From 46e35eea82f93c6d290e1ad4ca680f12644c7ede Mon Sep 17 00:00:00 2001
From: Alpha Chen <alpha@kejadlen.dev>
Date: Wed, 17 Jan 2024 21:20:44 -0800
Subject: [PATCH] mu

---
 lotus-land-story/hledger.yml         |  1 +
 lotus-land-story/searxng.yml         | 46 ++++++++++++++++++++++++++++
 lotus-land-story/templates/Caddyfile | 32 ++++++++++++-------
 on-fire-within/main.yml              |  6 ++--
 4 files changed, 71 insertions(+), 14 deletions(-)
 create mode 100644 lotus-land-story/searxng.yml

diff --git a/lotus-land-story/hledger.yml b/lotus-land-story/hledger.yml
index 9d81579..ef03aab 100644
--- a/lotus-land-story/hledger.yml
+++ b/lotus-land-story/hledger.yml
@@ -12,6 +12,7 @@
 
     - name: Run hledger
       community.docker.docker_container:
+        state: absent
         restart: true
         name: hledger
         image: dastapov/hledger:1.31
diff --git a/lotus-land-story/searxng.yml b/lotus-land-story/searxng.yml
new file mode 100644
index 0000000..61181bb
--- /dev/null
+++ b/lotus-land-story/searxng.yml
@@ -0,0 +1,46 @@
+# https://docs.searxng.org/admin/installation-docker.html#installation-docker
+
+- name: Set up SearXNG
+  hosts: lotus-land-story
+  vars_files:
+    - vars.yml
+  tasks:
+
+    - name: Get docker network
+      community.docker.docker_network:
+        name: lotus_land_story
+      register: docker_network
+
+    - name: Run SearXNG
+      community.docker.docker_container:
+        restart: true
+        name: searxng
+        image: searxng/searxng:2024.1.17-7c80807bb
+        env:
+          SEARXNG_BASE_URL: https://search.{{ domain }}
+        #   DATABASE_URL: postgres://miniflux:{{ miniflux.db_password }}@host.docker.internal/miniflux
+        #   RUN_MIGRATIONS: "1"
+        #   CREATE_ADMIN: "1"
+        #   ADMIN_USERNAME: alpha
+        #   ADMIN_PASSWORD: "{{ miniflux.password }}"
+        #   METRICS_COLLECTOR: "1"
+        #   METRICS_ALLOWED_NETWORKS: "{{ docker_network.network.IPAM.Config[0].Subnet }}"
+        #   OAUTH2_PROVIDER: oidc
+        #   OAUTH2_CLIENT_ID: miniflux
+        #   OAUTH2_CLIENT_SECRET: "{{ miniflux.oidc_secret }}"
+        #   OAUTH2_REDIRECT_URL: https://rss.{{ domain }}/oauth2/oidc/callback
+        #   OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.{{ domain }}
+        #   OAUTH2_USER_CREATION: "1"
+        #   LOG_FORMAT: json
+        #   LOG_LEVEL: info
+        restart_policy: unless-stopped
+        networks:
+          - name: lotus_land_story
+        etc_hosts:
+          host.docker.internal: host-gateway
+
+  handlers:
+    - name: Import restarts
+      ansible.builtin.import_tasks: restarts.yml
+
+# vim: ft=yaml.ansible
diff --git a/lotus-land-story/templates/Caddyfile b/lotus-land-story/templates/Caddyfile
index 2e4952d..b8f3f76 100644
--- a/lotus-land-story/templates/Caddyfile
+++ b/lotus-land-story/templates/Caddyfile
@@ -1,3 +1,9 @@
+{
+	servers {
+		metrics
+	}
+}
+
 # https://www.authelia.com/integration/proxies/caddy/#forwarded-header-trust#trusted-proxies
 (trusted_proxy_list) {
        trusted_proxies {{ trusted_proxies }}
@@ -29,19 +35,23 @@ auth.{{ domain }} {
 	}
 }
 
-{{ hledger.subdomain }}.{{ domain }} {
-	forward_auth authelia:9091 {
-		uri /api/verify?rd=https://auth.{{ domain }}
-		# copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+search.{{ domain }} {
+	reverse_proxy searxng:8080
+}
 
-		## This import needs to be included if you're relying on a trusted proxies configuration.
-		import trusted_proxy_list
-	}
+# {{ hledger.subdomain }}.{{ domain }} {
+# 	forward_auth authelia:9091 {
+# 		uri /api/verify?rd=https://auth.{{ domain }}
+# 		# copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
 
-	reverse_proxy hledger:5000 {
-		import trusted_proxy_list
-	}
-}
+# 		## This import needs to be included if you're relying on a trusted proxies configuration.
+# 		import trusted_proxy_list
+# 	}
+
+# 	reverse_proxy hledger:5000 {
+# 		import trusted_proxy_list
+# 	}
+# }
 
 books.{{ domain }} {
 	forward_auth authelia:9091 {
diff --git a/on-fire-within/main.yml b/on-fire-within/main.yml
index 8c2c2c6..91320cf 100644
--- a/on-fire-within/main.yml
+++ b/on-fire-within/main.yml
@@ -104,7 +104,7 @@
 
     # https://docs.syncthing.net/users/faq.html#inotify-limits
     - name: Increase inotify limit for syncthing
-      lineinfile:
+      ansible.builtin.lineinfile:
         path: /etc/sysctl.conf
         regexp: '^fs.inotify.max_user_watches='
         line: fs.inotify.max_user_watches=204800
@@ -114,7 +114,7 @@
     #
     # https://github.com/ansible/ansible/issues/33960
     - name: Save original host facts
-      set_fact:
+      ansible.builtin.set_fact:
         "{{ item }}_original": "{{ lookup('vars', item) }}"
       with_items:
         - minio
@@ -166,7 +166,7 @@
             #     - traefik.http.routers.mitmproxy-web.tls.certresolver=le
             #     - traefik.http.services.mitmproxy-web.loadbalancer.server.port=8081
             pihole:
-              image: pihole/pihole:2023.11.0
+              image: pihole/pihole:2024.01.0
               container_name: pihole
               ports:
                 - 53:53/tcp