-
Notifications
You must be signed in to change notification settings - Fork 0
/
searxng-lxc-install.sh
210 lines (184 loc) · 6.46 KB
/
searxng-lxc-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
#!/bin/bash
# Color definitions
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Function to print messages in green
print_green() {
echo -e "${GREEN}$1${NC}"
}
# Function to print messages in red
print_red() {
echo -e "${RED}$1${NC}"
}
# Function to get primary IP address
get_primary_ip() {
# Get the primary IP address (excluding localhost)
ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v '^127' | head -n 1
}
# Check if script is run as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Update and install necessary packages including Redis
print_green "Updating package lists and installing Redis..."
apt update && apt upgrade -y
apt install -y redis-server git python3-pip python3-venv build-essential \
python3-dev libffi-dev libssl-dev whiptail python3-yaml
# Check if Redis installation was successful
if ! systemctl is-active --quiet redis-server; then
print_green "Starting Redis server..."
systemctl enable --now redis-server
sleep 2
if ! systemctl is-active --quiet redis-server; then
echo "Failed to start Redis server. Please check the logs."
exit 1
fi
fi
# Set up SearXNG user and directories
print_green "Creating user and directories for SearXNG..."
id -u searxng &>/dev/null || useradd -r -s /bin/false searxng
mkdir -p /usr/local/searxng /etc/searxng
chown searxng:searxng /usr/local/searxng /etc/searxng
# Clone SearXNG repository
print_green "Cloning SearXNG repository..."
if [ -d "/usr/local/searxng/searxng-src" ]; then
print_green "Directory exists, updating repository..."
cd /usr/local/searxng/searxng-src
sudo -u searxng git pull
else
sudo -u searxng git clone https://github.com/searxng/searxng.git /usr/local/searxng/searxng-src
fi
# Set up Python virtual environment
print_green "Setting up Python environment..."
sudo -u searxng python3 -m venv /usr/local/searxng/searx-pyenv
source /usr/local/searxng/searx-pyenv/bin/activate || exit 1
# Install Python packages with error checking
print_green "Installing Python dependencies..."
pip install --upgrade pip setuptools wheel || exit 1
pip install pyyaml || exit 1 # Install PyYAML explicitly
pip install -e /usr/local/searxng/searxng-src || exit 1
# Prompt for configuration settings with defaults and validation
print_green "Configuring SearXNG settings..."
# Ask if user wants to input own secret key
if (whiptail --title "Secret Key" --yesno "Do you want to enter your own secret key? If not, a random one will be generated." 8 78); then
SECRET_KEY=$(whiptail --inputbox "Enter your secret key (min. 32 characters):" 8 78 --title "Secret Key" 3>&1 1>&2 2>&3)
# Validate secret key length
while [ ${#SECRET_KEY} -lt 32 ]; do
whiptail --msgbox "Secret key must be at least 32 characters long!" 8 78
SECRET_KEY=$(whiptail --inputbox "Enter your secret key (min. 32 characters):" 8 78 --title "Secret Key" 3>&1 1>&2 2>&3)
done
else
SECRET_KEY=$(openssl rand -hex 32)
whiptail --msgbox "Generated random secret key: ${SECRET_KEY}" 12 78
fi
# Validation function for port
validate_port() {
local port=$1
if [[ $port =~ ^[0-9]+$ ]] && [ $port -ge 1 ] && [ $port -le 65535 ]; then
return 0
fi
return 1
}
# Input with validation
BIND_ADDRESS=$(whiptail --inputbox "Enter bind address for SearXNG (default: 0.0.0.0):" 8 78 "0.0.0.0" --title "Bind Address" 3>&1 1>&2 2>&3)
while true; do
PORT=$(whiptail --inputbox "Enter port for SearXNG (default: 8888):" 8 78 "8888" --title "Port" 3>&1 1>&2 2>&3)
if validate_port "$PORT"; then
break
else
whiptail --msgbox "Invalid port number. Please enter a number between 1 and 65535." 8 78
fi
done
REDIS_URL=$(whiptail --inputbox "Enter Redis URL (default: redis://127.0.0.1:6379/0):" 8 78 "redis://127.0.0.1:6379/0" --title "Redis URL" 3>&1 1>&2 2>&3)
DEBUG_MODE=$(whiptail --title "Debug Mode" --yesno "Enable debug mode?" 8 78 3>&1 1>&2 2>&3 && echo "true" || echo "false")
# Write settings to configuration file
print_green "Writing configuration to /etc/searxng/settings.yml..."
cat <<EOL > /etc/searxng/settings.yml
# SearXNG settings
use_default_settings: true
general:
debug: ${DEBUG_MODE}
instance_name: "SearXNG"
privacypolicy_url: false
contact_url: false
server:
bind_address: "${BIND_ADDRESS}"
port: ${PORT}
secret_key: "${SECRET_KEY}"
limiter: true
image_proxy: true
redis:
url: "${REDIS_URL}"
ui:
static_use_hash: true
enabled_plugins:
- 'Hash plugin'
- 'Self Information'
- 'Tracker URL remover'
- 'Ahmia blacklist'
search:
safe_search: 2
autocomplete: 'google'
engines:
- name: google
engine: google
shortcut: gg
use_mobile_ui: false
- name: duckduckgo
engine: duckduckgo
shortcut: ddg
display_error_messages: true
- name: wikipedia
engine: wikipedia
shortcut: wp
- name: github
engine: github
shortcut: gh
EOL
# Set proper permissions
chown searxng:searxng /etc/searxng/settings.yml
chmod 640 /etc/searxng/settings.yml
# Create systemd service file
print_green "Creating systemd service..."
cat <<EOL > /etc/systemd/system/searxng.service
[Unit]
Description=SearXNG service
After=network.target redis-server.service
Wants=redis-server.service
[Service]
Type=simple
User=searxng
Group=searxng
Environment="SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml"
ExecStart=/usr/local/searxng/searx-pyenv/bin/python -m searx.webapp
WorkingDirectory=/usr/local/searxng/searxng-src
Restart=always
[Install]
WantedBy=multi-user.target
EOL
# Start and enable the service
systemctl daemon-reload
systemctl enable --now searxng
# Get the actual IP address
CONTAINER_IP=$(get_primary_ip)
# Display a summary of configurations
print_green "Installation complete. Here is a summary of your configurations:"
print_red "Bind Address: ${BIND_ADDRESS}"
print_red "Port: ${PORT}"
print_red "Redis URL: ${REDIS_URL}"
print_red "Debug Mode: ${DEBUG_MODE}"
print_red "Secret Key: ${SECRET_KEY}"
echo "Service Status:"
systemctl status searxng
print_green "You can now access SearXNG at http://${CONTAINER_IP}:${PORT}"
# Optional: Add some basic search engines to the configuration
print_green "Basic search engines have been configured (Google, DuckDuckGo, Wikipedia, GitHub)"
print_green "You can modify the engines in /etc/searxng/settings.yml"
# Final check
if systemctl is-active --quiet searxng; then
print_green "SearXNG is running successfully!"
else
echo "Warning: SearXNG service is not running. Please check the logs with: journalctl -u searxng"
fi