Merge pull request #216 from return42/fix-searx.sh

normalize environment of installation tasks (shell) with YAML settings
This commit is contained in:
Markus Heiser 2021-07-27 05:32:57 +00:00 committed by GitHub
commit beff764d74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 703 additions and 281 deletions

View file

@ -2,48 +2,40 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck shell=bash disable=SC2034 # shellcheck shell=bash disable=SC2034
# #
# This environment is used by ./utils scripts like filtron.sh or searx.sh. The # This file should be edited only ones just before the installation of any
# default values are *most flexible* and *best maintained*, you normally not # service is done. After the installation of the searx service a copy of this
# need to change the defaults (except PUBLIC_URL). # file is placed into the $SEARX_SRC of the instance, e.g.::
# #
# Before you change any value here you have to uninstall any previous # /usr/local/searx/searx-src/.config.sh
# installation. Further is it recommended to backup your changes simply by
# adding them to you local brand (git branch)::
# #
# git add .config # .. hint::
#
# Before you change a value here, You have to fully uninstall any previous
# installation of searx, morty and filtron services!
# The public URL of the searx instance: PUBLIC_URL="https://mydomain.xy/searx" # utils/searx.sh
# The default is taken from ./utils/brand.env. # --------------
PUBLIC_URL="${SEARX_URL}" # The setup of the SearXNG instance is done in the settings.yml
# (SEARX_SETTINGS_PATH). Read the remarks in [1] carefully and don't forget to
# rebuild instance's environment (make buildenv) if needed. The settings.yml
# file of an already installed instance is shown by::
#
# $ ./utils/searx.sh --help
# ---- SearXNG instance setup (already installed)
# SEARX_SETTINGS_PATH : /etc/searx/settings.yml
# SEARX_SRC : /usr/local/searx/searx-src
#
# [1] https://searxng.github.io/searxng/admin/engines/settings.html
if [[ ${PUBLIC_URL} == "https://searx.me" ]]; then # utils/filtron.sh
# hint: Linux containers do not have DNS entries, lets use IPs # ----------------
PUBLIC_URL="http://$(primary_ip)/searx"
fi
# searx.sh
# ---------
# SEARX_INTERNAL_HTTP="127.0.0.1:8888"
# SEARX_SETTINGS_TEMPLATE="${REPO_ROOT}/utils/templates/etc/searx/use_default_settings.yml"
# Only change, if you maintain a searx brand in your searx fork (GIT_URL) which
# is not hold by branch 'master'. The branch has to be a local branch, in the
# repository from which you install (which is most often the case). If you want
# to install branch 'foo', don't forget to run 'git branch foo origin/foo' once.
# GIT_BRANCH="${GIT_BRANCH:-master}"
# filtron.sh
# ----------
# FILTRON_API="127.0.0.1:4005" # FILTRON_API="127.0.0.1:4005"
# FILTRON_LISTEN="127.0.0.1:4004" # FILTRON_LISTEN="127.0.0.1:4004"
# FILTRON_TARGET="127.0.0.1:8888"
# FILTRON_RULES_TEMPLATE="${REPO_ROOT}/utils/templates/etc/searx/use_default_settings.yml"
# morty.sh # utils/morty.sh
# -------- # --------------
# morty listen address # morty listen address
# MORTY_LISTEN="127.0.0.1:3000" # MORTY_LISTEN="127.0.0.1:3000"

View file

@ -63,6 +63,7 @@ test.shell:
utils/brand.env \ utils/brand.env \
$(MTOOLS) \ $(MTOOLS) \
utils/lib.sh \ utils/lib.sh \
utils/lib_install.sh \
utils/lib_static.sh \ utils/lib_static.sh \
utils/filtron.sh \ utils/filtron.sh \
utils/searx.sh \ utils/searx.sh \

View file

@ -87,7 +87,7 @@ HTML of the site. URL of the searx instance and values are customizable.
.. code:: html .. code:: html
<form method="post" action="https://searx.me/"> <form method="post" action="https://example.org/">
<!-- search --> <input type="text" name="q" /> <!-- search --> <input type="text" name="q" />
<!-- categories --> <input type="hidden" name="categories" value="general,social media" /> <!-- categories --> <input type="hidden" name="categories" value="general,social media" />
<!-- language --> <input type="hidden" name="lang" value="all" /> <!-- language --> <input type="hidden" name="lang" value="all" />

View file

@ -37,16 +37,11 @@ see how you can simplify your *user defined* ``settings.yml``.
Global Settings Global Settings
=============== ===============
``general:`` .. _settings global brand:
``brand:``
------------ ------------
.. code:: yaml
general:
debug: false # Debug mode, only for development
instance_name: "searxng" # displayed name
contact_url: false # mailto:contact@example.com
.. code:: yaml .. code:: yaml
brand: brand:
@ -57,22 +52,47 @@ Global Settings
public_instances: https://searx.space public_instances: https://searx.space
wiki_url: https://github.com/searxng/searxng/wiki wiki_url: https://github.com/searxng/searxng/wiki
``debug`` : .. sidebar:: buildenv
Changing a value tagged by :ref:`buildenv <make buildenv>`, needs to
rebuild instance's environment :ref:`utils/brand.env <make buildenv>`.
``git_url`` & ``git_branch`` : :ref:`buildenv GIT_URL & GIT_BRANCH <make buildenv>`
Changes this, to point to your searx fork (branch).
``issue_url`` :
If you host your own issue tracker change this URL.
``docs_url`` :
If you host your own documentation change this URL.
``public_instances`` :
If you host your own https://searx.space change this URL.
``wiki_url`` :
Link to your wiki (or ``false``)
.. _settings global general:
``general:``
------------
.. code:: yaml
general:
debug: false # Debug mode, only for development
instance_name: "searxng" # displayed name
contact_url: false # mailto:contact@example.com
``debug`` : ``$SEARX_DEBUG``
Allow a more detailed log if you run searx directly. Display *detailed* error Allow a more detailed log if you run searx directly. Display *detailed* error
messages in the browser too, so this must be deactivated in production. messages in the browser too, so this must be deactivated in production.
``contact_url``: ``contact_url``:
Contact ``mailto:`` address or WEB form. Contact ``mailto:`` address or WEB form.
``git_url`` and ``git_branch``:
Changes this, to point to your searx fork (branch).
``docs_url``
If you host your own documentation, change this URL.
``wiki_url``:
Link to your wiki (or ``false``)
.. _settings global server:
``server:`` ``server:``
----------- -----------
@ -80,10 +100,10 @@ Global Settings
.. code:: yaml .. code:: yaml
server: server:
base_url: false # set custom base_url (or false)
port: 8888 port: 8888
bind_address: "127.0.0.1" # address to listen on bind_address: "127.0.0.1" # address to listen on
secret_key: "ultrasecretkey" # change this! secret_key: "ultrasecretkey" # change this!
base_url: false # set custom base_url (or false)
image_proxy: false # proxying image results through searx image_proxy: false # proxying image results through searx
default_locale: "" # default interface locale default_locale: "" # default interface locale
default_theme: oscar # ui theme default_theme: oscar # ui theme
@ -94,17 +114,24 @@ Global Settings
X-Robots-Tag : noindex, nofollow X-Robots-Tag : noindex, nofollow
Referrer-Policy : no-referrer Referrer-Policy : no-referrer
``port`` & ``bind_address``: .. sidebar:: buildenv
Changing a value tagged by :ref:`buildenv <make buildenv>`, needs to
rebuild instance's environment :ref:`utils/brand.env <make buildenv>`.
``base_url`` : :ref:`buildenv SEARX_URL <make buildenv>`
The base URL where searx is deployed. Used to create correct inbound links.
If you change the value, don't forget to rebuild instance's environment
(:ref:`utils/brand.env <make buildenv>`)
``port`` & ``bind_address``: :ref:`buildenv SEARX_PORT & SEARX_BIND_ADDRESS <make buildenv>`
Port number and *bind address* of the searx web application if you run it Port number and *bind address* of the searx web application if you run it
directly using ``python searx/webapp.py``. Doesn't apply to searx running on directly using ``python searx/webapp.py``. Doesn't apply to searx running on
Apache or Nginx. Apache or Nginx.
``secret_key`` : ``secret_key`` : ``$SEARX_SECRET``
Used for cryptography purpose. Used for cryptography purpose.
``base_url`` :
The base URL where searx is deployed. Used to create correct inbound links.
``image_proxy`` : ``image_proxy`` :
Allow your instance of searx of being able to proxy images. Uses memory space. Allow your instance of searx of being able to proxy images. Uses memory space.

View file

@ -94,7 +94,7 @@ For a *minimal setup*, configure like shown below replace ``searx@$(uname
.. group-tab:: Use default settings .. group-tab:: Use default settings
.. literalinclude:: ../../utils/templates/etc/searx/use_default_settings.yml .. literalinclude:: ../../utils/templates/etc/searx/settings.yml
:language: yaml :language: yaml
.. group-tab:: searx/settings.yml .. group-tab:: searx/settings.yml

View file

@ -134,7 +134,7 @@ ${fedora_build}
.. code-block:: sh .. code-block:: sh
$ sudo -H mkdir -p \"$(dirname ${SEARX_SETTINGS_PATH})\" $ sudo -H mkdir -p \"$(dirname ${SEARX_SETTINGS_PATH})\"
$ sudo -H cp \"$SEARX_SRC/utils/templates/etc/searx/use_default_settings.yml\" \\ $ sudo -H cp \"$SEARX_SRC/utils/templates/etc/searx/settings.yml\" \\
\"${SEARX_SETTINGS_PATH}\" \"${SEARX_SETTINGS_PATH}\"
.. group-tab:: searx/settings.yml .. group-tab:: searx/settings.yml
@ -152,7 +152,6 @@ ${fedora_build}
.. code-block:: sh .. code-block:: sh
$ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \"$SEARX_SETTINGS_PATH\" $ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \"$SEARX_SETTINGS_PATH\"
$ sudo -H sed -i -e \"s/{instance_name}/searx@\$(uname -n)/g\" \"$SEARX_SETTINGS_PATH\"
.. END searx config .. END searx config

View file

@ -81,6 +81,40 @@ the check fails if you edit the requirements listed in
If you think, something goes wrong with your ./local environment or you change If you think, something goes wrong with your ./local environment or you change
the :origin:`setup.py` file, you have to call :ref:`make clean`. the :origin:`setup.py` file, you have to call :ref:`make clean`.
.. _make buildenv:
``make buildenv``
=================
Rebuild instance's environment with the modified settings from the
:ref:`settings global brand` and :ref:`settings global server` section of your
:ref:`settings.yml <settings location>`.
We have all SearXNG setups are centralized in the :ref:`settings.yml` file.
This setup is available as long we are in a *installed instance*. E.g. the
*installed instance* on the server or the *installed developer instance* at
``./local`` (the later one is created by a :ref:`make install <make
install>` or :ref:`make run <make run>`).
Tasks running outside of an *installed instance*, especially those tasks and
scripts running at (pre-) installation time do not have access to the SearXNG
setup (from a *installed instance*). Those tasks need a *build environment*.
The ``make buildenv`` target will update the *build environment* in:
- :origin:`utils/brand.env`
Tasks running outside of an *installed instance*, need the following settings
from the YAML configuration:
- ``GIT_URL`` from :ref:`brand.git_url <settings global brand>`
- ``GIT_BRANCH`` from :ref:`brand.git_branch <settings global brand>`
- ``SEARX_URL`` from :ref:`server.base_url <settings global server>` (aka
``PUBLIC_URL``)
- ``SEARX_BIND_ADDRESS`` from :ref:`server.bind_address <settings global server>`
- ``SEARX_PORT`` from :ref:`server.port <settings global server>`
.. _make run: .. _make run:
``make run`` ``make run``

22
manage
View file

@ -105,11 +105,32 @@ fi
export DOCS_BUILD export DOCS_BUILD
buildenv() { buildenv() {
# settings file from repository's working tree are used by default
SEARX_SETTINGS_PATH="${REPO_ROOT}/searx/settings.yml"
if [ -r '/etc/searx/settings.yml' ]; then
if ask_yn "should settings read from: /etc/searx/settings.yml"; then
SEARX_SETTINGS_PATH='/etc/searx/settings.yml'
fi
fi
export SEARX_SETTINGS_PATH
SEARX_DEBUG=1 pyenv.cmd python utils/build_env.py 2>&1 \ SEARX_DEBUG=1 pyenv.cmd python utils/build_env.py 2>&1 \
| prefix_stdout "${_Blue}BUILDENV${_creset} " | prefix_stdout "${_Blue}BUILDENV${_creset} "
return "${PIPESTATUS[0]}" return "${PIPESTATUS[0]}"
} }
buildenv.unset_env(){
# Some defaults in the settings.yml are taken from the environment,
# e.g. SEARX_BIND_ADDRESS (:py:obj:`searx.settings_defaults.SHEMA`). In
# some tasks (e.g. test.robot) we do not want these envorionment applied.
unset GIT_URL
unset GIT_BRANCH
unset SEARX_URL
unset SEARX_PORT
unset SEARX_BIND_ADDRESS
}
babel.compile() { babel.compile() {
build_msg BABEL compile build_msg BABEL compile
pyenv.cmd pybabel compile -d "${REPO_ROOT}/searx/translations" pyenv.cmd pybabel compile -d "${REPO_ROOT}/searx/translations"
@ -471,6 +492,7 @@ test.coverage() {
test.robot() { test.robot() {
build_msg TEST 'robot' build_msg TEST 'robot'
buildenv.unset_env
gecko.driver gecko.driver
PYTHONPATH=. pyenv.cmd python searx/testing.py robot PYTHONPATH=. pyenv.cmd python searx/testing.py robot
dump_return $? dump_return $?

View file

@ -4,13 +4,16 @@ general:
contact_url: false # mailto:contact@example.com contact_url: false # mailto:contact@example.com
brand: brand:
git_url: https://github.com/searxng/searxng
git_branch: master
issue_url: https://github.com/searxng/searxng/issues
new_issue_url: https://github.com/searxng/searxng/issues/new new_issue_url: https://github.com/searxng/searxng/issues/new
docs_url: https://searxng.github.io/searxng docs_url: https://searxng.github.io/searxng
public_instances: https://searx.space public_instances: https://searx.space
wiki_url: https://github.com/searxng/searxng/wiki wiki_url: https://github.com/searxng/searxng/wiki
issue_url: https://github.com/searxng/searxng/issues
# If you change a value below don't forget to rebuild instance's enviroment
# (make buildenv)
git_url: https://github.com/return42/searxng
git_branch: fix-searx.sh
search: search:
# Filter results. 0: None, 1: Moderate, 2: Strict # Filter results. 0: None, 1: Moderate, 2: Strict
@ -30,13 +33,16 @@ search:
formats: [html, csv, json, rss] formats: [html, csv, json, rss]
server: server:
port: 8888 # If you change port, bind_address or base_url don't forget to rebuild
# address to listen on # instance's enviroment (make buildenv)
bind_address: "127.0.0.1" port: 7777
bind_address: "127.0.0.12"
base_url: false # Possible values: false or "https://example.org/location".
# If your instance owns a /etc/searx/settings.yml file, then set the following
# values there.
secret_key: "ultrasecretkey" # change this! secret_key: "ultrasecretkey" # change this!
# Set custom base_url. Possible values:
# false or "https://your.custom.host/location/"
base_url: false
# Proxying image results through searx # Proxying image results through searx
image_proxy: false image_proxy: false
# 1.0 and 1.1 are supported # 1.0 and 1.1 are supported

View file

@ -147,7 +147,7 @@ SCHEMA = {
'formats': SettingsValue(list, OUTPUT_FORMATS), 'formats': SettingsValue(list, OUTPUT_FORMATS),
}, },
'server': { 'server': {
'port': SettingsValue(int, 8888), 'port': SettingsValue((int,str), 8888, 'SEARX_PORT'),
'bind_address': SettingsValue(str, '127.0.0.1', 'SEARX_BIND_ADDRESS'), 'bind_address': SettingsValue(str, '127.0.0.1', 'SEARX_BIND_ADDRESS'),
'secret_key': SettingsValue(str, environ_name='SEARX_SECRET'), 'secret_key': SettingsValue(str, environ_name='SEARX_SECRET'),
'base_url': SettingsValue((False, str), False), 'base_url': SettingsValue((False, str), False),

View file

@ -1,8 +1,5 @@
export GIT_URL='https://github.com/return42/searxng'
export GIT_BRANCH='fix-searx.sh'
export SEARX_URL='' export SEARX_URL=''
export GIT_URL='https://github.com/searxng/searxng' export SEARX_PORT='7777'
export GIT_BRANCH='master' export SEARX_BIND_ADDRESS='127.0.0.12'
export ISSUE_URL='https://github.com/searxng/searxng/issues'
export DOCS_URL='https://searxng.github.io/searxng'
export PUBLIC_INSTANCES='https://searx.space'
export CONTACT_URL=''
export WIKI_URL='https://github.com/searxng/searxng/wiki'

View file

@ -9,15 +9,12 @@ from os.path import realpath, dirname, join, sep, abspath
repo_root = realpath(dirname(realpath(__file__)) + sep + '..') repo_root = realpath(dirname(realpath(__file__)) + sep + '..')
sys.path.insert(0, repo_root) sys.path.insert(0, repo_root)
os.environ['SEARX_SETTINGS_PATH'] = abspath(dirname(__file__) + '/settings.yml')
# Under the assumption that a brand is always a fork assure that the settings # Under the assumption that a brand is always a fork assure that the settings
# file from reposetorie's working tree is used to generate the build_env, not # file from reposetorie's working tree is used to generate the build_env, not
# from /etc/searx/settings.yml. # from /etc/searx/settings.yml.
os.environ['SEARX_SETTINGS_PATH'] = abspath(dirname(__file__) + sep + 'settings.yml') os.environ['SEARX_SETTINGS_PATH'] = abspath(dirname(__file__) + sep + 'settings.yml')
from searx import get_setting
def _env(*arg, **kwargs): def _env(*arg, **kwargs):
val = get_setting(*arg, **kwargs) val = get_setting(*arg, **kwargs)
if val is True: if val is True:
@ -26,20 +23,42 @@ def _env(*arg, **kwargs):
val = '' val = ''
return val return val
# If you add or remove variables here, do not forgett to update:
# - ./docs/admin/engines/settings.rst
# - ./docs/dev/makefile.rst (section make buildenv)
# - ./manage function buildenv.unset_env()
name_val = [ name_val = [
('SEARX_URL' , _env('server.base_url','')),
('GIT_URL' , _env('brand.git_url', '')), ('GIT_URL' , 'brand.git_url'),
('GIT_BRANCH' , _env('brand.git_branch', '')), ('GIT_BRANCH' , 'brand.git_branch'),
('ISSUE_URL' , _env('brand.issue_url', '')),
('DOCS_URL' , _env('brand.docs_url', '')), ('SEARX_URL' , 'server.base_url'),
('PUBLIC_INSTANCES' , _env('brand.public_instances', '')), ('SEARX_PORT' , 'server.port'),
('CONTACT_URL' , _env('general.contact_url', '')), ('SEARX_BIND_ADDRESS' , 'server.bind_address'),
('WIKI_URL' , _env('brand.wiki_url', '')),
] ]
brand_env = 'utils' + sep + 'brand.env' brand_env = 'utils' + sep + 'brand.env'
print('build %s' % brand_env) # Some defaults in the settings.yml are taken from the environment,
# e.g. SEARX_BIND_ADDRESS (:py:obj:`searx.settings_defaults.SHEMA`). When the
# 'brand.env' file is created these enviroment variables should be unset first::
_unset = object()
for name, option in name_val:
if not os.environ.get(name, _unset) is _unset:
del os.environ[name]
# After the variables are unset in the environ, we can import settings
# (get_setting) from searx module.
from searx import get_setting
print('build %s (settings from: %s)' % (brand_env, os.environ['SEARX_SETTINGS_PATH']))
sys.path.insert(0, repo_root)
from searx import settings
with open(repo_root + sep + brand_env, 'w', encoding='utf-8') as f: with open(repo_root + sep + brand_env, 'w', encoding='utf-8') as f:
for name, val in name_val: for name, option in name_val:
print("export %s='%s'" % (name, val), file=f) print("export %s='%s'" % (name, _env(option)), file=f)

View file

@ -1,21 +1,16 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC2119,SC2001 # shellcheck disable=SC2001
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/brand.env # shellcheck source=utils/lib_install.sh
source "${REPO_ROOT}/utils/brand.env" source "${REPO_ROOT}/utils/lib_install.sh"
source_dot_config
source "${REPO_ROOT}/utils/lxc-searx.env"
in_container && lxc_set_suite_env
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# config # config
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}" PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}"
FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \ FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \
@ -28,7 +23,12 @@ FILTRON_RULES_TEMPLATE="${FILTRON_RULES_TEMPLATE:-${REPO_ROOT}/utils/templates/e
FILTRON_API="${FILTRON_API:-127.0.0.1:4005}" FILTRON_API="${FILTRON_API:-127.0.0.1:4005}"
FILTRON_LISTEN="${FILTRON_LISTEN:-127.0.0.1:4004}" FILTRON_LISTEN="${FILTRON_LISTEN:-127.0.0.1:4004}"
FILTRON_TARGET="${FILTRON_TARGET:-127.0.0.1:8888}"
# The filtron target is the SearXNG installation, listenning on server.port at
# server.bind_address. The default of FILTRON_TARGET is taken from the YAML
# configuration, do not change this value without reinstalling the entire
# SearXNG suite including filtron & morty.
FILTRON_TARGET="${SEARX_BIND_ADDRESS}:${SEARX_PORT}"
SERVICE_NAME="filtron" SERVICE_NAME="filtron"
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
@ -94,28 +94,17 @@ apache (${PUBLIC_URL})
nginx (${PUBLIC_URL}) nginx (${PUBLIC_URL})
:install: nginx site with a reverse proxy (ProxyPass) :install: nginx site with a reverse proxy (ProxyPass)
:remove: nginx site ${NGINX_FILTRON_SITE} :remove: nginx site ${NGINX_FILTRON_SITE}
filtron rules: ${FILTRON_RULES_TEMPLATE} filtron rules: ${FILTRON_RULES_TEMPLATE}
---- sourced ${DOT_CONFIG} :
If needed, set PUBLIC_URL of your WEB service in the '${DOT_CONFIG#"$REPO_ROOT/"}' file::
PUBLIC_URL : ${PUBLIC_URL}
PUBLIC_HOST : ${PUBLIC_HOST}
SERVICE_USER : ${SERVICE_USER} SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
FILTRON_TARGET : ${FILTRON_TARGET} FILTRON_TARGET : ${FILTRON_TARGET}
FILTRON_API : ${FILTRON_API} FILTRON_API : ${FILTRON_API}
FILTRON_LISTEN : ${FILTRON_LISTEN} FILTRON_LISTEN : ${FILTRON_LISTEN}
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
EOF EOF
if in_container; then
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env) install_log_searx_instance
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
echo " container URL (IPv6): http://[${ip#*|}]:4005/"
else
# IPv4:
echo " container URL (IPv4): http://${ip#*|}:4005/"
fi
done
fi
[[ -n ${1} ]] && err_msg "$1" [[ -n ${1} ]] && err_msg "$1"
} }
@ -349,16 +338,15 @@ inspect_service() {
cat <<EOF cat <<EOF
sourced ${DOT_CONFIG#"$REPO_ROOT/"} : sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
PUBLIC_URL : ${PUBLIC_URL} SERVICE_HOME : ${SERVICE_HOME}
PUBLIC_HOST : ${PUBLIC_HOST} FILTRON_TARGET : ${FILTRON_TARGET}
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
FILTRON_API : ${FILTRON_API} FILTRON_API : ${FILTRON_API}
FILTRON_LISTEN : ${FILTRON_LISTEN} FILTRON_LISTEN : ${FILTRON_LISTEN}
FILTRON_TARGET : ${FILTRON_TARGET} FILTRON_URL_PATH : ${FILTRON_URL_PATH}
EOF EOF
install_log_searx_instance
if service_account_is_available "$SERVICE_USER"; then if service_account_is_available "$SERVICE_USER"; then
info_msg "service account $SERVICE_USER available." info_msg "service account $SERVICE_USER available."

View file

@ -462,11 +462,11 @@ install_template() {
fi fi
if [[ -f "${dst}" ]] && cmp --silent "${template_file}" "${dst}" ; then if [[ -f "${dst}" ]] && cmp --silent "${template_file}" "${dst}" ; then
info_msg "file ${dst} allready installed" info_msg "file ${dst} already installed"
return 0 return 0
fi fi
info_msg "diffrent file ${dst} allready exists on this host" info_msg "different file ${dst} already exists on this host"
while true; do while true; do
choose_one _reply "choose next step with file $dst" \ choose_one _reply "choose next step with file $dst" \
@ -1642,7 +1642,7 @@ git_clone() {
# git_clone <url> <path> [<branch> [<user>]] # git_clone <url> <path> [<branch> [<user>]]
# #
# First form uses $CACHE/<name> as destination folder, second form clones # First form uses $CACHE/<name> as destination folder, second form clones
# into <path>. If repository is allready cloned, pull from <branch> and # into <path>. If repository is already cloned, pull from <branch> and
# update working tree (if needed, the caller has to stash local changes). # update working tree (if needed, the caller has to stash local changes).
# #
# git clone https://github.com/searxng/searxng searx-src origin/master searxlogin # git clone https://github.com/searxng/searxng searx-src origin/master searxlogin

199
utils/lib_install.sh Executable file
View file

@ -0,0 +1,199 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: AGPL-3.0-or-later
# https://github.com/koalaman/shellcheck/issues/356#issuecomment-853515285
# shellcheck source=utils/lib.sh
. /dev/null
# Initialize installation procedures:
#
# - Modified source_dot_config function that
# - loads .config.sh from an existing installation (at SEARX_SRC).
# - initialize **SEARX_SRC_INIT_FILES**
# - functions like:
# - install_log_searx_instance()
# - install_searx_get_state()
#
# usage:
# source lib_install.sh
#
# **Installation scripts**
#
# The utils/lib_install.sh is sourced by the installations scripts:
#
# - utils/searx.sh
# - utils/morty.sh
# - utils/filtron.sh
#
# If '${SEARX_SRC}/.config.sh' exists, the modified source_dot_config() function
# loads this configuration (instead of './.config.sh').
# **SEARX_SRC_INIT_FILES**
#
# Array of file names to sync into a installation at $SEARX_SRC. The file names
# are relative to the $REPO_ROOT. Set by function init_SEARX_SRC_INIT_FILES().
# Most often theses are files like:
# - .config.sh
# - searx/settings.yml
# - utils/brand.env
# - ...
SEARX_SRC_INIT_FILES=()
eval orig_"$(declare -f source_dot_config)"
source_dot_config() {
# Modified source_dot_config function that
# - loads .config.sh from an existing installation (at SEARX_SRC).
# - initialize SEARX_SRC_INIT_FILES
if [ -z "$eval_SEARX_SRC" ]; then
export eval_SEARX_SRC='true'
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
SEARX_PYENV=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_PYENV)
SEARX_SETTINGS_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SETTINGS_PATH)
if [ ! -r "${SEARX_SRC}" ]; then
info_msg "not yet cloned: ${SEARX_SRC}"
orig_source_dot_config
return 0
fi
info_msg "using instance at: ${SEARX_SRC}"
# set and log DOT_CONFIG
if [ -r "${SEARX_SRC}/.config.sh" ]; then
info_msg "switching to ${SEARX_SRC}/.config.sh"
DOT_CONFIG="${SEARX_SRC}/.config.sh"
else
info_msg "using local config: ${DOT_CONFIG}"
fi
init_SEARX_SRC_INIT_FILES
fi
}
init_SEARX_SRC_INIT_FILES(){
# init environment SEARX_SRC_INIT_FILES
# Monitor modified files in the working-tree from the local repository, only
# if the local file differs to the corresponding file in the instance. Most
# often theses are files like:
#
# - .config.sh
# - searx/settings.yml
# - utils/brand.env
# - ...
# keep list empty if there is no installation
SEARX_SRC_INIT_FILES=()
if [ ! -r "$SEARX_SRC" ]; then
return 0
fi
local fname
local msg=""
# Monitor local modified files from the repository, only if the local file
# differs to the corresponding file in the instance
while IFS= read -r fname; do
if [ -z "$fname" ]; then
continue
fi
if [ -r "${SEARX_SRC}/${fname}" ]; then
# diff "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"
if ! cmp --silent "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"; then
SEARX_SRC_INIT_FILES+=("${fname}")
info_msg "local clone (workingtree), modified file: ./$fname"
msg="to update use: sudo -H ./utils/searx.sh install init-src"
fi
fi
done <<< "$(git diff --name-only)"
[ -n "$msg" ] && info_msg "$msg"
}
install_log_searx_instance() {
echo -e "---- SearXNG instance setup ${_BBlue}(status: $(install_searx_get_state))${_creset}"
echo -e " SEARX_SETTINGS_PATH : ${_BBlue}${SEARX_SETTINGS_PATH}${_creset}"
echo -e " SSEARX_PYENV : ${_BBlue}${SEARX_PYENV}${_creset}"
echo -e " SEARX_SRC : ${_BBlue}${SEARX_SRC:-none}${_creset}"
echo -e " SEARX_URL : ${_BBlue}${SEARX_URL:-none}${_creset}"
if in_container; then
# searx is listening on 127.0.0.1 and not available from outside container
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
echo -e "---- container setup"
echo -e " ${_BBlack}HINT:${_creset} searx only listen on loopback device" \
"${_BBlack}inside${_creset} the container."
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
echo " container (IPv6): [${ip#*|}]"
else
# IPv4:
echo " container (IPv4): ${ip#*|}"
fi
done
fi
}
install_searx_get_state(){
# usage: install_searx_get_state
#
# Prompts a string indicating the status of the installation procedure
#
# missing-searx-clone:
# There is no clone at ${SEARX_SRC}
# missing-searx-pyenv:
# There is no pyenv in ${SEARX_PYENV}
# installer-modified:
# There are files modified locally in the installer (clone),
# see ${SEARX_SRC_INIT_FILES} description.
# python-installed:
# Scripts can be executed in instance's environment
# - user: ${SERVICE_USER}
# - pyenv: ${SEARX_PYENV}
if ! [ -r "${SEARX_SRC}" ]; then
echo "missing-searx-clone"
return
fi
if ! [ -f "${SEARX_PYENV}/bin/activate" ]; then
echo "missing-searx-pyenv"
return
fi
if ! [ -r "${SEARX_SETTINGS_PATH}" ]; then
echo "missing-settings"
return
fi
if ! [ ${#SEARX_SRC_INIT_FILES[*]} -eq 0 ]; then
echo "installer-modified"
return
fi
echo "python-installed"
}
# Initialization of the installation procedure
# --------------------------------------------
# shellcheck source=utils/brand.env
source "${REPO_ROOT}/utils/brand.env"
# SEARX_URL aka PUBLIC_URL: the public URL of the instance (e.g.
# "https://example.org/searx"). The value is taken from environment $SEARX_URL
# in ./utils/brand.env. This variable is a empty string if server.base_url in
# the settings.yml is set to 'false'.
SEARX_URL="${SEARX_URL:-http://$(uname -n)}"
if in_container; then
# hint: Linux containers do not have DNS entries, lets use IPs
SEARX_URL="http://$(primary_ip)"
fi
PUBLIC_URL="${SEARX_URL}"
source_dot_config
# shellcheck source=utils/lxc-searx.env
source "${REPO_ROOT}/utils/lxc-searx.env"
in_container && lxc_set_suite_env

View file

@ -568,7 +568,7 @@ check_connectivity() {
info_msg "Most often the connectivity is blocked by a docker installation:" info_msg "Most often the connectivity is blocked by a docker installation:"
info_msg "Whenever docker is started (reboot) it sets the iptables policy " info_msg "Whenever docker is started (reboot) it sets the iptables policy "
info_msg "for the FORWARD chain to DROP, see:" info_msg "for the FORWARD chain to DROP, see:"
info_msg " ${DOCS_URL}/utils/lxc.sh.html#internet-connectivity-docker" info_msg " https://searxng.github.io/searxng/utils/lxc.sh.html#internet-connectivity-docker"
iptables-save | grep ":FORWARD" iptables-save | grep ":FORWARD"
fi fi
return $ret_val return $ret_val

View file

@ -1,15 +1,10 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/brand.env # shellcheck source=utils/lib_install.sh
source "${REPO_ROOT}/utils/brand.env" source "${REPO_ROOT}/utils/lib_install.sh"
source_dot_config
SEARX_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
source "${REPO_ROOT}/utils/lxc-searx.env"
in_container && lxc_set_suite_env
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# config # config
@ -17,7 +12,6 @@ in_container && lxc_set_suite_env
MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}" MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}" PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}"
PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}" PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
@ -86,12 +80,15 @@ apache : ${PUBLIC_URL_MORTY}
nginx (${PUBLIC_URL_MORTY}) nginx (${PUBLIC_URL_MORTY})
:install: nginx site with a reverse proxy (ProxyPass) :install: nginx site with a reverse proxy (ProxyPass)
:remove: nginx site ${NGINX_MORTY_SITE} :remove: nginx site ${NGINX_MORTY_SITE}
----
If needed, set the environment variables in the '${DOT_CONFIG#"$REPO_ROOT/"}' file:: sourced ${DOT_CONFIG} :
PUBLIC_URL_MORTY: ${PUBLIC_URL_MORTY}
MORTY_LISTEN: ${MORTY_LISTEN}
SERVICE_USER : ${SERVICE_USER} SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
MORTY_LISTEN: : ${MORTY_LISTEN}
EOF EOF
install_log_searx_instance
if in_container; then if in_container; then
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env) # in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
for ip in $(global_IPs) ; do for ip in $(global_IPs) ; do
@ -112,8 +109,9 @@ EOF
info_searx() { info_searx() {
# shellcheck disable=SC1117 # shellcheck disable=SC1117
cat <<EOF cat <<EOF
To activate result and image proxy in searx, edit settings.yml (read: To activate result and image proxy in SearXNG read:
${DOCS_URL}/admin/morty.html):: https://searxng.github.io/searxng/admin/morty.html
Check settings in file ${SEARX_SETTINGS_PATH} ...
result_proxy: result_proxy:
url : ${PUBLIC_URL_MORTY} url : ${PUBLIC_URL_MORTY}
server: server:
@ -237,7 +235,7 @@ install_all() {
fi fi
fi fi
info_searx info_searx
if ask_yn "Add image and result proxy to searx settings.yml?" Yn; then if ask_yn "Add image and result proxy to SearXNG settings.yml?" Yn; then
"${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}" "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}"
"${REPO_ROOT}/utils/searx.sh" option image-proxy-on "${REPO_ROOT}/utils/searx.sh" option image-proxy-on
fi fi
@ -335,11 +333,14 @@ inspect_service() {
cat <<EOF cat <<EOF
sourced ${DOT_CONFIG#"$REPO_ROOT/"} : sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
MORTY_LISTEN : ${MORTY_LISTEN} SERVICE_HOME : ${SERVICE_HOME}
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
MORTY_LISTEN: : ${MORTY_LISTEN}
EOF EOF
install_log_searx_instance
if service_account_is_available "$SERVICE_USER"; then if service_account_is_available "$SERVICE_USER"; then
info_msg "service account $SERVICE_USER available." info_msg "service account $SERVICE_USER available."
@ -402,7 +403,7 @@ EOF
} }
enable_debug() { enable_debug() {
warn_msg "Do not enable debug in production enviroments!!" warn_msg "Do not enable debug in production environments!!"
info_msg "Enabling debug option needs to reinstall systemd service!" info_msg "Enabling debug option needs to reinstall systemd service!"
set_service_env_debug true set_service_env_debug true
} }

View file

@ -1,29 +1,22 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC2001 # shellcheck disable=SC2001
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/brand.env
source "${REPO_ROOT}/utils/brand.env" # shellcheck source=utils/lib_install.sh
source_dot_config source "${REPO_ROOT}/utils/lib_install.sh"
source "${REPO_ROOT}/utils/lxc-searx.env"
in_container && lxc_set_suite_env
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# config # config
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}" SEARX_INTERNAL_HTTP="${SEARX_BIND_ADDRESS}:${SEARX_PORT}"
SEARX_INTERNAL_HTTP="${SEARX_INTERNAL_HTTP:-127.0.0.1:8888}"
SEARX_URL_PATH="${SEARX_URL_PATH:-$(echo "${PUBLIC_URL}" \ SEARX_URL_PATH="${SEARX_URL_PATH:-$(echo "${PUBLIC_URL}" \
| sed -e 's,^.*://[^/]*\(/.*\),\1,g')}" | sed -e 's,^.*://[^/]*\(/.*\),\1,g')}"
[[ "${SEARX_URL_PATH}" == "${PUBLIC_URL}" ]] && SEARX_URL_PATH=/ [[ "${SEARX_URL_PATH}" == "${PUBLIC_URL}" ]] && SEARX_URL_PATH=/
SEARX_INSTANCE_NAME="${SEARX_INSTANCE_NAME:-searx@$(echo "$PUBLIC_URL" \
| sed -e 's,^.*://\([^\:/]*\).*,\1,g') }"
SERVICE_NAME="searx" SERVICE_NAME="searx"
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
@ -35,8 +28,7 @@ SERVICE_GROUP="${SERVICE_USER}"
GIT_BRANCH="${GIT_BRANCH:-master}" GIT_BRANCH="${GIT_BRANCH:-master}"
SEARX_PYENV="${SERVICE_HOME}/searx-pyenv" SEARX_PYENV="${SERVICE_HOME}/searx-pyenv"
SEARX_SRC="${SERVICE_HOME}/searx-src" SEARX_SRC="${SERVICE_HOME}/searx-src"
SEARX_SETTINGS_PATH="${SEARX_SETTINGS_PATH:-/etc/searx/settings.yml}" SEARX_SETTINGS_PATH="/etc/searx/settings.yml"
SEARX_SETTINGS_TEMPLATE="${SEARX_SETTINGS_TEMPLATE:-${REPO_ROOT}/utils/templates/etc/searx/use_default_settings.yml}"
SEARX_UWSGI_APP="searx.ini" SEARX_UWSGI_APP="searx.ini"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket" SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
@ -149,12 +141,12 @@ usage() {
cat <<EOF cat <<EOF
usage:: usage::
$(basename "$0") shell $(basename "$0") shell
$(basename "$0") install [all|user|searx-src|pyenv|uwsgi|packages|settings|buildhost] $(basename "$0") install [all|init-src|dot-config|user|searx-src|pyenv|uwsgi|packages|settings|buildhost]
$(basename "$0") update [searx] $(basename "$0") update [searx]
$(basename "$0") remove [all|user|pyenv|searx-src] $(basename "$0") remove [all|user|pyenv|searx-src]
$(basename "$0") activate [service] $(basename "$0") activate [service]
$(basename "$0") deactivate [service] $(basename "$0") deactivate [service]
$(basename "$0") inspect [service] $(basename "$0") inspect [service|settings <key>]
$(basename "$0") option [debug-[on|off]|image-proxy-[on|off]|result-proxy <url> <key>] $(basename "$0") option [debug-[on|off]|image-proxy-[on|off]|result-proxy <url> <key>]
$(basename "$0") apache [install|remove] $(basename "$0") apache [install|remove]
@ -163,48 +155,34 @@ shell
install / remove install / remove
:all: complete (de-) installation of searx service :all: complete (de-) installation of searx service
:user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME) :user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME)
:dot-config: copy ./config.sh to ${SEARX_SRC}
:searx-src: clone $GIT_URL :searx-src: clone $GIT_URL
:init-src: copy files (SEARX_SRC_INIT_FILES) to ${SEARX_SRC}
:pyenv: create/remove virtualenv (python) in $SEARX_PYENV :pyenv: create/remove virtualenv (python) in $SEARX_PYENV
:uwsgi: install searx uWSGI application :uwsgi: install searx uWSGI application
:settings: reinstall settings from ${SEARX_SETTINGS_TEMPLATE} :settings: reinstall settings from ${SEARX_SETTINGS_PATH}
:packages: install needed packages from OS package manager :packages: install needed packages from OS package manager
:buildhost: install packages from OS package manager needed by buildhosts :buildhost: install packages from OS package manager needed by buildhosts
update searx update searx
Update searx installation ($SERVICE_HOME) Update SearXNG installation ($SERVICE_HOME)
activate service activate service
activate and start service daemon (systemd unit) activate and start service daemon (systemd unit)
deactivate service deactivate service
stop and deactivate service daemon (systemd unit) stop and deactivate service daemon (systemd unit)
inspect service inspect
run some small tests and inspect service's status and log :service: run some small tests and inspect service's status and log
:settings: inspect YAML setting <key> from SearXNG instance (${SEARX_SRC})
option option
set one of the available options set one of the available options
apache apache
:install: apache site with the searx uwsgi app :install: apache site with the SearXNG uwsgi app
:remove: apache site ${APACHE_FILTRON_SITE} :remove: apache site ${APACHE_FILTRON_SITE}
---- sourced ${DOT_CONFIG}
searx settings: ${SEARX_SETTINGS_PATH}
If needed, set PUBLIC_URL of your WEB service in the '${DOT_CONFIG#"$REPO_ROOT/"}' file::
PUBLIC_URL : ${PUBLIC_URL}
SEARX_INSTANCE_NAME : ${SEARX_INSTANCE_NAME}
SERVICE_USER : ${SERVICE_USER} SERVICE_USER : ${SERVICE_USER}
SEARX_INTERNAL_HTTP : http://${SEARX_INTERNAL_HTTP} SERVICE_HOME : ${SERVICE_HOME}
EOF EOF
if in_container; then
# searx is listening on 127.0.0.1 and not available from outside container install_log_searx_instance
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
echo -e "${_BBlack}HINT:${_creset} searx only listen on loopback device" \
"${_BBlack}inside${_creset} the container."
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
echo " container (IPv6): [${ip#*|}]"
else
# IPv4:
echo " container (IPv4): ${ip#*|}"
fi
done
fi
[[ -n ${1} ]] && err_msg "$1" [[ -n ${1} ]] && err_msg "$1"
} }
@ -228,21 +206,45 @@ main() {
sudo_or_exit sudo_or_exit
inspect_service inspect_service
;; ;;
settings)
prompt_installation_setting "$3"
dump_return $?
;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
install) install)
rst_title "$SEARX_INSTANCE_NAME" part rst_title "SearXNG (install)" part
sudo_or_exit sudo_or_exit
case $2 in case $2 in
all) install_all ;; all) install_all ;;
user) assert_user ;; user)
pyenv) create_pyenv ;; verify_continue_install
searx-src) clone_searx ;; assert_user
settings) install_settings ;; ;;
pyenv)
verify_continue_install
create_pyenv
;;
searx-src)
verify_continue_install
clone_searx
install_DOT_CONFIG
init_SEARX_SRC
;;
init-src)
init_SEARX_SRC
;;
dot-config)
install_DOT_CONFIG
;;
settings)
install_settings
;;
uwsgi) uwsgi)
verify_continue_install
install_searx_uwsgi install_searx_uwsgi
if ! service_is_available "http://${SEARX_INTERNAL_HTTP}"; then if ! service_is_available "http://${SEARX_INTERNAL_HTTP}"; then
err_msg "URL http://${SEARX_INTERNAL_HTTP} not available, check searx & uwsgi setup!" err_msg "URL http://${SEARX_INTERNAL_HTTP} not available, check SearXNG & uwsgi setup!"
fi fi
;; ;;
packages) packages)
@ -261,6 +263,7 @@ main() {
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
remove) remove)
rst_title "SearXNG (remove)" part
sudo_or_exit sudo_or_exit
case $2 in case $2 in
all) remove_all;; all) remove_all;;
@ -307,13 +310,18 @@ main() {
_service_prefix=" ${_Yellow}|$SERVICE_USER|${_creset} " _service_prefix=" ${_Yellow}|$SERVICE_USER|${_creset} "
install_all() { install_all() {
rst_title "Install $SEARX_INSTANCE_NAME (service)" rst_title "Install SearXNG (service)"
verify_continue_install
pkg_install "$SEARX_PACKAGES" pkg_install "$SEARX_PACKAGES"
wait_key wait_key
assert_user assert_user
wait_key wait_key
clone_searx clone_searx
wait_key wait_key
install_DOT_CONFIG
wait_key
init_SEARX_SRC
wait_key
create_pyenv create_pyenv
wait_key wait_key
install_settings install_settings
@ -322,7 +330,7 @@ install_all() {
wait_key wait_key
install_searx_uwsgi install_searx_uwsgi
if ! service_is_available "http://${SEARX_INTERNAL_HTTP}"; then if ! service_is_available "http://${SEARX_INTERNAL_HTTP}"; then
err_msg "URL http://${SEARX_INTERNAL_HTTP} not available, check searx & uwsgi setup!" err_msg "URL http://${SEARX_INTERNAL_HTTP} not available, check SearXNG & uwsgi setup!"
fi fi
if ask_yn "Do you want to inspect the installation?" Ny; then if ask_yn "Do you want to inspect the installation?" Ny; then
inspect_service inspect_service
@ -330,7 +338,7 @@ install_all() {
} }
update_searx() { update_searx() {
rst_title "Update searx instance" rst_title "Update SearXNG instance"
echo echo
tee_stderr 0.3 <<EOF | sudo -H -u "${SERVICE_USER}" -i 2>&1 | prefix_stdout "$_service_prefix" tee_stderr 0.3 <<EOF | sudo -H -u "${SERVICE_USER}" -i 2>&1 | prefix_stdout "$_service_prefix"
@ -348,13 +356,13 @@ EOF
} }
remove_all() { remove_all() {
rst_title "De-Install $SEARX_INSTANCE_NAME (service)" rst_title "De-Install SearXNG (service)"
rst_para "\ rst_para "\
It goes without saying that this script can only be used to remove It goes without saying that this script can only be used to remove
installations that were installed with this script." installations that were installed with this script."
if ! ask_yn "Do you really want to deinstall $SEARX_INSTANCE_NAME?"; then if ! ask_yn "Do you really want to deinstall SearXNG?"; then
return return
fi fi
remove_searx_uwsgi remove_searx_uwsgi
@ -388,14 +396,14 @@ clone_is_available() {
# shellcheck disable=SC2164 # shellcheck disable=SC2164
clone_searx() { clone_searx() {
rst_title "Clone searx sources" section rst_title "Clone SearXNG sources" section
echo echo
if ! sudo -i -u "$SERVICE_USER" ls -d "$REPO_ROOT" > /dev/null; then if ! sudo -i -u "$SERVICE_USER" ls -d "$REPO_ROOT" > /dev/null; then
die 42 "user '$SERVICE_USER' missed read permission: $REPO_ROOT" die 42 "user '$SERVICE_USER' missed read permission: $REPO_ROOT"
fi fi
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME 2>/dev/null)" SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME 2>/dev/null)"
if [[ ! "${SERVICE_HOME}" ]]; then if [[ ! "${SERVICE_HOME}" ]]; then
err_msg "to clone searx sources, user $SERVICE_USER hast to be created first" err_msg "to clone SearXNG sources, user $SERVICE_USER hast to be created first"
return 42 return 42
fi fi
if [[ ! $(git show-ref "refs/heads/${GIT_BRANCH}") ]]; then if [[ ! $(git show-ref "refs/heads/${GIT_BRANCH}") ]]; then
@ -421,54 +429,169 @@ EOF
popd > /dev/null popd > /dev/null
} }
install_settings() { prompt_installation_status(){
rst_title "${SEARX_SETTINGS_PATH}" section
if ! clone_is_available; then
err_msg "you have to install searx first"
exit 42
fi
mkdir -p "$(dirname "${SEARX_SETTINGS_PATH}")"
if [[ ! -f "${SEARX_SETTINGS_PATH}" ]]; then local state branch remote remote_url instance_setting
info_msg "install settings ${SEARX_SETTINGS_TEMPLATE}" state="$(install_searx_get_state)"
info_msg " --> ${SEARX_SETTINGS_PATH}" branch="$(git name-rev --name-only HEAD)"
cp "${SEARX_SETTINGS_TEMPLATE}" "${SEARX_SETTINGS_PATH}" remote="$(git config branch."${branch}".remote)"
configure_searx remote_url="$(git config remote."${remote}".url)"
return
fi
rst_para "Diff between origin's setting file (+) and current (-):" case $state in
echo "${SEARX_SETTINGS_PATH}" "${SEARX_SETTINGS_TEMPLATE}" missing-searx-clone)
$DIFF_CMD "${SEARX_SETTINGS_PATH}" "${SEARX_SETTINGS_TEMPLATE}" info_msg "${_BBlue}(status: $(install_searx_get_state))${_creset}"
return 0
local action
choose_one action "What should happen to the settings file? " \
"keep configuration unchanged" \
"use origin settings" \
"start interactive shell"
case $action in
"keep configuration unchanged")
info_msg "leave settings file unchanged"
;; ;;
"use origin settings") *)
backup_file "${SEARX_SETTINGS_PATH}" warn_msg "SearXNG instance already installed at: $SEARX_SRC"
info_msg "install origin settings" warn_msg "status: ${_BBlue}$(install_searx_get_state)${_creset} "
cp "${SEARX_SETTINGS_TEMPLATE}" "${SEARX_SETTINGS_PATH}" instance_setting="$(prompt_installation_setting brand.git_url)"
;; if ! [ "$instance_setting" = "$remote_url" ]; then
"start interactive shell") warn_msg "instance's brand.git_url: '${instance_setting}'" \
backup_file "${SEARX_SETTINGS_PATH}" "differs from local clone's remote URL: ${remote_url}"
echo -e "// exit with [${_BCyan}CTRL-D${_creset}]" fi
sudo -H -i instance_setting="$(prompt_installation_setting brand.git_branch)"
rst_para 'Diff between new setting file (-) and current (+):' if ! [ "$instance_setting" = "$branch" ]; then
echo warn_msg "instance brand.git_branch: ${instance_setting}" \
$DIFF_CMD "${SEARX_SETTINGS_TEMPLATE}" "${SEARX_SETTINGS_PATH}" "differs from local clone's branch: ${branch}"
wait_key fi
return 42
;; ;;
esac esac
} }
verify_continue_install(){
if ! prompt_installation_status; then
MSG="[${_BCyan}KEY${_creset}] to continue installation / [${_BCyan}CTRL-C${_creset}] to exit" \
wait_key
fi
}
prompt_installation_setting(){
# usage: prompt_installation_setting brand.git_url
#
# Prompts the value of the (YAML) setting in the SearXNG instance.
local _state
_state="$(install_searx_get_state)"
case $_state in
python-installed|installer-modified)
sudo -H -u "${SERVICE_USER}" "${SEARX_PYENV}/bin/python" <<EOF
import sys
from searx import get_setting
name = "${1}"
unset = object()
value = get_setting(name, unset)
if value is unset:
sys.stderr.write("error: setting '%s' does not exists\n" % name)
sys.exit(42)
print(value)
sys.exit(0)
EOF
;;
*)
return 42
;;
esac
}
init_SEARX_SRC(){
rst_title "Update instance: ${SEARX_SRC}/" section
if ! clone_is_available; then
err_msg "you have to install SearXNG first"
return 1
fi
init_SEARX_SRC_INIT_FILES
if [ ${#SEARX_SRC_INIT_FILES[*]} -eq 0 ]; then
info_msg "no files registered in SEARX_SRC_INIT_FILES"
return 2
fi
echo
echo "Manipulating files like settings.yml can break existing installation!"
echo "Update instance with file(s) from: ${REPO_ROOT}"
echo
for i in "${SEARX_SRC_INIT_FILES[@]}"; do
echo "- $i"
done
if ! ask_yn "Do you really want to update these files in the instance?" Yn; then
return 42
fi
for fname in "${SEARX_SRC_INIT_FILES[@]}"; do
while true; do
choose_one _reply "choose next step with file ${fname}" \
"leave file unchanged" \
"replace file" \
"diff files" \
"interactive shell"
case $_reply in
"leave file unchanged")
break
;;
"replace file")
info_msg "copy: ${REPO_ROOT}/${fname} --> ${SEARX_SRC}/${fname}"
cp "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"
break
;;
"diff files")
$DIFF_CMD "${SEARX_SRC}/${fname}" "${REPO_ROOT}/${fname}"
;;
"interactive shell")
backup_file "${SEARX_SRC}/${fname}"
echo -e "// edit ${_Red}${dst}${_creset} to your needs"
echo -e "// exit with [${_BCyan}CTRL-D${_creset}]"
sudo -H -u "${SERVICE_USER}" -i
$DIFF_CMD "${SEARX_SRC}/${fname}" "${REPO_ROOT}/${fname}"
echo
echo -e "// ${_BBlack}did you edit file ...${_creset}"
echo -en "// ${_Red}${dst}${_creset}"
if ask_yn "//${_BBlack}... to your needs?${_creset}"; then
break
fi
;;
esac
done
done
}
install_DOT_CONFIG(){
rst_title "Update instance: ${SEARX_SRC}/.config.sh" section
if cmp --silent "${REPO_ROOT}/.config.sh" "${SEARX_SRC}/.config.sh"; then
info_msg "${SEARX_SRC}/.config.sh is up to date"
return 0
fi
diff "${REPO_ROOT}/.config.sh" "${SEARX_SRC}/.config.sh"
if ! ask_yn "Do you want to copy file .config.sh into instance?" Yn; then
return 42
fi
backup_file "${SEARX_SRC}/.config.sh"
cp "${REPO_ROOT}/.config.sh" "${SEARX_SRC}/.config.sh"
}
install_settings() {
rst_title "${SEARX_SETTINGS_PATH}" section
if ! clone_is_available; then
err_msg "you have to install SearXNG first"
exit 42
fi
mkdir -p "$(dirname "${SEARX_SETTINGS_PATH}")"
install_template \
"${SEARX_SETTINGS_PATH}" \
"${SERVICE_USER}" "${SERVICE_GROUP}"
configure_searx
}
remove_settings() { remove_settings() {
rst_title "remove searx settings" section rst_title "remove SearXNG settings" section
echo echo
info_msg "delete ${SEARX_SETTINGS_PATH}" info_msg "delete ${SEARX_SETTINGS_PATH}"
rm -f "${SEARX_SETTINGS_PATH}" rm -f "${SEARX_SETTINGS_PATH}"
@ -476,10 +599,10 @@ remove_settings() {
remove_searx() { remove_searx() {
rst_title "Drop searx sources" section rst_title "Drop searx sources" section
if ask_yn "Do you really want to drop searx sources ($SEARX_SRC)?"; then if ask_yn "Do you really want to drop SearXNG sources ($SEARX_SRC)?"; then
rm -rf "$SEARX_SRC" rm -rf "$SEARX_SRC"
else else
rst_para "Leave searx sources unchanged." rst_para "Leave SearXNG sources unchanged."
fi fi
} }
@ -491,7 +614,7 @@ create_pyenv() {
rst_title "Create virtualenv (python)" section rst_title "Create virtualenv (python)" section
echo echo
if [[ ! -f "${SEARX_SRC}/manage" ]]; then if [[ ! -f "${SEARX_SRC}/manage" ]]; then
err_msg "to create pyenv for searx, searx has to be cloned first" err_msg "to create pyenv for SearXNG, SearXNG has to be cloned first"
return 42 return 42
fi fi
info_msg "create pyenv in ${SEARX_PYENV}" info_msg "create pyenv in ${SEARX_PYENV}"
@ -531,18 +654,17 @@ EOF
} }
configure_searx() { configure_searx() {
rst_title "Configure searx" section rst_title "Configure SearXNG" section
rst_para "Setup searx config located at $SEARX_SETTINGS_PATH" rst_para "Setup SearXNG config located at $SEARX_SETTINGS_PATH"
echo echo
tee_stderr 0.1 <<EOF | sudo -H -i 2>&1 | prefix_stdout "$_service_prefix" tee_stderr 0.1 <<EOF | sudo -H -i 2>&1 | prefix_stdout "$_service_prefix"
cd ${SEARX_SRC} cd ${SEARX_SRC}
sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "$SEARX_SETTINGS_PATH" sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "$SEARX_SETTINGS_PATH"
sed -i -e "s/{instance_name}/${SEARX_INSTANCE_NAME}/g" "$SEARX_SETTINGS_PATH"
EOF EOF
} }
test_local_searx() { test_local_searx() {
rst_title "Testing searx instance localy" section rst_title "Testing SearXNG instance localy" section
echo echo
if service_is_available "http://${SEARX_INTERNAL_HTTP}" &>/dev/null; then if service_is_available "http://${SEARX_INTERNAL_HTTP}" &>/dev/null; then
@ -564,27 +686,27 @@ EOF
} }
install_searx_uwsgi() { install_searx_uwsgi() {
rst_title "Install searx's uWSGI app (searx.ini)" section rst_title "Install SearXNG's uWSGI app (searx.ini)" section
echo echo
install_uwsgi install_uwsgi
uWSGI_install_app "$SEARX_UWSGI_APP" uWSGI_install_app "$SEARX_UWSGI_APP"
} }
remove_searx_uwsgi() { remove_searx_uwsgi() {
rst_title "Remove searx's uWSGI app (searx.ini)" section rst_title "Remove SearXNG's uWSGI app (searx.ini)" section
echo echo
uWSGI_remove_app "$SEARX_UWSGI_APP" uWSGI_remove_app "$SEARX_UWSGI_APP"
} }
activate_service() { activate_service() {
rst_title "Activate $SEARX_INSTANCE_NAME (service)" section rst_title "Activate SearXNG (service)" section
echo echo
uWSGI_enable_app "$SEARX_UWSGI_APP" uWSGI_enable_app "$SEARX_UWSGI_APP"
uWSGI_restart "$SEARX_UWSGI_APP" uWSGI_restart "$SEARX_UWSGI_APP"
} }
deactivate_service() { deactivate_service() {
rst_title "De-Activate $SEARX_INSTANCE_NAME (service)" section rst_title "De-Activate SearXNG (service)" section
echo echo
uWSGI_disable_app "$SEARX_UWSGI_APP" uWSGI_disable_app "$SEARX_UWSGI_APP"
uWSGI_restart "$SEARX_UWSGI_APP" uWSGI_restart "$SEARX_UWSGI_APP"
@ -609,7 +731,7 @@ EOF
} }
enable_debug() { enable_debug() {
warn_msg "Do not enable debug in production enviroments!!" warn_msg "Do not enable debug in production environments!!"
info_msg "try to enable debug mode ..." info_msg "try to enable debug mode ..."
tee_stderr 0.1 <<EOF | sudo -H -i 2>&1 | prefix_stdout "$_service_prefix" tee_stderr 0.1 <<EOF | sudo -H -i 2>&1 | prefix_stdout "$_service_prefix"
cd ${SEARX_SRC} cd ${SEARX_SRC}
@ -680,14 +802,11 @@ inspect_service() {
rst_title "service status & log" rst_title "service status & log"
cat <<EOF cat <<EOF
sourced ${DOT_CONFIG#"$REPO_ROOT/"} : sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
PUBLIC_URL : ${PUBLIC_URL} SERVICE_HOME : ${SERVICE_HOME}
SEARX_URL_PATH : ${SEARX_URL_PATH}
SEARX_INSTANCE_NAME : ${SEARX_INSTANCE_NAME}
SEARX_INTERNAL_HTTP : ${SEARX_INTERNAL_HTTP}
EOF EOF
install_log_searx_instance
if service_account_is_available "$SERVICE_USER"; then if service_account_is_available "$SERVICE_USER"; then
info_msg "Service account $SERVICE_USER exists." info_msg "Service account $SERVICE_USER exists."
@ -702,9 +821,9 @@ EOF
fi fi
if clone_is_available; then if clone_is_available; then
info_msg "~$SERVICE_USER: Searx software is installed." info_msg "~$SERVICE_USER: SearXNG software is installed."
else else
err_msg "~$SERVICE_USER: Missing searx software!" err_msg "~$SERVICE_USER: Missing SearXNG software!"
fi fi
if uWSGI_app_enabled "$SEARX_UWSGI_APP"; then if uWSGI_app_enabled "$SEARX_UWSGI_APP"; then
@ -737,7 +856,7 @@ EOF
fi fi
local _debug_on local _debug_on
if ask_yn "Enable searx debug mode?"; then if ask_yn "Enable SearXNG debug mode?"; then
enable_debug enable_debug
_debug_on=1 _debug_on=1
fi fi
@ -779,7 +898,7 @@ install_apache_site() {
rst_title "Install Apache site $APACHE_SEARX_SITE" rst_title "Install Apache site $APACHE_SEARX_SITE"
rst_para "\ rst_para "\
This installs the searx uwsgi app as apache site. If your server is public to This installs the SearXNG uwsgi app as apache site. If your server is public to
the internet, you should instead use a reverse proxy (filtron) to block the internet, you should instead use a reverse proxy (filtron) to block
excessively bot queries." excessively bot queries."
@ -793,7 +912,7 @@ excessively bot queries."
apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}" apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}"
rst_title "Install searx's uWSGI app (searx.ini)" section rst_title "Install SearXNG's uWSGI app (searx.ini)" section
echo echo
uWSGI_install_app --variant=socket "$SEARX_UWSGI_APP" uWSGI_install_app --variant=socket "$SEARX_UWSGI_APP"
@ -817,7 +936,7 @@ This removes apache site ${APACHE_SEARX_SITE}."
apache_remove_site "${APACHE_SEARX_SITE}" apache_remove_site "${APACHE_SEARX_SITE}"
rst_title "Remove searx's uWSGI app (searx.ini)" section rst_title "Remove SearXNG's uWSGI app (searx.ini)" section
echo echo
uWSGI_remove_app "$SEARX_UWSGI_APP" uWSGI_remove_app "$SEARX_UWSGI_APP"
} }

View file

@ -1,9 +1,14 @@
# SearXNG settings, before editing this file read:
#
# https://searxng.github.io/searxng/admin/engines/settings.html
use_default_settings: true use_default_settings: true
general: general:
debug: false # Debug mode, only for development # Debug mode, only for development
instance_name: "searxng" # displayed name debug: false
contact_url: false # mailto:contact@example.com # change displayed name
# instance_name: "SearXNG"
search: search:
# Filter results. 0: None, 1: Moderate, 2: Strict # Filter results. 0: None, 1: Moderate, 2: Strict
@ -11,24 +16,37 @@ search:
# Existing autocomplete backends: "dbpedia", "duckduckgo", "google", # Existing autocomplete backends: "dbpedia", "duckduckgo", "google",
# "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off # "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
# by default. # by default.
autocomplete: "" autocomplete: ''
# Default search language - leave blank to detect from browser information or # Default search language - leave blank to detect from browser information or
# use codes from 'languages.py' # use codes from 'languages.py'
default_lang: "" default_lang: ''
# remove format to deny access, use lower case. # remove format to deny access, use lower case.
formats: [html, csv, json, rss] formats: [html, csv, json, rss]
server: server:
port: 8888
# address to listen on
bind_address: "127.0.0.1"
secret_key: "ultrasecretkey" # change this! secret_key: "ultrasecretkey" # change this!
# Set custom base_url. Possible values:
# false or "https://your.custom.host/location/"
# base_url: https://example.org/searx
# Proxying image results through searx # Proxying image results through searx
image_proxy: false image_proxy: false
# result_proxy: # result_proxy:
# url: http://127.0.0.1:3000/ # url: http://127.0.0.1:3000/
# key: !!binary "your_morty_proxy_key" # key: !!binary "your_morty_proxy_key"
# plugins:
# - only_show_green_results
# engines:
#
# - name: duckduckgo
# disabled: false
#
# - name: fdroid
# disabled: false
#
# - name: apk mirror
# disabled: false
#
# - name: mediathekviewweb
# engine: mediathekviewweb
# shortcut: mvw
# categories: general