#!/usr/bin/env bash # -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*- # SPDX-License-Identifier: AGPL-3.0-or-later # shellcheck disable=SC2001 # shellcheck source=utils/lib.sh source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" # shellcheck source=utils/brand.env source "${REPO_ROOT}/utils/brand.env" source_dot_config source "${REPO_ROOT}/utils/lxc-searx.env" in_container && lxc_set_suite_env # ---------------------------------------------------------------------------- # config # ---------------------------------------------------------------------------- PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}" SEARX_INTERNAL_URL="${SEARX_INTERNAL_URL:-127.0.0.1:8888}" SEARX_URL_PATH="${SEARX_URL_PATH:-$(echo "${PUBLIC_URL}" \ | sed -e 's,^.*://[^/]*\(/.*\),\1,g')}" [[ "${SEARX_URL_PATH}" == "${PUBLIC_URL}" ]] && SEARX_URL_PATH=/ SEARX_INSTANCE_NAME="${SEARX_INSTANCE_NAME:-searx@$(echo "$PUBLIC_URL" \ | sed -e 's,^.*://\([^\:/]*\).*,\1,g') }" SERVICE_NAME="searx" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}" SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}" # shellcheck disable=SC2034 SERVICE_GROUP="${SERVICE_USER}" GIT_BRANCH="${GIT_BRANCH:-master}" SEARX_PYENV="${SERVICE_HOME}/searx-pyenv" SEARX_SRC="${SERVICE_HOME}/searx-src" SEARX_SETTINGS_PATH="/etc/searx/settings.yml" SEARX_UWSGI_APP="searx.ini" # shellcheck disable=SC2034 SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket" # apt packages SEARX_PACKAGES_debian="\ virtualenv python3-dev python3-babel python3-venv uwsgi uwsgi-plugin-python3 git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev shellcheck" BUILD_PACKAGES_debian="\ firefox graphviz imagemagick texlive-xetex librsvg2-bin texlive-latex-recommended texlive-extra-utils ttf-dejavu" # pacman packages SEARX_PACKAGES_arch="\ python-virtualenv python python-pip python-lxml python-babel uwsgi uwsgi-plugin-python git base-devel libxml2 shellcheck" BUILD_PACKAGES_arch="\ firefox graphviz imagemagick texlive-bin extra/librsvg texlive-core texlive-latexextra ttf-dejavu" # dnf packages SEARX_PACKAGES_fedora="\ virtualenv python python-pip python-lxml python-babel uwsgi uwsgi-plugin-python3 git @development-tools libxml2 ShellCheck" BUILD_PACKAGES_fedora="\ firefox graphviz graphviz-gd ImageMagick librsvg2-tools texlive-xetex-bin texlive-collection-fontsrecommended texlive-collection-latex dejavu-sans-fonts dejavu-serif-fonts dejavu-sans-mono-fonts" case $DIST_ID in ubuntu|debian) SEARX_PACKAGES="${SEARX_PACKAGES_debian}" BUILD_PACKAGES="${BUILD_PACKAGES_debian}" APACHE_APT_PACKAGES="libapache2-mod-uwsgi" ;; arch) SEARX_PACKAGES="${SEARX_PACKAGES_arch}" BUILD_PACKAGES="${BUILD_PACKAGES_arch}" APACHE_APT_PACKAGES="uwsgi" ;; fedora) SEARX_PACKAGES="${SEARX_PACKAGES_fedora}" BUILD_PACKAGES="${BUILD_PACKAGES_fedora}" APACHE_APT_PACKAGES="uwsgi" ;; esac # Apache Settings APACHE_SEARX_SITE="searx.conf" # shellcheck disable=SC2034 CONFIG_FILES=( "${uWSGI_APPS_AVAILABLE}/${SEARX_UWSGI_APP}" ) # shellcheck disable=SC2034 CONFIG_BACKUP_ENCRYPTED=( "${SEARX_SETTINGS_PATH}" ) # ---------------------------------------------------------------------------- usage() { # ---------------------------------------------------------------------------- # shellcheck disable=SC1117 cat <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} git checkout -B "$GIT_BRANCH" git pull ${SEARX_SRC}/manage.sh update_packages EOF install_settings uWSGI_restart "$SEARX_UWSGI_APP" } remove_all() { rst_title "De-Install $SEARX_INSTANCE_NAME (service)" rst_para "\ It goes without saying that this script can only be used to remove installations that were installed with this script." if ! ask_yn "Do you really want to deinstall $SEARX_INSTANCE_NAME?"; then return fi remove_searx_uwsgi drop_service_account "${SERVICE_USER}" remove_settings wait_key if service_is_available "${PUBLIC_URL}"; then MSG="** Don't forgett to remove your public site! (${PUBLIC_URL}) **" wait_key 10 fi } assert_user() { rst_title "user $SERVICE_USER" section echo tee_stderr 1 </dev/null)" if [[ ! "${SERVICE_HOME}" ]]; then err_msg "to clone searx sources, user $SERVICE_USER hast to be created first" return 42 fi export SERVICE_HOME git_clone "$REPO_ROOT" "$SEARX_SRC" \ "$GIT_BRANCH" "$SERVICE_USER" pushd "${SEARX_SRC}" > /dev/null tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd "${SEARX_SRC}" git remote set-url origin ${GIT_URL} git config user.email "$ADMIN_EMAIL" git config user.name "$ADMIN_NAME" git config --list EOF popd > /dev/null } install_settings() { rst_title "${SEARX_SETTINGS_PATH}" section if ! clone_is_available; then err_msg "you have to install searx first" exit 42 fi mkdir -p "$(dirname ${SEARX_SETTINGS_PATH})" if [[ ! -f ${SEARX_SETTINGS_PATH} ]]; then info_msg "install settings ${REPO_ROOT}/searx/settings.yml" info_msg " --> ${SEARX_SETTINGS_PATH}" cp "${REPO_ROOT}/searx/settings.yml" "${SEARX_SETTINGS_PATH}" configure_searx return fi rst_para "Diff between origin's setting file (+) and current (-):" echo $DIFF_CMD "${SEARX_SETTINGS_PATH}" "${SEARX_SRC}/searx/settings.yml" local action choose_one action "What should happen to the settings file? " \ "keep configuration unchanged" \ "use origin settings" \ "start interactiv shell" case $action in "keep configuration unchanged") info_msg "leave settings file unchanged" ;; "use origin settings") backup_file "${SEARX_SETTINGS_PATH}" info_msg "install origin settings" cp "${SEARX_SRC}/searx/settings.yml" "${SEARX_SETTINGS_PATH}" ;; "start interactiv shell") backup_file "${SEARX_SETTINGS_PATH}" echo -e "// exit with [${_BCyan}CTRL-D${_creset}]" sudo -H -i rst_para 'Diff between new setting file (-) and current (+):' echo $DIFF_CMD "${SEARX_SRC}/searx/settings.yml" "${SEARX_SETTINGS_PATH}" wait_key ;; esac } remove_settings() { rst_title "remove searx settings" section echo info_msg "delete ${SEARX_SETTINGS_PATH}" rm -f "${SEARX_SETTINGS_PATH}" } remove_searx() { rst_title "Drop searx sources" section if ask_yn "Do you really want to drop searx sources ($SEARX_SRC)?"; then rm -rf "$SEARX_SRC" else rst_para "Leave searx sources unchanged." fi } pyenv_is_available() { [[ -f "${SEARX_PYENV}/bin/activate" ]] } create_pyenv() { rst_title "Create virtualenv (python)" section echo if [[ ! -f "${SEARX_SRC}/manage.sh" ]]; then err_msg "to create pyenv for searx, searx has to be cloned first" return 42 fi info_msg "create pyenv in ${SEARX_PYENV}" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" rm -rf "${SEARX_PYENV}" python3 -m venv "${SEARX_PYENV}" grep -qFs -- 'source ${SEARX_PYENV}/bin/activate' ~/.profile \ || echo 'source ${SEARX_PYENV}/bin/activate' >> ~/.profile EOF info_msg "inspect python's virtual environment" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" command -v python && python --version EOF wait_key info_msg "install needed python packages" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" ${SEARX_SRC}/manage.sh update_packages EOF } remove_pyenv() { rst_title "Remove virtualenv (python)" section if ! ask_yn "Do you really want to drop ${SEARX_PYENV} ?"; then return fi info_msg "remove pyenv activation from ~/.profile" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" grep -v 'source ${SEARX_PYENV}/bin/activate' ~/.profile > ~/.profile.## mv ~/.profile.## ~/.profile EOF rm -rf "${SEARX_PYENV}" } configure_searx() { rst_title "Configure searx" section rst_para "Setup searx config located at $SEARX_SETTINGS_PATH" echo tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "$SEARX_SETTINGS_PATH" sed -i -e "s/{instance_name}/${SEARX_INSTANCE_NAME}/g" "$SEARX_SETTINGS_PATH" EOF } test_local_searx() { rst_title "Testing searx instance localy" section echo if service_is_available "http://$SEARX_INTERNAL_URL" &>/dev/null; then err_msg "URL/port http://$SEARX_INTERNAL_URL is already in use, you" err_msg "should stop that service before starting local tests!" if ! ask_yn "Continue with local tests?"; then return fi fi sed -i -e "s/debug : False/debug : True/g" "$SEARX_SETTINGS_PATH" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" export SEARX_SETTINGS_PATH="${SEARX_SETTINGS_PATH}" cd ${SEARX_SRC} timeout 10 python searx/webapp.py & sleep 3 curl --location --verbose --head --insecure $SEARX_INTERNAL_URL EOF sed -i -e "s/debug : True/debug : False/g" "$SEARX_SETTINGS_PATH" } install_searx_uwsgi() { rst_title "Install searx's uWSGI app (searx.ini)" section echo uWSGI_install_app "$SEARX_UWSGI_APP" } remove_searx_uwsgi() { rst_title "Remove searx's uWSGI app (searx.ini)" section echo uWSGI_remove_app "$SEARX_UWSGI_APP" } activate_service() { rst_title "Activate $SEARX_INSTANCE_NAME (service)" section echo uWSGI_enable_app "$SEARX_UWSGI_APP" uWSGI_restart "$SEARX_UWSGI_APP" } deactivate_service() { rst_title "De-Activate $SEARX_INSTANCE_NAME (service)" section echo uWSGI_disable_app "$SEARX_UWSGI_APP" uWSGI_restart "$SEARX_UWSGI_APP" } enable_image_proxy() { info_msg "try to enable image_proxy ..." tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} sed -i -e "s/image_proxy : False/image_proxy : True/g" "$SEARX_SETTINGS_PATH" EOF uWSGI_restart "$SEARX_UWSGI_APP" } disable_image_proxy() { info_msg "try to enable image_proxy ..." tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} sed -i -e "s/image_proxy : True/image_proxy : False/g" "$SEARX_SETTINGS_PATH" EOF uWSGI_restart "$SEARX_UWSGI_APP" } enable_debug() { warn_msg "Do not enable debug in production enviroments!!" info_msg "try to enable debug mode ..." tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} sed -i -e "s/debug : False/debug : True/g" "$SEARX_SETTINGS_PATH" EOF uWSGI_restart "$SEARX_UWSGI_APP" } disable_debug() { info_msg "try to disable debug mode ..." tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" cd ${SEARX_SRC} sed -i -e "s/debug : True/debug : False/g" "$SEARX_SETTINGS_PATH" EOF uWSGI_restart "$SEARX_UWSGI_APP" } set_result_proxy() { info_msg "try to set result proxy ..." local line local stage=0 local url=" url: $1" local key=" key: $2" if [[ -z $2 ]]; then key= fi cp "${SEARX_SETTINGS_PATH}" "${SEARX_SETTINGS_PATH}.bak" _set_result_proxy "$1" "$2" > "${SEARX_SETTINGS_PATH}" } _set_result_proxy() { local line local stage=0 local url=" url: $1" local key=" key: $2" if [[ -z $2 ]]; then key= fi while IFS= read -r line do if [[ $stage = 0 ]] || [[ $stage = 2 ]] ; then if [[ $line =~ ^[[:space:]]*#*[[:space:]]*result_proxy[[:space:]]*:[[:space:]]*$ ]]; then if [[ $stage = 0 ]]; then stage=1 echo "result_proxy:" continue elif [[ $stage = 2 ]]; then continue fi fi fi if [[ $stage = 1 ]] || [[ $stage = 2 ]] ; then if [[ $line =~ ^[[:space:]]*#*[[:space:]]*url[[:space:]]*:[[:space:]] ]]; then [[ $stage = 1 ]] && echo "$url" continue elif [[ $line =~ ^[[:space:]]*#*[[:space:]]*key[[:space:]]*:[[:space:]] ]]; then [[ $stage = 1 ]] && [[ -n $key ]] && echo "$key" continue elif [[ $line =~ ^[[:space:]]*$ ]]; then stage=2 fi fi echo "$line" done < "${SEARX_SETTINGS_PATH}.bak" } function has_substring() { [[ "$1" != "${2/$1/}" ]] } inspect_service() { rst_title "service status & log" cat < ${PUBLIC_URL}" info_msg "internal URL --> http://${SEARX_INTERNAL_URL}" fi if ! service_is_available "http://${SEARX_INTERNAL_URL}"; then err_msg "uWSGI app (service) at http://${SEARX_INTERNAL_URL} is not available!" MSG="${_Green}[${_BCyan}CTRL-C${_Green}] to stop or [${_BCyan}KEY${_Green}] to continue"\ wait_key fi if ! service_is_available "${PUBLIC_URL}"; then warn_msg "Public service at ${PUBLIC_URL} is not available!" if ! in_container; then warn_msg "Check if public name is correct and routed or use the public IP from above." fi fi local _debug_on if ask_yn "Enable searx debug mode?"; then enable_debug _debug_on=1 fi echo case $DIST_ID-$DIST_VERS in ubuntu-*|debian-*) systemctl --no-pager -l status "${SERVICE_NAME}" ;; arch-*) systemctl --no-pager -l status "uwsgi@${SERVICE_NAME%.*}" ;; fedora-*) systemctl --no-pager -l status uwsgi ;; esac # shellcheck disable=SC2059 printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log" read -r -s -n1 -t 5 echo while true; do trap break 2 case $DIST_ID-$DIST_VERS in ubuntu-*|debian-*) tail -f /var/log/uwsgi/app/searx.log ;; arch-*) journalctl -f -u "uwsgi@${SERVICE_NAME%.*}" ;; fedora-*) journalctl -f -u uwsgi ;; esac done if [[ $_debug_on == 1 ]]; then disable_debug fi return 0 } install_apache_site() { rst_title "Install Apache site $APACHE_SEARX_SITE" rst_para "\ This installs the searx uwsgi app as apache site. If your server ist public to the internet you should instead use a reverse proxy (filtron) to block excessively bot queries." ! apache_is_installed && err_msg "Apache is not installed." if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then return fi pkg_install "$APACHE_APT_PACKAGES" a2enmod uwsgi echo apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}" if ! service_is_available "${PUBLIC_URL}"; then err_msg "Public service at ${PUBLIC_URL} is not available!" fi } remove_apache_site() { rst_title "Remove Apache site ${APACHE_SEARX_SITE}" rst_para "\ This removes apache site ${APACHE_SEARX_SITE}." ! apache_is_installed && err_msg "Apache is not installed." if ! ask_yn "Do you really want to continue?"; then return fi apache_remove_site "${APACHE_SEARX_SITE}" } rst-doc() { local debian="${SEARX_PACKAGES_debian}" local arch="${SEARX_PACKAGES_arch}" local fedora="${SEARX_PACKAGES_fedora}" local debian_build="${BUILD_PACKAGES_debian}" local arch_build="${BUILD_PACKAGES_arch}" local fedora_build="${BUILD_PACKAGES_fedora}" debian="$(echo "${debian}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" arch="$(echo "${arch}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" fedora="$(echo "${fedora}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" debian_build="$(echo "${debian_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" arch_build="$(echo "${arch_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" fedora_build="$(echo "${fedora_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/searx.rst")\"" # I use ubuntu-20.04 here to demonstrate that versions are also suported, # normaly debian-* and ubuntu-* are most the same. for DIST_NAME in ubuntu-20.04 arch fedora; do ( DIST_ID=${DIST_NAME%-*} DIST_VERS=${DIST_NAME#*-} [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS= uWSGI_distro_setup echo -e "\n.. START searx uwsgi-description $DIST_NAME" case $DIST_ID-$DIST_VERS in ubuntu-*|debian-*) cat < /usr/share/doc/uwsgi/README.Debian.gz # For uWSGI debian uses the LSB init process, this might be changed # one day, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833067 create ${uWSGI_APPS_AVAILABLE}/${SEARX_UWSGI_APP} enable: sudo -H ln -s ${uWSGI_APPS_AVAILABLE}/${SEARX_UWSGI_APP} ${uWSGI_APPS_ENABLED}/ start: sudo -H service uwsgi start ${SEARX_UWSGI_APP%.*} restart: sudo -H service uwsgi restart ${SEARX_UWSGI_APP%.*} stop: sudo -H service uwsgi stop ${SEARX_UWSGI_APP%.*} disable: sudo -H rm ${uWSGI_APPS_ENABLED}/${SEARX_UWSGI_APP} EOF ;; arch-*) cat < /usr/lib/systemd/system/uwsgi@.service # For uWSGI archlinux uses systemd template units, see # - http://0pointer.de/blog/projects/instances.html # - https://uwsgi-docs.readthedocs.io/en/latest/Systemd.html#one-service-per-app-in-systemd create: ${uWSGI_APPS_ENABLED}/${SEARX_UWSGI_APP} enable: sudo -H systemctl enable uwsgi@${SEARX_UWSGI_APP%.*} start: sudo -H systemctl start uwsgi@${SEARX_UWSGI_APP%.*} restart: sudo -H systemctl restart uwsgi@${SEARX_UWSGI_APP%.*} stop: sudo -H systemctl stop uwsgi@${SEARX_UWSGI_APP%.*} disable: sudo -H systemctl disable uwsgi@${SEARX_UWSGI_APP%.*} EOF ;; fedora-*) cat < /usr/lib/systemd/system/uwsgi.service # The unit file starts uWSGI in emperor mode (/etc/uwsgi.ini), see # - https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html create: ${uWSGI_APPS_ENABLED}/${SEARX_UWSGI_APP} restart: sudo -H touch ${uWSGI_APPS_ENABLED}/${SEARX_UWSGI_APP} disable: sudo -H rm ${uWSGI_APPS_ENABLED}/${SEARX_UWSGI_APP} EOF ;; esac echo -e ".. END searx uwsgi-description $DIST_NAME" echo -e "\n.. START searx uwsgi-appini $DIST_NAME" eval "echo \"$(< "${TEMPLATES}/${uWSGI_APPS_AVAILABLE}/${SEARX_UWSGI_APP}")\"" echo -e "\n.. END searx uwsgi-appini $DIST_NAME" ) done } # ---------------------------------------------------------------------------- main "$@" # ----------------------------------------------------------------------------