com/furyhawk/cloudy.git
synced 2026-05-22 07:56:49 +00:00
Refactor makefile to add deployment for searxng stack
This commit is contained in:
@@ -105,4 +105,12 @@ deploy-thelounge: pull
|
|||||||
set +a ;\
|
set +a ;\
|
||||||
docker stack deploy --compose-file ./swarm/thelounge.yml thelounge ;\
|
docker stack deploy --compose-file ./swarm/thelounge.yml thelounge ;\
|
||||||
}
|
}
|
||||||
|
deploy-searxng: pull
|
||||||
|
{ \
|
||||||
|
echo "Deploying the searxng stack..." ;\
|
||||||
|
set -a ;\
|
||||||
|
. ./swarm/.env ;\
|
||||||
|
set +a ;\
|
||||||
|
docker stack deploy --compose-file ./swarm/searxng.yml searxng ;\
|
||||||
|
}
|
||||||
# git submodule update --init --recursive
|
# git submodule update --init --recursive
|
||||||
@@ -61,6 +61,14 @@ services:
|
|||||||
- traefik.http.middlewares.rate-limit.ratelimit.average=384
|
- traefik.http.middlewares.rate-limit.ratelimit.average=384
|
||||||
- traefik.http.middlewares.rate-limit.ratelimit.burst=128
|
- traefik.http.middlewares.rate-limit.ratelimit.burst=128
|
||||||
- traefik.http.middlewares.rate-limit.ratelimit.period=10s
|
- traefik.http.middlewares.rate-limit.ratelimit.period=10s
|
||||||
|
- traefik.http.middlewares.xbot.headers.browserXssFilter=true
|
||||||
|
- traefik.http.middlewares.xbot.headers.contentTypeNosniff=true
|
||||||
|
- traefik.http.middlewares.xbot.headers.frameDeny=true
|
||||||
|
- traefik.http.middlewares.xbot.headers.stsPreload=true
|
||||||
|
- traefik.http.middlewares.xbot.headers.stsSeconds=31536000
|
||||||
|
- traefik.http.middlewares.xbot.headers.stsIncludeSubdomains=true
|
||||||
|
- traefik.http.middlewares.xbot.headers.permissionsPolicy="accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), wake-lock=(), xr-spatial-tracking=()"
|
||||||
|
- traefik.http.middlewares.xbot.headers.referrerPolicy="no-referrer"
|
||||||
- treafik.http.middlewares.neo4j_strip.stripprefix.prefixes=/neo4j
|
- treafik.http.middlewares.neo4j_strip.stripprefix.prefixes=/neo4j
|
||||||
# traefik-https the actual router using HTTPS
|
# traefik-https the actual router using HTTPS
|
||||||
- traefik.http.routers.traefik-public-https.rule=Host(`dashboard.${DOMAIN?Variable not set}`)
|
- traefik.http.routers.traefik-public-https.rule=Host(`dashboard.${DOMAIN?Variable not set}`)
|
||||||
|
|||||||
@@ -0,0 +1,71 @@
|
|||||||
|
volumes:
|
||||||
|
valkey_data2: {}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
searxng:
|
||||||
|
driver: overlay
|
||||||
|
attachable: true
|
||||||
|
traefik-public:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
redis_valkey:
|
||||||
|
image: docker.io/valkey/valkey:7-alpine
|
||||||
|
command: valkey-server --save 30 1 --loglevel warning
|
||||||
|
restart: unless-stopped
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
- DAC_OVERRIDE
|
||||||
|
volumes:
|
||||||
|
- valkey_data2:/data
|
||||||
|
logging:
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-size: "1m"
|
||||||
|
max-file: "1"
|
||||||
|
networks:
|
||||||
|
- searxng
|
||||||
|
deploy:
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.labels.valkey.redis == true
|
||||||
|
|
||||||
|
searxng:
|
||||||
|
image: docker.io/searxng/searxng:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LIMITER=true
|
||||||
|
- SEARXNG_BASE_URL=https://search.${DOMAIN}/
|
||||||
|
volumes:
|
||||||
|
- /var/data/config/searxng:/etc/searxng:rw
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
logging:
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-size: "1m"
|
||||||
|
max-file: "1"
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
networks:
|
||||||
|
- searxng
|
||||||
|
- traefik-public
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.docker.network=traefik-public
|
||||||
|
- traefik.constraint-label=traefik-public
|
||||||
|
- traefik.http.routers.searxng-rtr.entrypoints=https
|
||||||
|
- traefik.http.routers.searxng-rtr.rule=Host(`search.${DOMAIN}`)
|
||||||
|
- traefik.http.routers.searxng-rtr.middlewares=xbot
|
||||||
|
- traefik.http.routers.searxng-rtr.tls.certresolver=le
|
||||||
|
- traefik.http.routers.searxng-rtr.service=searxng-svc
|
||||||
|
- traefik.http.services.searxng-svc.loadbalancer.server.port=8080
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
# This configuration file updates the default configuration file
|
||||||
|
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||||
|
|
||||||
|
[botdetection.ip_limit]
|
||||||
|
# activate link_token method in the ip_limit method
|
||||||
|
link_token = true
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
|
||||||
|
use_default_settings: true
|
||||||
|
server:
|
||||||
|
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
|
||||||
|
secret_key: "ultrasecretkey" # change this!
|
||||||
|
limiter: true # can be disabled for a private instance
|
||||||
|
image_proxy: true
|
||||||
|
ui:
|
||||||
|
static_use_hash: true
|
||||||
|
redis:
|
||||||
|
url: redis://redis_valkey:6379/0
|
||||||
Reference in New Issue
Block a user