docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
2026-03-03 12:49:06 +00:00
parent c7be03a743
commit b4d60f2f38
219 changed files with 34586 additions and 2 deletions
--- a/ansible/searxng/deploy.yml
+++ b/ansible/searxng/deploy.yml
@@ -0,0 +1,134 @@
+---
+- name: Deploy SearXNG with Docker Compose
+  hosts: ubuntu
+  become: true
+  tasks:
+  - name: Check if host has searxng service
+    ansible.builtin.set_fact:
+      has_searxng_service: "{{'searxng' in services}}"
+
+  - name: Skip hosts without searxng service
+    ansible.builtin.meta: end_host
+    when: not has_searxng_service
+
+  - name: Create searxng group
+    ansible.builtin.group:
+      name: "{{searxng_group}}"
+
+  - name: Create searxng user
+    ansible.builtin.user:
+      name: "{{searxng_user}}"
+      comment: "{{searxng_user}}"
+      group: "{{searxng_group}}"
+      system: true
+
+  - name: Add group searxng to ansible_user
+    ansible.builtin.user:
+      name: "{{ansible_user}}"
+      groups: "{{searxng_group}}"
+      append: true
+
+  - name: Create searxng directory
+    ansible.builtin.file:
+      path: "{{searxng_directory}}"
+      owner: "{{searxng_user}}"
+      group: "{{searxng_group}}"
+      state: directory
+      mode: '750'
+
+  - name: Template configuration files
+    ansible.builtin.template:
+      src: "{{item.src}}"
+      dest: "{{searxng_directory}}/{{item.dest}}"
+      owner: "{{searxng_user}}"
+      group: "{{searxng_group}}"
+      mode: '550'
+    loop:
+      - src: "docker-compose.yml.j2"
+        dest: "docker-compose.yml"
+      - src: "searxng-settings.yml.j2"
+        dest: "searxng-settings.yml"
+
+  - name: Reset SSH connection to apply group changes
+    meta: reset_connection
+
+  - name: Start SearXNG service
+    community.docker.docker_compose_v2:
+      project_src: "{{searxng_directory}}"
+      state: present
+      pull: always
+
+  # ===========================================================================
+  # OAuth2-Proxy Sidecar
+  # Note: Each host supports at most one OAuth2-Proxy sidecar instance
+  # (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
+  # ===========================================================================
+  - name: Create oauth2-proxy directory
+    ansible.builtin.file:
+      path: "{{ searxng_oauth2_proxy_dir }}"
+      owner: root
+      group: root
+      state: directory
+      mode: '0755'
+
+  - name: Download oauth2-proxy binary
+    ansible.builtin.get_url:
+      url: "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v{{ searxng_oauth2_proxy_version }}/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64.tar.gz"
+      dest: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.tar.gz"
+      mode: '0644'
+
+  - name: Extract oauth2-proxy binary
+    ansible.builtin.unarchive:
+      src: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.tar.gz"
+      dest: /tmp
+      remote_src: true
+      creates: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64/oauth2-proxy"
+
+  - name: Install oauth2-proxy binary
+    ansible.builtin.copy:
+      src: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64/oauth2-proxy"
+      dest: /usr/local/bin/oauth2-proxy
+      owner: root
+      group: root
+      mode: '0755'
+      remote_src: true
+
+  - name: Template oauth2-proxy configuration
+    ansible.builtin.template:
+      src: oauth2-proxy-searxng.cfg.j2
+      dest: "{{ searxng_oauth2_proxy_dir }}/oauth2-proxy.cfg"
+      owner: root
+      group: root
+      mode: '0600'
+    notify: restart oauth2-proxy-searxng
+
+  - name: Template oauth2-proxy systemd service
+    ansible.builtin.template:
+      src: oauth2-proxy-searxng.service.j2
+      dest: /etc/systemd/system/oauth2-proxy-searxng.service
+      owner: root
+      group: root
+      mode: '0644'
+    notify:
+      - reload systemd
+      - restart oauth2-proxy-searxng
+
+  # ===========================================================================
+  # Service Management
+  # ===========================================================================
+  - name: Enable and start OAuth2-Proxy service
+    ansible.builtin.systemd:
+      name: oauth2-proxy-searxng
+      enabled: true
+      state: started
+      daemon_reload: true
+
+  handlers:
+  - name: reload systemd
+    ansible.builtin.systemd:
+      daemon_reload: true
+
+  - name: restart oauth2-proxy-searxng
+    ansible.builtin.systemd:
+      name: oauth2-proxy-searxng
+      state: restarted