141 lines
3.4 KiB
Nix
141 lines
3.4 KiB
Nix
|
let
|
||
|
appName = "searxng";
|
||
|
appImage = "docker.io/searxng/searxng:latest";
|
||
|
in
|
||
|
{
|
||
|
lib,
|
||
|
config,
|
||
|
kubenix,
|
||
|
...
|
||
|
}: {
|
||
|
kubernetes.resources.services.searxng = {
|
||
|
metadata.namespace = "searxng";
|
||
|
metadata.labels.app = appName;
|
||
|
spec = {
|
||
|
selector.app = appName;
|
||
|
ports.http = {
|
||
|
port = 8080;
|
||
|
targetPort = 8080;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
kubernetes.resources.deployments.searxng = {
|
||
|
metadata.namespace = "searxng";
|
||
|
spec = {
|
||
|
selector.matchLabels.app = appName;
|
||
|
template = {
|
||
|
metadata.labels.app = appName;
|
||
|
spec = {
|
||
|
volumes = {
|
||
|
config.configMap.name = "searxng";
|
||
|
};
|
||
|
containers = {
|
||
|
searxng = {
|
||
|
image = appImage;
|
||
|
imagePullPolicy = "Always";
|
||
|
volumeMounts = [
|
||
|
{
|
||
|
name = "config";
|
||
|
mountPath = "/etc/searxng/settings.yml";
|
||
|
subPath = "settings.yml";
|
||
|
}
|
||
|
{
|
||
|
name = "config";
|
||
|
mountPath = "/etc/searxng/limiter.toml";
|
||
|
subPath = "limiter.toml";
|
||
|
}
|
||
|
];
|
||
|
envFrom = [{secretRef.name = "searxng";}];
|
||
|
ports.http.containerPort = 8080;
|
||
|
resources = {
|
||
|
requests = {
|
||
|
cpu = "100m";
|
||
|
memory = "512Mi";
|
||
|
};
|
||
|
limits = {
|
||
|
memory = "1Gi";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
kubernetes.resources.configMaps.searxng = {
|
||
|
metadata.namespace = "searxng";
|
||
|
data."settings.yml" = ''
|
||
|
use_default_settings: true
|
||
|
server:
|
||
|
image_proxy: true
|
||
|
http_protocol_version: "1.1"
|
||
|
method: "GET"
|
||
|
ui:
|
||
|
static_use_hash: true
|
||
|
redis:
|
||
|
url: redis://searxng-redis-master:6379/0
|
||
|
general:
|
||
|
instance_name: search.gmem.ca
|
||
|
hostname_replace:
|
||
|
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||
|
'(.*\.)?youtu\.be$': 'piped.gmem.ca'
|
||
|
'(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
|
||
|
'(www\.)?twitter\.com$': 'nitter.gmem.ca'
|
||
|
'(www\.)?x\.com$': 'nitter.gmem.ca'
|
||
|
'';
|
||
|
data."limiter.toml" = ''
|
||
|
# This configuration file updates the default configuration file
|
||
|
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||
|
|
||
|
[botdetection.ip_limit]
|
||
|
# activate link_token method in the ip_limit method
|
||
|
link_token = true
|
||
|
'';
|
||
|
};
|
||
|
kubernetes.helm.releases.searxng-redis = {
|
||
|
namespace = "searxng";
|
||
|
chart = kubenix.lib.helm.fetch {
|
||
|
repo = "https://charts.bitnami.com/bitnami";
|
||
|
chart = "redis";
|
||
|
version = "18.6.1";
|
||
|
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
|
||
|
};
|
||
|
values = {
|
||
|
auth.enabled = false;
|
||
|
architecture = "standalone";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
kubernetes.resources.ingresses.searxng = {
|
||
|
metadata = {
|
||
|
name = appName;
|
||
|
namespace = "searxng";
|
||
|
annotations = {
|
||
|
"cert-manager.io/cluster-issuer" = "le-issuer";
|
||
|
};
|
||
|
};
|
||
|
spec = {
|
||
|
tls = [
|
||
|
{
|
||
|
hosts = ["search.gmem.ca"];
|
||
|
}
|
||
|
];
|
||
|
rules = [
|
||
|
{
|
||
|
host = "search.gmem.ca";
|
||
|
http.paths = [
|
||
|
{
|
||
|
path = "/";
|
||
|
pathType = "Prefix";
|
||
|
backend.service = {
|
||
|
name = appName;
|
||
|
port.name = "http";
|
||
|
};
|
||
|
}
|
||
|
];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
}
|