Cleared out some old roles and installed searxng

ansible/main.yml

@@ -17,11 +17,12 @@
     - ntfy
     - nextcloud
     - tautulli
-    - gitea
+      #- gitea
     - unifi-controller
     - navidrome
     - lidarr
-    - webtrees
     - slskd
     - barassistant
     - synapse
+    - name: searxng
+      tags: test

ansible/roles/gitea/files/ssh_shim.sh

@@ -1 +0,0 @@
-ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

ansible/roles/gitea/tasks/main.yml

@@ -1,53 +0,0 @@
-- name: Create service user
-  user:
-    name: git
-    password_lock: yes
-    generate_ssh_key: yes
-    ssh_key_type: rsa
-    ssh_key_comment: Gitea Host Key
-  register: service_user
-  become: true
-
-- name: Add user git's ssh key to its own authorized_key file
-  ansible.posix.authorized_key:
-    user: git
-    key: "{{ service_user.ssh_public_key }}"
-  become: true
-
-- name: Set authorized_key file permissions
-  file:
-    path: "/home/{{ service_user.name }}/.ssh/authorized_keys"
-    mode: 0600
-  become: true
-
-- name: Install SSH shim script
-  copy:
-    src: ssh_shim.sh
-    dest: /usr/local/bin/gitea
-    owner: "{{ service_user.uid }}"
-    group: "{{ service_user.group }}"
-    mode: 0711
-  become: true
-
-- name: Create install directory
-  file:
-    path: "{{ install_directory }}/{{ role_name }}"
-    state: directory
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  become: true
-
-- name: Copy docker-compose file to destination
-  template:
-    src: docker-compose.yml
-    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_file_mask }}"
-    validate: docker-compose -f %s config
-  become: true
-
-- name: Start docker container
-  community.docker.docker_compose:
-    project_src: "{{ install_directory }}/{{ role_name }}"
-    pull: true
-    remove_orphans: yes

ansible/roles/gitea/templates/docker-compose.yml

@@ -1,55 +0,0 @@
-version: "{{ docker_compose_version }}"
-
-networks:
-  traefik:
-    external: true
-  default:
-    external: false
-
-services:
-  gitea:
-    container_name: gitea
-    image: gitea/gitea:latest
-    restart: unless-stopped
-    depends_on:
-      - db
-    networks:
-      - traefik
-      - default
-    ports:
-      - "127.0.0.1:2222:22"
-    environment:
-      - "USER_UID={{ service_user.uid }}"
-      - "USER_GID={{ service_user.group }}"
-      - GITEA__database__DB_TYPE=postgres
-      - GITEA__database__HOST=db:5432
-      - GITEA__database__NAME=gitea
-      - GITEA__database__USER=gitea
-      - GITEA__database__PASSWD=gitea
-      - GITEA__server__START_SSH_SERVER=true
-      - GITEA__server__BUILTIN_SSH_SERVER_USER=git
-      - GITEA__server__SSH_LISTEN_PORT=2222
-      - "GITEA__server__DOMAIN=git.{{ personal_domain }}"
-      - "GITEA__server__ROOT_URL=https://git.{{ personal_domain }}"
-      - GITEA__server__LANDING_PAGE=explore
-    volumes:
-      - "{{ data_dir }}/gitea:/data"
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-      - /home/git/.ssh:/data/git/.ssh # For SSH passthrough
-    labels:
-      traefik.enable: true
-      traefik.http.routers.gitea.rule: "Host(`git.{{ personal_domain }}`)"
-      traefik.http.services.gitea.loadbalancer.server.port: 3000
-
-  db:
-    image: postgres:14-alpine
-    restart: unless-stopped
-    networks:
-      - default
-    environment:
-      - POSTGRES_USER=gitea
-      - POSTGRES_PASSWORD=gitea
-      - POSTGRES_DB=gitea
-    volumes:
-      - "{{ data_dir }}/postgres/gitea:/var/lib/postgresql/data"

ansible/roles/immich/defaults/main.yml

@@ -1 +0,0 @@
-upload_location: "{{ data_dir }}/immich/upload"

ansible/roles/immich/templates/docker-compose.yml

@@ -1,86 +0,0 @@
-version: "{{ docker_compose_version }}"
-
-networks:
-  traefik:
-    external: true
-
-services:
-  immich-server:
-    container_name: immich_server
-    image: ghcr.io/immich-app/immich-server:release
-    restart: unless-stopped
-    entrypoint: ["/bin/sh", "./start-server.sh"]
-    volumes:
-      - "{{ upload_location }}:/usr/src/app/upload"
-    depends_on:
-      - redis
-      - database
-      - typesense
-
-  immich-microservices:
-    container_name: immich_microservices
-    image: ghcr.io/immich-app/immich-server:release
-    restart: unless-stopped
-    entrypoint: ["/bin/sh", "./start-microservices.sh"]
-    volumes:
-      - "{{ upload_location }}:/usr/src/app/upload"
-    environment:
-      - NODE_ENV=production
-    depends_on:
-      - redis
-      - database
-      - typesense
-
-  immich-machine-learning:
-    container_name: immich_machine_learning
-    image: ghcr.io/immich-app/immich-machine-learning:release
-    restart: unless-stopped
-    volumes:
-      - "{{ upload_location }}:/usr/src/app/upload"
-      - model-cache:/cache
-    environment:
-      - NODE_ENV=production
-
-  immich-web:
-    container_name: immich-web
-    image: ghcr.io/immich-app/immich-web:release
-    restart: unless-stopped
-    entrypoint: ["/bin/sh", "./entrypoint.sh"]
-
-  typesense:
-    container_name: immich_typesense
-    image: typesense/typesense:0.24.0
-    restart: unless-stopped
-    environment:
-      - TYPESENSE_API_KEY={{ typesense_api_key }}
-      - TYPESENSE_DATA_DIR=/data
-    logging:
-      driver: none
-    volumes:
-      - tsdata:/data
-
-  redis:
-    container_name: immich_redis
-    image: redis:6.2
-    restart: unless-stopped
-
-  database:
-    container_name: immich_postgres
-    image: postgres:14
-    restart: unless-stopped
-    environment:
-      POSTGRES_PASSWORD: immich
-      POSTGRES_USER: immich
-      POSTGRES_DB: immich
-      PG_DATA: /var/lib/postgresql/data
-    volumes:
-      - "{{ data_dir }}/postgres/immich:/var/lib/postgresql/data
-
-  immich-proxy:
-    container_name: immich_proxy
-    image: ghcr.io/immich-app/immich-proxy:release
-    environment:
-
-volumes:
-  model-cache:
-  tsdata:

ansible/roles/minetest/tasks/main.yml

@@ -1,29 +0,0 @@
-- name: Create service user
-  user:
-    name: "{{ role_name }}"
-    system: true
-  register: service_user
-  become: true
-
-- name: Create install directory
-  file:
-    path: "{{ install_directory }}/{{ role_name }}"
-    state: directory
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  become: true
-
-- name: Copy docker-compose file to destination
-  template:
-    src: docker-compose.yml
-    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_file_mask }}"
-    validate: docker-compose -f %s config
-  become: true
-
-- name: Start docker container
-  community.docker.docker_compose:
-    project_src: "{{ install_directory }}/{{ role_name }}"
-    pull: true
-    remove_orphans: yes

ansible/roles/minetest/templates/docker-compose.yml

@@ -1,22 +0,0 @@
-version: "{{ docker_compose_version }}"
-
-networks:
-  traefik:
-    external: true
-
-services:
-  minetest:
-    container_name: minetest
-    image: lscr.io/linuxserver/minetest:latest
-    restart: unless-stopped
-    networks:
-      - traefik
-    environment:
-      - "PUID={{ service_user.uid }}"
-      - "PGID={{ service_user.uid }}"
-      - "TZ={{ timezone }}"
-    volumes:
-      - "{{ data_dir }}/{{ role_name }}:/config/.minetest"
-    labels:
-      traefik.enable: true
-      traefik.http.routers.minetest.rule: "Host(`minetest.{{ personal_domain }}`)"

ansible/roles/searxng/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart searxng
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    restarted: true
+

ansible/roles/searxng/tasks/main.yml

@@ -1,10 +1,3 @@
-- name: Create service user
-  user:
-    name: "{{ role_name }}"
-    system: true
-  register: service_user
-  become: true
-
 - name: Create install directory
   file:
     path: "{{ install_directory }}/{{ role_name }}"
@@ -22,6 +15,14 @@
     validate: docker-compose -f %s config
   become: true
 
+- name: Copy settings file to destionation
+  template:
+    src: settings.yml
+    dest: "{{ data_dir }}/{{ role_name }}/settings.yml"
+    owner: "{{ docker_user }}"
+  become: true
+  notify: restart searxng
+
 - name: Start docker container
   community.docker.docker_compose:
     project_src: "{{ install_directory }}/{{ role_name }}"

ansible/roles/searxng/templates/docker-compose.yml

@@ -0,0 +1,38 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  searxng:
+    container_name: searxng
+    image: searxng/searxng
+    restart: unless-stopped
+    networks:
+      - traefik
+    volumes:
+      - "{{ data_dir }}/{{ role_name }}:/etc/searxng"
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+    labels:
+      traefik.enable: true
+      traefik.http.routers.searxng.rule: "Host(`search.{{ personal_domain }}`)"
+      traefik.http.routers.searxng.middlewares: lan-whitelist@file
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    command: redis-server --save "" --appendonly "no"
+    tmpfs:
+      - /var/lib/redis
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETGID
+      - SETUID
+      - DAC_OVERRIDE

ansible/roles/searxng/vars/main.yml

@@ -0,0 +1,10 @@
+searxng_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33656138666464373665663339363665346566613637626131363335336535313131333265646539
+  3037373439643964343139383764386364623961383737610a313063613736316437366239663238
+  65333735633661316463336665353138623264396534383865363134613165636164303765356265
+  3865626366613966660a313738353339313133393765643136306361373061366132373130656531
+  61396230346333346636356562353733623332333662653164373630626339376433353663313862
+  61303230613135336662313531313836363466623162666233646231616333643536303233616231
+  62353866333465646162633738383866363338383932623335353038393130323932343363653233
+  62663465386661663262

ansible/roles/webtrees/tasks/main.yml

@@ -1,29 +0,0 @@
-- name: Create service user
-  user:
-    name: "{{ role_name }}"
-    system: true
-  register: service_user
-  become: true
-
-- name: Create install directory
-  file:
-    path: "{{ install_directory }}/{{ role_name }}"
-    state: directory
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  become: true
-
-- name: Copy docker-compose file to destination
-  template:
-    src: docker-compose.yml
-    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
-    owner: "{{ docker_user }}"
-    mode: "{{ docker_compose_file_mask }}"
-    validate: docker-compose -f %s config
-  become: true
-
-- name: Start docker container
-  community.docker.docker_compose:
-    project_src: "{{ install_directory }}/{{ role_name }}"
-    pull: true
-    remove_orphans: yes

ansible/roles/webtrees/templates/docker-compose.yml

@@ -1,50 +0,0 @@
-version: "{{ docker_compose_version }}"
-
-networks:
-  traefik:
-    external: true
-  db:
-    external: false
-
-services:
-  {{ role_name }}:
-    container_name: "{{ role_name }}"
-    image: ghcr.io/nathanvaughn/webtrees:latest
-    restart: unless-stopped
-    networks:
-      - traefik
-      - db
-    environment:
-      PRETTY_URLS: "1"
-      BASE_URL: "https://ancestry.{{ personal_domain }}"
-      DB_TYPE: "pgsql"
-      DB_PORT: 5432
-      DB_HOST: "db"
-      DB_NAME: "webtrees"
-      DB_USER: "webtrees"
-      DB_PASSWORD: "webtrees"
-      WT_USER: "mike"
-      WT_PASS: "mike"
-      WT_EMAIL: email@email.com
-    volumes:
-      - "{{ data_dir }}/{{ role_name }}/data:/var/www/webtrees/data"
-      - "{{ data_dir }}/{{ role_name }}/media:/var/www/webtrees/media"
-    labels:
-      traefik.enable: true
-      traefik.http.routers.{{ role_name }}.rule: "Host(`ancestry.{{ personal_domain }}`)"
-      traefik.http.routers.{{ role_name }}.middlewares: lan-whitelist@file
-
-  db:
-    image: lscr.io/linuxserver/mariadb:latest
-    restart: unless-stopped
-    networks:
-      - db
-    environment:
-      TZ: {{ timezone }}
-      MYSQL_DATABASE: webtrees
-      MYSQL_USER: webtrees
-      MYSQL_PASSWORD: webtrees
-      MYSQL_ROOT_PASSWORD: webtrees
-    volumes:
-      - "{{ data_dir }}/mariadb/webtrees:/config"
-