cuqmbr/homelab
1
0
Fork 0
Code

add redis support to searxng role

Browse Source 
valkey container is created but the software must be installed manually
This commit is contained in:
cuqmbr 2025-06-29 21:15:23 +03:00
parent c5ce4faae6
commit 5ad54f4cac
Signed by: cuqmbr
GPG Key ID: 0AA446880C766199
6 changed files with 160 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md Normal file
View File

@ -0,0 +1,3 @@
### Todo
- Create role for installing and configuring Valkey

4
ansible/inventories/common/group_vars/load_balancers.yml
View File

@ -48,7 +48,9 @@ nginx_settings:
names:
- searxng.dev.cuqmbr.xyz
- searxng.dev.cuqmbr.home
# - upstream:
statements:
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
- proxy_set_header X-Real-IP $remote_addr
# name: prometheus
# servers:
# - 192.168.0.252:9090

24
ansible/inventories/dev/group_vars/searxng.yml
View File

@ -25,7 +25,7 @@ users:
searxng_homedir: /opt/searxng
searxng_git_commit: e52e9bb4b699e39d9ce51874ea339d4773717389
searxng_git_commit: 60be0f453e9e4a5fc48aeb4706e75af0a4047b36
searxng_settings:
use_default_settings: true
@ -66,7 +66,27 @@ searxng_settings:
X-Download-Options: noopen
X-Robots-Tag: noindex, nofollow
Referrer-Policy: no-referrer
limiter: false
limiter: true
redis:
url: !vault |
$ANSIBLE_VAULT;1.1;AES256
66323631326264383161376136303730353336663065346235313464333237356436356566373233
3165633436383130383364303865666534313139666163640a316664653239373464366239343961
32653631323337633738626464633662313631636631623538376638656161356434633261383138
6163353138343135370a643034343837633534626237656263656138386135303661343837663166
38343839373564643964663630616230623962646164313732316631323263666231343931653634
66326234333163636331666230656530396262623037316136643534323338633630616134656464
36353633633065313666366331316238393134393035346232353462666161653162333632393233
62646332393065346434343636636131386136313938653539663865376661303238396563313633
38616138343337306233373733636634326334326635386361666662363834366166646337393266
34653739623364373135313638643938626635373362343966343664306661363334353061623434
36373135616561653133653066336464383737336134626337393261356630616532343233376264
62386135356263346562313034386334316532343038366435386564623038343634663033643963
62353363643163653763333335386235626666393434343136373832363566323730306134646130
37313163613733333835303363363932343264356662633262373661346463653936316162636332
33633237656362363938653735313834376537333532343039653038326563633063323965633463
37366662313263396637
ui:
static_use_hash: true

7
ansible/roles/searxng/tasks/main.yml
View File

@ -41,6 +41,7 @@
version: "{{ searxng_git_commit }}"
force: true
single_branch: true
register: git_clone_result
- name: Install pip dependencies.
ansible.builtin.pip:
@ -53,6 +54,12 @@
- pyyaml
state: present
- name: Remove searxng settings file.
ansible.builtin.file:
path: /etc/searxng/settings.yml
state: absent
when: git_clone_result.changed
- name: Compile searxng.
ansible.builtin.pip:
virtualenv: "{{ searxng_pyenv }}"

16
terraform/common/firewall_ipsets.tf
View File

@ -33,3 +33,19 @@ resource "proxmox_virtual_environment_firewall_ipset" "dev_loggers" {
comment = "searxng"
}
}
resource "proxmox_virtual_environment_firewall_ipset" "dev_valkey_clients" {
name = "valkey_clients"
comment = "Nodes that can connect to valkey Node."
cidr {
name = "192.168.0.15"
comment = "searxng"
}
}
output "dev_valkey_clients_ipset" {
value = proxmox_virtual_environment_firewall_ipset.dev_valkey_clients
sensitive = true
}

109
terraform/dev/valkey.tf Normal file
View File

@ -0,0 +1,109 @@
resource "proxmox_virtual_environment_container" "valkey" {
node_name = "pve"
vm_id = 1040
tags = ["dev", "database", "cache"]
unprivileged = true
cpu {
cores = 1
}
memory {
dedicated = 512
}
disk {
datastore_id = var.datastore_id
size = 4
}
network_interface {
bridge = var.internal_network_bridge_name
name = "eth-dev"
firewall = true
enabled = true
}
initialization {
hostname = "valkey"
ip_config {
ipv4 {
address = "192.168.0.4/24"
gateway = "192.168.0.1"
}
}
user_account {
keys = [var.ssh_public_key]
}
}
operating_system {
template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
type = "debian"
}
started = true
startup {
order = 100
up_delay = 0
down_delay = 0
}
features {
nesting = true
}
}
resource "proxmox_virtual_environment_firewall_options" "valkey" {
depends_on = [proxmox_virtual_environment_container.valkey]
node_name = proxmox_virtual_environment_container.valkey.node_name
vm_id = proxmox_virtual_environment_container.valkey.vm_id
enabled = true
dhcp = true
input_policy = "DROP"
output_policy = "ACCEPT"
}
resource "proxmox_virtual_environment_firewall_rules" "valkey" {
depends_on = [proxmox_virtual_environment_container.valkey]
node_name = proxmox_virtual_environment_container.valkey.node_name
vm_id = proxmox_virtual_environment_container.valkey.vm_id
rule {
type = "in"
source = split("/", data.terraform_remote_state.common.outputs.bastion_ct.initialization[0].ip_config[1].ipv4[0].address)[0]
proto = "tcp"
dport = "22"
action = "ACCEPT"
comment = "SSH from Bastion."
}
rule {
type = "in"
proto = "icmp"
dport = "8"
action = "ACCEPT"
comment = "Ping."
}
rule {
security_group = data.terraform_remote_state.common.outputs.prometheus_node_exporter_sg.name
comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node."
}
rule {
type = "in"
source = "+${data.terraform_remote_state.common.outputs.dev_valkey_clients_ipset.name}"
proto = "tcp"
dport = "6379"
action = "ACCEPT"
comment = "Access valkey from client nodes."
}
}