--- - name: Deploy SearXNG with Docker Compose hosts: ubuntu become: true tasks: - name: Check if host has searxng service ansible.builtin.set_fact: has_searxng_service: "{{'searxng' in services}}" - name: Skip hosts without searxng service ansible.builtin.meta: end_host when: not has_searxng_service - name: Create searxng group ansible.builtin.group: name: "{{searxng_group}}" - name: Create searxng user ansible.builtin.user: name: "{{searxng_user}}" comment: "{{searxng_user}}" group: "{{searxng_group}}" system: true - name: Add group searxng to keeper_user ansible.builtin.user: name: "{{keeper_user}}" groups: "{{searxng_group}}" append: true - name: Create searxng directory ansible.builtin.file: path: "{{searxng_directory}}" owner: "{{searxng_user}}" group: "{{searxng_group}}" state: directory mode: '750' - name: Template configuration files ansible.builtin.template: src: "{{item.src}}" dest: "{{searxng_directory}}/{{item.dest}}" owner: "{{searxng_user}}" group: "{{searxng_group}}" mode: '550' loop: - src: "docker-compose.yml.j2" dest: "docker-compose.yml" - src: "searxng-settings.yml.j2" dest: "searxng-settings.yml" - name: Reset SSH connection to apply group changes meta: reset_connection - name: Start SearXNG service community.docker.docker_compose_v2: project_src: "{{searxng_directory}}" state: present pull: always # =========================================================================== # OAuth2-Proxy Sidecar # Note: Each host supports at most one OAuth2-Proxy sidecar instance # (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service) # =========================================================================== - name: Create oauth2-proxy directory ansible.builtin.file: path: "{{ searxng_oauth2_proxy_dir }}" owner: root group: root state: directory mode: '0755' - name: Download oauth2-proxy binary ansible.builtin.get_url: url: "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v{{ searxng_oauth2_proxy_version }}/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64.tar.gz" dest: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.tar.gz" mode: '0644' - name: Extract oauth2-proxy binary ansible.builtin.unarchive: src: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.tar.gz" dest: /tmp remote_src: true creates: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64/oauth2-proxy" - name: Install oauth2-proxy binary ansible.builtin.copy: src: "/tmp/oauth2-proxy-v{{ searxng_oauth2_proxy_version }}.linux-amd64/oauth2-proxy" dest: /usr/local/bin/oauth2-proxy owner: root group: root mode: '0755' remote_src: true - name: Template oauth2-proxy configuration ansible.builtin.template: src: oauth2-proxy-searxng.cfg.j2 dest: "{{ searxng_oauth2_proxy_dir }}/oauth2-proxy.cfg" owner: root group: root mode: '0600' notify: restart oauth2-proxy-searxng - name: Template oauth2-proxy systemd service ansible.builtin.template: src: oauth2-proxy-searxng.service.j2 dest: /etc/systemd/system/oauth2-proxy-searxng.service owner: root group: root mode: '0644' notify: - reload systemd - restart oauth2-proxy-searxng # =========================================================================== # Service Management # =========================================================================== - name: Enable and start OAuth2-Proxy service ansible.builtin.systemd: name: oauth2-proxy-searxng enabled: true state: started daemon_reload: true handlers: - name: reload systemd ansible.builtin.systemd: daemon_reload: true - name: restart oauth2-proxy-searxng ansible.builtin.systemd: name: oauth2-proxy-searxng state: restarted