Merge remote-tracking branch 'refs/remotes/upstream/master'

# Conflicts:
#	docker-compose.yaml

.env

@@ -5,10 +5,3 @@
 
 # SEARXNG_HOSTNAME=<host>
 # LETSENCRYPT_EMAIL=<email>
-
-# automatically update settings to the new version
-# comment this line if you made / will make some modifications to the settings
-SEARXNG_COMMAND=-f
-
-# use openssl rand -base64 33
-MORTY_KEY=ReplaceWithARealKey!

.github/workflows/security.yml

@@ -1,27 +0,0 @@
-name: "Security checks"
-on:
-  schedule:
-    - cron: "05 06 * * *"
-  workflow_dispatch:
-
-jobs:
-  dockers:
-    name: Trivy ${{ matrix.image }}
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        image: ["searxng/searxng", "dalf/filtron", "dalf/morty"]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ matrix.image }}:latest'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: false
-          vuln-type: 'os,library'
-          severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'

.gitignore

@@ -3,4 +3,4 @@
 searxng-docker.service
 caddy
 srv
-searx
+searxng/uwsgi.ini

Caddyfile

@@ -11,7 +11,9 @@
 
   @api {
         path /config
-	path /status
+        path /healthz
+        path /stats/errors
+        path /stats/checker
   }
 
   @static {
@@ -22,12 +24,12 @@
         not path /static/*
   }
 
-  @morty {
-        path /morty/*
+  @imageproxy {
+        path /image_proxy
   }
 
-  @notmorty {
-        not path /morty/*
+  @notimageproxy {
+        not path /image_proxy
   }
 
   header {
@@ -40,11 +42,8 @@
         # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
         X-Content-Type-Options "nosniff"
 
-        # Disallow the site to be rendered within a frame (clickjacking protection)
-        X-Frame-Options "SAMEORIGIN"
-
         # Disable some features
-        Permissions-Policy "accelerometer=();ambient-light-sensor=(); autoplay=();camera=();encrypted-media=();focus-without-user-activation=(); geolocation=();gyroscope=();magnetometer=();microphone=();midi=();payment=();picture-in-picture=(); speaker=();sync-xhr=();usb=();vr=()"
+        Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
 
         # Disable some features (legacy)
         Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
@@ -78,29 +77,22 @@
   }
 
   # CSP (see http://content-security-policy.com/ )
-  header @morty {
-	Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; img-src 'self' data:; font-src 'self'; frame-src 'self'"
+  header @imageproxy {
+        Content-Security-Policy "default-src 'none'; img-src 'self' data:"
   }
 
-  header @notmorty {
-        Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
+  header @notimageproxy {
+        Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
   }
 
-  # Morty
-  handle @morty {
-        reverse_proxy localhost:3000
-  }
-
-  # Filtron
+  # SearXNG
   handle {
         encode zstd gzip
 
-        reverse_proxy localhost:4040 {
+        reverse_proxy localhost:8080 {
                header_up X-Forwarded-Port {http.request.port}
                header_up X-Forwarded-Proto {http.request.scheme}
-               header_up X-Forwarded-TlsProto {tls_protocol}
-               header_up X-Forwarded-TlsCipher {tls_cipher}
-               header_up X-Forwarded-HttpsProto {proto}
+               header_up X-Real-IP {remote_host}
         }
   }
 

README.md

@@ -6,24 +6,45 @@ Create a new SearXNG  instance in five minutes using Docker
 
 | Name | Description | Docker image | Dockerfile |
 | -- | -- | -- | -- |
-| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [caddy/caddy:2-alpine](https://hub.docker.com/_/caddy) | [Dockerfile](https://github.com/caddyserver/caddy-docker) |
-| [Filtron](https://github.com/dalf/filtron) |  Filtering reverse HTTP proxy, bot and abuse protection | [dalf/filtron:latest](https://hub.docker.com/r/dalf/filtron) | See [asciimoo/filtron#4](https://github.com/asciimoo/filtron/pull/4) |
-| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself | [searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [Dockerfile](https://github.com/searxng/searxng/blob/master/Dockerfile) |
-| [Morty](https://github.com/dalf/morty) | Privacy aware web content sanitizer proxy as a service. | [dalf/morty:latest](https://hub.docker.com/r/dalf/morty) | [Dockerfile](https://github.com/dalf/morty/blob/master/Dockerfile) |
+| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [docker.io/library/caddy:2-alpine](https://hub.docker.com/_/caddy)           | [Dockerfile](https://github.com/caddyserver/caddy-docker/blob/master/Dockerfile.tmpl) |
+| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself                                              | [docker.io/searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [Dockerfile](https://github.com/searxng/searxng/blob/master/Dockerfile)               |
+| [Valkey](https://github.com/valkey-io/valkey) | In-memory database                                             | [cgr.dev/chainguard/valkey:latest](https://cgr.dev/chainguard/valkey)        | [Valkey-image](https://github.com/chainguard-images/images/tree/main/images/valkey)             |
 
 ## How to use it
+
 - [Install docker](https://docs.docker.com/install/)
-- [Install docker-compose](https://docs.docker.com/compose/install/) (be sure that docker-compose version is at least 1.9.0)
-- only on MacOSX: ```brew install coreutils``` to install ```greadlink```
-- Get searxng-docker:
+- Get searxng-docker
   ```sh
   cd /usr/local
   git clone https://github.com/searxng/searxng-docker.git
   cd searxng-docker
   ```
-- Generate MORTY_KEY ```sed -i "s|ReplaceWithARealKey\!|$(openssl rand -base64 33)|g" .env```
-- Edit the other settings in [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file according to your need
-- Check everything is working: ```./start.sh```
+- Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
+- Generate the secret key `sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
+- Edit the [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) file according to your need
+- Check everything is working: `docker compose up`
+- Run SearXNG in the background: `docker compose up -d`
+
+> [!WARNING]  
+> If you use an older version of docker desktop (`< 3.6.0`), you may have to install Docker Compose v1.
+> Accordingly, you should modify the commands in this documentation to suit Docker Compose v1. For instance, change 'docker compose up' to 'docker-compose up'.
+>
+> [Install the docker-compose plugin](https://docs.docker.com/compose/install/#scenario-two-install-the-compose-plugin) (be sure that docker-compose version is at least 1.9.0)
+
+## How to access the logs
+
+To access the logs from all the containers use: `docker compose logs -f`.
+
+To access the logs of one specific container:
+
+- Caddy: `docker compose logs -f caddy`
+- SearXNG: `docker compose logs -f searxng`
+- Valkey: `docker compose logs -f redis`
+
+### Start SearXNG with systemd
+
+You can skip this step if you don't use systemd.
+
 - ```cp searxng-docker.service.template searxng-docker.service```
 - edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is different from /usr/local/searxng-docker)
 - Install the systemd unit:
@@ -34,35 +55,34 @@ Create a new SearXNG  instance in five minutes using Docker
 
 ## Note on the image proxy feature
 
-The SearXNG image proxy is activated by default using [Morty](https://github.com/dalf/morty).
+The SearXNG image proxy is activated by default.
 
-The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allow the browser to access to {SEARXNG_HOSTNAME} and ```https://*.tile.openstreetmap.org;```.
+The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allow the browser to access to ```${SEARXNG_HOSTNAME}``` and ```https://*.tile.openstreetmap.org;```.
 
-If some users wants to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searxng/searxng-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```.
-
-## Custom docker-compose.yaml
-
-Do not modify docker-compose.yaml otherwise you won't be able to update easily from the git repository.
-
-It is possible to use the [extend feature](https://docs.docker.com/compose/extends/) of docker-compose:
-- stop the service: ```systemctl stop searxng-docker.service```
-- create a new docker-compose-extend.yaml, check with ```start.sh```
-- update searxng-docker.service (see SEARXNG_DOCKERCOMPOSEFILE)
-- restart the service: ```systemctl restart searxng-docker.service```
+If some users want to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searxng/searxng-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```.
 
 ## Multi Architecture Docker images
 
-For now only the amd64 platform is supported.
+Supported architecture:
+
+- amd64
+- arm64
+- arm/v7
 
 ## How to update ?
 
-Check the content of [```update.sh```](https://github.com/searxng/searxng-docker/blob/master/update.sh).
+To update the SearXNG stack:
 
-## Access to the Filtron API
-
-The [Filtron API](https://github.com/dalf/filtron#api) is available on ```http://localhost:4041```.
-
-For example, to display the loaded rules:
+```sh
+git pull
+docker compose pull
+docker compose up -d
 ```
-curl http://localhost:4041/rules | jq
+
+Or the old way (with the old docker-compose version):
+
+```sh
+git pull
+docker-compose pull
+docker-compose up -d
 ```

docker-compose.yaml

@@ -1,86 +1,77 @@
-version: '3.7'
+version: "3.7"
 
 services:
-
   caddy:
     container_name: caddy
-    image: caddy:2-alpine
-    restart: on-failure
+    image: docker.io/library/caddy:2-alpine
     network_mode: host
+    restart: unless-stopped
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile:ro
       - caddy-data:/data:rw
       - caddy-config:/config:rw
     environment:
-      - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-localhost}
+      - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost:80}
       - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
     cap_drop:
       - ALL
     cap_add:
       - NET_BIND_SERVICE
-      - DAC_OVERRIDE
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
 
-  filtron:
-    container_name: filtron
-    image: dalf/filtron
-    restart: always
-    ports:
-      - "127.0.0.1:4040:4040"
-      - "127.0.0.1:4041:4041"
+  redis:
+    container_name: redis
+    image: cgr.dev/chainguard/valkey:latest
+    command: --save 30 1 --loglevel warning
+    restart: unless-stopped
     networks:
       - searxng
-    command: -listen 0.0.0.0:4040 -api 0.0.0.0:4041 -target searxng:8080
     volumes:
-      - ./rules.json:/etc/filtron/rules.json:rw
-    read_only: true
+      - valkey-data:/data
     cap_drop:
       - ALL
+    cap_add:
+      - SETGID
+      - SETUID
+      - DAC_OVERRIDE
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
 
   searxng:
     container_name: searxng
-    image: searxng/searxng:latest
-    restart: always
+    image: docker.io/fauli1221/ponysearch:latest
+    restart: unless-stopped
     networks:
       - searxng
-    command: ${SEARXNG_COMMAND:-}
+    ports:
+      - "127.0.0.1:8080:8080"
     volumes:
       - ./searxng:/etc/searxng:rw
     environment:
-      - BIND_ADDRESS=0.0.0.0:8080
-      - BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
-      - MORTY_URL=https://${SEARXNG_HOSTNAME:-localhost}/morty/
-      - MORTY_KEY=${MORTY_KEY}
+      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
     cap_drop:
       - ALL
     cap_add:
       - CHOWN
       - SETGID
       - SETUID
-      - DAC_OVERRIDE
-
-  morty:
-    container_name: morty
-    image: dalf/morty
-    restart: always
-    ports:
-      - "127.0.0.1:3000:3000"
-    networks:
-      - searxng
-    command: -timeout 6 -ipv6
-    environment:
-      - MORTY_KEY=${MORTY_KEY}
-      - MORTY_ADDRESS=0.0.0.0:3000
     logging:
-      driver: none
-    read_only: true
-    cap_drop:
-      - ALL
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
 
 networks:
   searxng:
-    ipam:
-      driver: default
 
 volumes:
   caddy-data:
   caddy-config:
+  valkey-data:

rules.json

@@ -1,147 +0,0 @@
-[
-    {
-        "name": "searx.space",
-        "filters": ["Header:X-Forwarded-For=nslookup(check.searx.space)"],
-        "stop": true,
-        "actions": [{ "name": "log"}]
-    },
-    {
-        "name": "IP limit, all paths",
-        "interval": 3,
-        "limit": 25,
-        "aggregations": ["Header:X-Forwarded-For"],
-        "actions": [
-            {"name": "block",
-             "params": {"message": "Rate limit exceeded, try again later."}}
-        ]
-    },
-    {
-        "name": "useragent limit, all paths",
-        "interval": 30,
-        "limit": 200,
-        "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
-        "stop": true,
-        "actions": [
-            {"name": "block",
-             "params": {"message": "Rate limit exceeded, try again later."}}
-        ]
-    },
-    {
-        "name": "search request",
-        "filters": ["Param:q", "Path=^(/|/search)$"],
-        "subrules": [
-            {
-                "name": "allow Firefox Android (issue #48 and #60)",
-                "filters": [
-                    "Param:q=^1$",
-                    "Header:User-Agent=(^MozacFetch/[0-9]{2,3}.[0-9].[0-9]+$|^Mozilla/5.0 \\(Android [0-9]{1,2}(.[0-9]{1,2}.[0-9]{1,2})?; Mobile; rv:[0-9]{2,3}.[0-9]\\) Gecko/[0-9]{2,3}.[0-9] Firefox/[0-9]{2,3}.[0-9]$)"
-                ],
-                "stop": true,
-                "actions": [{"name": "log"}]
-            },
-            {
-                "name": "robot agent forbidden",
-                "limit": 0,
-                "stop": true,
-                "filters": ["Header:User-Agent=([Cc][Uu][Rr][Ll]|[wW]get|Scrapy|splash|JavaFX|FeedFetcher|python-requests|Go-http-client|Java|Jakarta|okhttp|HttpClient|Jersey|Python|libwww-perl|Ruby|SynHttpClient|UniversalFeedParser)"],
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "bot forbidden",
-                "limit": 0,
-                "stop": true,
-                "filters": ["Header:User-Agent=(Googlebot|GoogleImageProxy|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT|Sogou|Abonti|Pixray|Spinn3r|SemrushBot|Exabot|ZmEu|BLEXBot|bitlybot)"],
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "block missing accept-language",
-                "filters": ["!Header:Accept-Language"],
-                "limit": 0,
-                "stop": true,
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "block Connection:close",
-                "filters": ["Header:Connection=close"],
-                "limit": 0,
-                "stop": true,
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "block no gzip support",
-                "filters": ["!Header:Accept-Encoding=(^gzip$|^gzip[;,]|[; ]gzip$|[; ]gzip[;,])"],
-                "limit": 0,
-                "stop": true,
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "block no deflate support",
-                "filters": ["!Header:Accept-Encoding=(^deflate$|^deflate[;,]|[; ]deflate$|[; ]deflate[;,])"],
-                "limit": 0,
-                "stop": true,
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "block accept everything",
-                "filters": ["!Header:Accept=text/html"],
-                "limit": 0,
-                "stop": true,
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded"}}
-                ]
-            },
-            {
-                "name": "rss/json limit",
-                "interval": 3600,
-                "limit": 4,
-                "stop": true,
-                "filters": ["Param:format=(csv|json|rss)"],
-                "aggregations": ["Header:X-Forwarded-For"],
-                "actions": [
-                    {"name": "block",
-		     "params": {"message": "Rate limit exceeded, try again later."}}
-                ]
-            },
-            {
-                "name": "IP limit",
-                "interval": 3,
-                "limit": 3,
-                "aggregations": ["Header:X-Forwarded-For"],
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded, try again later."}}
-                ]
-            },
-            {
-                "name": "IP and useragent limit",
-                "interval": 600,
-                "limit": 60,
-                "stop": true,
-                "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
-                "actions": [
-                    {"name": "block",
-                     "params": {"message": "Rate limit exceeded, try again later."}}
-		]
-            }
-        ]
-    }
-]

searxng-docker.service.template

@@ -4,13 +4,13 @@ Requires=docker.service
 After=docker.service
 
 [Service]
-Restart=always
+Restart=on-failure
 
-Environment=SEARXNG_DIR=/usr/local/searxng-docker
 Environment=SEARXNG_DOCKERCOMPOSEFILE=docker-compose.yaml
 
-ExecStart=/bin/sh -c "${SEARXNG_DIR}/start.sh"
-ExecStop=/bin/sh -c "${SEARXNG_DIR}/stop.sh"
+WorkingDirectory=/usr/local/searxng-docker
+ExecStart=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
+ExecStop=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} down
 
 [Install]
 WantedBy=multi-user.target

searxng/limiter.toml

@@ -0,0 +1,6 @@
+# This configuration file updates the default configuration file
+# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
+
+[botdetection.ip_limit]
+# activate link_token method in the ip_limit method
+link_token = true

searxng/settings.yml

@@ -0,0 +1,11 @@
+# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
+use_default_settings: true
+server:
+  # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
+  secret_key: "ultrasecretkey"  # change this!
+  limiter: true  # can be disabled for a private instance
+  image_proxy: true
+ui:
+  static_use_hash: true
+redis:
+  url: redis://redis:6379/0

start.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-READLINK="$(which readlink greadlink | tail -n1)"
-BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
-cd -- "$BASE_DIR"
-
-. ./util.sh
-
-$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down
-$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE rm -fv
-$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE up

stop.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-READLINK="$(which readlink greadlink | tail -n1)"
-BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
-cd -- "$BASE_DIR"
-
-. ./util.sh
-
-$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down

update.sh

@@ -1,93 +0,0 @@
-#!/bin/sh
-#
-# Disclaimer: this is more a documentation than code to execute
-#
-
-# change if require
-SERVICE_NAME="searxng-docker.service"
-
-# change if require :
-# fastforward : only fast-forward
-# rebase : rebase with autostash, at your own risk
-UPDATE_TYPE="fastforward"
-
-READLINK="$(which readlink greadlink | tail -n1)"
-BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
-cd -- "$BASE_DIR"
-
-# check if git presence
-if [ ! -x "$(which git)" ]; then
-    echo "git not found" 1>&2
-    exit 1
-fi
-
-# check if the current user owns the local git repository
-git_owner=$(stat -c '%U' .git)
-if [ "$git_owner" != "$(whoami)" ]; then
-    echo "The .git repository is own by $git_owner" 1>&2
-    exit 1
-fi
-
-# warning if the current branch is not master
-current_branch=$(git rev-parse --abbrev-ref HEAD)
-if [ "$current_branch" != "master" ]; then
-    echo "Warning: master won't be updated, only $current_branch"
-fi
-
-# git fetch first
-git fetch origin master
-
-# is everything already up-to-date ?
-current_commit=$(git rev-parse $current_branch)
-origin_master_commit=$(git rev-parse origin/master)
-if [ "$current_commit" = "$origin_master_commit" ]; then
-    echo "Already up-to-date, commit $current_commit"
-    exit 0
-fi
-
-# docker stuff
-SEARXNG_DOCKERCOMPOSE=$(grep "Environment=SEARXNG_DOCKERCOMPOSEFILE=" "$SERVICE_NAME" | awk -F\= '{ print $3 }')
-. ./util.sh
-
-if [ ! -x "$(which systemctl)" ]; then
-    echo "systemctl not found" 1>&2
-    exit 1
-fi
-
-# stop the systemd service now, because after the update
-# the code might be out of sync with the current running services
-systemctl stop "${SERVICE_NAME}"
-
-# update
-case "$UPDATE_TYPE" in
-    "fastforward")
-	git pull --ff-only origin master
-	;;
-    "rebase")
-	git pull --rebase --autostash origin master
-	;;
-esac
-
-# Check conflicts
-if [ $(git ls-files -u | wc -l) -gt 0 ]; then
-    echo "There are git conflicts"
-else
-    # update docker images
-    docker-compose -f $DOCKERCOMPOSEFILE pull
-
-    # remove dangling images
-    docker rmi $(docker images -f "dangling=true" -q)
-
-    # display SearxNG version
-    SEARXNG_IMAGE=$(cat $DOCKERCOMPOSEFILE | grep "searxng/searxng" | awk '{ print $2 }')
-    SEARXNG_VERSION=$(docker inspect -f '{{index .Config.Labels "org.label-schema.version"}}' $SEARXNG_IMAGE)
-    echo "SearXNG version: $SEARXNG_VERSION"
-    docker images --digests "searxng/*:latest"
-
-    # update SearxNG configuration
-    source ./.env
-    docker-compose -f $DOCKERCOMPOSEFILE run searxng ${SEARXNG_COMMAND} -d
-
-    # let the user see
-    echo "Use\nsystemctl start \"${SERVICE_NAME}\"\nto restart SearXNG"
-fi

util.sh

@@ -1,26 +0,0 @@
-set -e
-
-DOCKERCOMPOSE=$(which docker-compose || echo "/usr/local/bin/docker-compose")
-DOCKERCOMPOSEFILE="${DOCKERCOMPOSEFILE:-docker-compose.yaml}"
-
-echo "use ${DOCKERCOMPOSEFILE}"
-
-if [ ! -x "$(which docker)" ]; then
-    echo "docker not found" 1>&2
-    exit 1
-fi
-
-if ! docker version > /dev/null 2>&1; then
-    echo "can't execute docker (current user: $(whoami))" 1>&2
-    exit 1
-fi
-
-if [ ! -x "${DOCKERCOMPOSE}" ]; then
-    echo "docker-compose not found" 1>&2
-    exit 1
-fi
-
-if [ ! -f "${DOCKERCOMPOSEFILE}" ]; then
-    echo "${DOCKERCOMPOSEFILE} not found" 1>&2
-    exit 1
-fi