jandieman/searxng
2
0
Fork 0
mirror of https://github.com/searxng/searxng.git synced 2025-12-22 19:50:00 +00:00
Code Issues Projects Releases Wiki Activity

[mod] migrate from Redis to Valkey (#4795)

Browse Source 
This patch migrates from `redis==5.2.1` [1] to `valkey==6.1.0` [2].

The migration to valkey is necessary because the company behind Redis has decided
to abandon the open source license. After experiencing a drop in user numbers,
they now want to run it under a dual license again. But this move demonstrates
once again how unreliable the company is and how it treats open source
developers.

To review first, read the docs::

    $ make docs.live

Follow the instructions to remove redis:

- http://0.0.0.0:8000/admin/settings/settings_redis.html

Config and install a local valkey DB:

- http://0.0.0.0:8000/admin/settings/settings_valkey.html

[1] https://pypi.org/project/redis/
[2] https://pypi.org/project/valkey/

Co-authored-by: HLFH <gaspard@dhautefeuille.eu>
Co-authored-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Gaspard d'Hautefeuille
2025-07-09 07:55:37 +02:00
committed by GitHub
parent bd593d0bad
commit f798ddd492
43 changed files with 468 additions and 724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
utils/lib.sh
View File

@@ -7,6 +7,8 @@
DIST_ID=$(source /etc/os-release; echo "$ID");
# shellcheck disable=SC2034
DIST_VERS=$(source /etc/os-release; echo "$VERSION_ID");
# shellcheck disable=SC2034
DIST_VERSION_CODENAME=$(source /etc/os-release; echo "$VERSION_CODENAME");
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
ADMIN_NAME="${ADMIN_NAME:-$USER}"

290
utils/lib_redis.sh
View File

@@ -1,190 +1,26 @@
#!/usr/bin/env bash
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Tools to build and install redis [1] binaries & packages.
#
# [1] https://redis.io/download#installation
#
# 1. redis.devpkg (sudo)
# 2. redis.build
# 3. redis.install (sudo)
#
# systemd commands::
#
# sudo -H systemctl status searxng-redis
# sudo -H journalctl -u searxng-redis
# sudo -H journalctl --vacuum-size=1M
#
# Test socket connection from client (local user)::
#
# $ sudo -H ./manage redis.addgrp "${USER}"
# # logout & login to get member of group
# $ groups
# ... searxng-redis ...
# $ source /usr/local/searxng-redis/.redis_env
# $ which redis-cli
# /usr/local/searxng-redis/.local/bin/redis-cli
#
# $ redis-cli -s /usr/local/searxng-redis/redis.sock
# redis /usr/local/searxng-redis/redis.sock> set foo bar
# OK
# redis /usr/local/searxng-redis/redis.sock> get foo
# "bar"
# [CTRL-D]
# shellcheck disable=SC2091
# shellcheck source=utils/lib.sh
. /dev/null
REDIS_GIT_URL="https://github.com/redis/redis.git"
REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}"
REDIS_USER="searxng-redis"
REDIS_GROUP="searxng-redis"
REDIS_HOME="/usr/local/${REDIS_USER}"
REDIS_HOME_BIN="${REDIS_HOME}/.local/bin"
REDIS_ENV="${REDIS_HOME}/.redis_env"
REDIS_SERVICE_NAME="searxng-redis"
REDIS_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${REDIS_SERVICE_NAME}.service"
# binaries to compile & install
REDIS_INSTALL_EXE=(redis-server redis-benchmark redis-cli)
# link names of redis-server binary
REDIS_LINK_EXE=(redis-sentinel redis-check-rdb redis-check-aof)
REDIS_CONF="${REDIS_HOME}/redis.conf"
REDIS_CONF_TEMPLATE=$(cat <<EOF
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
# bind 127.0.0.1 -::1
protected-mode yes
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 0
# Specify the path for the Unix socket that will be used to listen for
# incoming connections.
unixsocket ${REDIS_HOME}/run/redis.sock
unixsocketperm 770
# The working directory.
dir ${REDIS_HOME}/run
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree.
supervised auto
pidfile ${REDIS_HOME}/run/redis.pid
# log to the system logger
syslog-enabled yes
EOF
)
redis.help(){
cat <<EOF
redis.:
devpkg : install essential packages to compile redis
build : build redis binaries at $(redis._get_dist)
install : create user (${REDIS_USER}) and install systemd service (${REDIS_SERVICE_NAME})
remove : delete user (${REDIS_USER}) and remove service (${REDIS_SERVICE_NAME})
shell : start bash interpreter from user ${REDIS_USER}
src : clone redis source code to <path> and checkput ${REDIS_GIT_TAG}
useradd : create user (${REDIS_USER}) at ${REDIS_HOME}
userdel : delete user (${REDIS_USER})
addgrp : add <user> to group (${REDIS_USER})
rmgrp : remove <user> from group (${REDIS_USER})
EOF
}
redis.devpkg() {
# Uses OS package manager to install the essential packages to build and
# compile sources
sudo_or_exit
case ${DIST_ID} in
ubuntu|debian)
pkg_install git build-essential gawk
;;
arch)
pkg_install git base-devel
;;
fedora)
pkg_install git @development-tools
;;
centos)
pkg_install git
yum groupinstall "Development Tools" -y
;;
*)
err_msg "$DIST_ID-$DIST_VERS: No rules to install development tools from OS."
return 42
;;
esac
}
redis.build() {
# usage: redis.build
rst_title "get redis sources" section
redis.src "${CACHE}/redis"
if ! required_commands gcc nm make gawk ; then
info_msg "install development tools to get missing command(s) .."
if [[ -n ${SUDO_USER} ]]; then
sudo -H "$0" redis.devpkg
else
redis.devpkg
fi
fi
rst_title "compile redis sources" section
pushd "${CACHE}/redis" &>/dev/null
if ask_yn "Do you run 'make distclean' first'?" Yn; then
$(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout
fi
$(bash.cmd) -c "make" 2>&1 | prefix_stdout
if ask_yn "Do you run 'make test'?" Ny; then
$(bash.cmd) -c "make test" | prefix_stdout
fi
popd &>/dev/null
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
mkdir -p "$(redis._get_dist)"
cd "${CACHE}/redis/src"
cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)"
EOF
info_msg "redis binaries available at $(redis._get_dist)"
}
redis.install() {
sudo_or_exit
(
set -e
redis.useradd
redis._install_bin
redis._install_conf
redis._install_service
)
dump_return $?
}
redis.remove() {
sudo_or_exit
@@ -200,57 +36,6 @@ redis.shell() {
interactive_shell "${REDIS_USER}"
}
redis.src() {
# usage: redis.src "${CACHE}/redis"
local dest="${1:-${CACHE}/redis}"
if [ -d "${dest}" ] ; then
info_msg "already cloned: $dest"
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
cd "${dest}"
git fetch --all
git reset --hard tags/${REDIS_GIT_TAG}
EOF
else
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
mkdir -p "$(dirname "$dest")"
cd "$(dirname "$dest")"
git clone "${REDIS_GIT_URL}" "${dest}"
EOF
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
cd "${dest}"
git checkout tags/${REDIS_GIT_TAG} -b "build-branch"
EOF
fi
}
redis.useradd(){
# usage: redis.useradd
rst_title "add user ${REDIS_USER}" section
echo
sudo_or_exit
# create user account
tee_stderr 0.5 <<EOF | sudo -H bash | prefix_stdout
useradd --shell /bin/bash --system \
--home-dir "${REDIS_HOME}" \
--comment 'user that runs a redis instance' "${REDIS_USER}"
mkdir -p "${REDIS_HOME}"
chown -R "${REDIS_USER}:${REDIS_GROUP}" "${REDIS_HOME}"
groups "${REDIS_USER}"
EOF
# create App-ENV and add source it in the .profile
tee_stderr 0.5 <<EOF | sudo -H -u "${REDIS_USER}" bash | prefix_stdout
mkdir -p "${REDIS_HOME_BIN}"
echo "export PATH=${REDIS_HOME_BIN}:\\\$PATH" > "${REDIS_ENV}"
grep -qFs -- 'source "${REDIS_ENV}"' ~/.profile || echo 'source "${REDIS_ENV}"' >> ~/.profile
EOF
}
redis.userdel() {
sudo_or_exit
@@ -275,81 +60,6 @@ redis.rmgrp() {
}
# private redis. functions
# ------------------------
redis._install_bin() {
local src
src="$(redis._get_dist)"
(
set -e
for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do
install -v -o "${REDIS_USER}" -g "${REDIS_GROUP}" \
"${src}/${redis_exe}" "${REDIS_HOME_BIN}"
done
pushd "${REDIS_HOME_BIN}" &> /dev/null
for redis_exe in "${REDIS_LINK_EXE[@]}"; do
info_msg "link redis-server --> ${redis_exe}"
sudo -H -u "${REDIS_USER}" ln -sf redis-server "${redis_exe}"
done
popd &> /dev/null
)
}
redis._install_conf() {
sudo -H -u "${REDIS_USER}" bash <<EOF
mkdir -p "${REDIS_HOME}/run"
echo '${REDIS_CONF_TEMPLATE}' > "${REDIS_CONF}"
EOF
}
redis._install_service() {
systemd_install_service "${REDIS_SERVICE_NAME}" "${REDIS_SYSTEMD_UNIT}"
}
redis._remove_service() {
systemd_remove_service "${REDIS_SERVICE_NAME}" "${REDIS_SYSTEMD_UNIT}"
}
redis._get_dist() {
if [ -z "${REDIS_DIST}" ]; then
echo "${REPO_ROOT}/dist/redis/${REDIS_GIT_TAG}/$(redis._arch)"
else
echo "${REDIS_DIST}"
fi
}
redis._arch() {
local ARCH
case "$(command uname -m)" in
"x86_64") ARCH=amd64 ;;
"aarch64") ARCH=arm64 ;;
"armv6" | "armv7l") ARCH=armv6l ;;
"armv8") ARCH=arm64 ;;
.*386.*) ARCH=386 ;;
ppc64*) ARCH=ppc64le ;;
*) die 42 "ARCH is unknown: $(command uname -m)" ;;
esac
echo "${ARCH}"
}
# TODO: move this to the right place ..
bash.cmd(){
# print cmd to get a bash in a non-root mode, even if we are in a sudo
# context.
local user="${USER}"
local bash_cmd="bash"
if [ -n "${SUDO_USER}" ] && [ "root" != "${SUDO_USER}" ] ; then
user="${SUDO_USER}"
bash_cmd="sudo -H -u ${SUDO_USER} bash"
fi
printf "%s" "${bash_cmd}"
}

73
utils/lib_valkey.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: AGPL-3.0-or-later
valkey.distro.setup() {
# shellcheck disable=SC2034
case $DIST_ID in
ubuntu|debian)
VALKEY_PACKAGES="valkey-server"
;;
arch|fedora|centos)
VALKEY_PACKAGES="valkey"
;;
*)
err_msg "$DIST_ID: valkey not yet implemented"
;;
esac
}
valkey.backports() {
case $DIST_ID in
debian)
info_msg "APT:: install debian-stable-backports.source / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})"
install_template /etc/apt/sources.list.d/debian-stable-backports.sources
apt update
;;
ubuntu)
info_msg "APT:: install ubuntu-stable-backports.source / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})"
install_template /etc/apt/sources.list.d/ubuntu-stable-backports.sources
apt update
;;
*)
info_msg "APT:: valkey.backports no implementation / ${DIST_ID}-${DIST_VERS} (${DIST_VERSION_CODENAME})"
;;
esac
}
valkey.install(){
info_msg "installing valkey ..."
valkey.distro.setup
case $DIST_ID in
debian|ubuntu)
apt-cache show "${VALKEY_PACKAGES}" &> /dev/null || valkey.backports
pkg_install "${VALKEY_PACKAGES}"
# do some fix ...
# chown -R valkey:valkey /var/log/valkey/ /var/lib/valkey/ /etc/valkey/
# https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers=
sed -i 's/PrivateUsers=true/# PrivateUsers=true/' /lib/systemd/system/valkey-server.service
sed -i 's/PrivateUsers=true/# PrivateUsers=true/' /lib/systemd/system/valkey-server@.service
systemd_activate_service valkey-server
;;
arch|fedora|centos)
pkg_install "${VALKEY_PACKAGES}"
systemd_activate_service valkey
;;
*)
# install backports if package is not in the current APT repos
pkg_install "${VALKEY_PACKAGES}"
;;
esac
# case $DIST_ID-$DIST_VERS in
# arch-*|fedora-*|centos-7)
# systemctl enable nginx
# systemctl start nginx
# ;;
# esac
}

135
utils/searxng.sh
View File

@@ -9,6 +9,8 @@ SEARXNG_UWSGI_USE_SOCKET="${SEARXNG_UWSGI_USE_SOCKET:-true}"
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/lib_redis.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib_redis.sh"
# shellcheck source=utils/lib_valkey.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib_valkey.sh"
# shellcheck source=utils/brand.sh
source "${REPO_ROOT}/utils/brand.sh"
@@ -119,8 +121,8 @@ usage() {
# shellcheck disable=SC1117
cat <<EOF
usage:
$(basename "$0") install [all|user|pyenv|settings|uwsgi|redis|nginx|apache|searxng-src|packages|buildhost]
$(basename "$0") remove [all|user|pyenv|settings|uwsgi|redis|nginx|apache]
$(basename "$0") install [all|user|pyenv|settings|uwsgi|valkey|nginx|apache|searxng-src|packages|buildhost]
$(basename "$0") remove [all|user|pyenv|settings|uwsgi|valkey|nginx|apache]
$(basename "$0") instance [cmd|update|check|localtest|inspect]
install|remove:
all : complete (de-) installation of the SearXNG service
@@ -128,9 +130,12 @@ install|remove:
pyenv : virtualenv (python) in ${SEARXNG_PYENV}
settings : settings from ${SEARXNG_SETTINGS_PATH}
uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP}
redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock
nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE}
apache : HTTP site ${APACHE_SITES_AVAILABLE}/${APACHE_SEARXNG_SITE}
install:
valkey : install a local valkey server
remove:
redis : remove a local redis server ${REDIS_HOME}/run/redis.sock
install:
searxng-src : clone ${GIT_URL} into ${SEARXNG_SRC}
packages : installs packages from OS package manager required by SearXNG
@@ -194,7 +199,7 @@ main() {
buildhost) searxng.install.buildhost;;
nginx) searxng.nginx.install;;
apache) searxng.apache.install;;
redis) searxng.install.redis;;
valkey) searxng.install.valkey;;
*) usage "$_usage"; exit 42;;
esac
;;
@@ -208,6 +213,7 @@ main() {
uwsgi) searxng.remove.uwsgi;;
apache) searxng.apache.remove;;
remove) searxng.nginx.remove;;
valkey) searxng.remove.valkey;;
redis) searxng.remove.redis;;
*) usage "$_usage"; exit 42;;
esac
@@ -259,7 +265,7 @@ main() {
searxng.install.all() {
rst_title "SearXNG installation" part
local redis_url
local valkey_url
rst_title "SearXNG"
searxng.install.packages
@@ -277,8 +283,8 @@ searxng.install.all() {
searxng.install.uwsgi
wait_key
rst_title "Redis DB"
searxng.install.redis.db
rst_title "Valkey DB"
searxng.install.valkey.db
rst_title "HTTP Server"
searxng.install.http.site
@@ -289,77 +295,35 @@ searxng.install.all() {
fi
}
searxng.install.redis.db() {
local redis_url
searxng.install.valkey.db() {
local valkey_url
redis_url=$(searxng.instance.get_setting redis.url)
rst_para "\
In your instance, redis DB connector is configured at:
valkey_url=$(searxng.instance.get_setting valkey.url)
${redis_url}
if [ "${valkey_url}" = "False" ]; then
rst_para "valkey DB connector is not configured in your instance"
else
rst_para "\
In your instance, valkey DB connector is configured at:
${valkey_url}
"
if searxng.instance.exec python -c "from searx import redisdb; redisdb.initialize() or exit(42)"; then
info_msg "SearXNG instance is able to connect redis DB."
if searxng.instance.exec python -c "from searx import valkeydb; valkeydb.initialize() or exit(42)"; then
info_msg "SearXNG instance is able to connect valkey DB."
return
fi
fi
if ! [[ ${valkey_url} = valkey://localhost:6379/* ]]; then
err_msg "SearXNG instance can't connect valkey DB / check valkey & your settings"
return
fi
if ! [[ ${redis_url} = unix://${REDIS_HOME}/run/redis.sock* ]]; then
err_msg "SearXNG instance can't connect redis DB / check redis & your settings"
return
rst_para ".. but this valkey DB is not installed yet."
if ask_yn "Do you want to install the valkey DB now?" Yn; then
searxng.install.valkey
uWSGI_restart "$SEARXNG_UWSGI_APP"
fi
rst_para ".. but this redis DB is not installed yet."
case $DIST_ID-$DIST_VERS in
fedora-*)
# Fedora runs uWSGI in emperor-tyrant mode: in Tyrant mode the
# Emperor will run the vassal using the UID/GID of the vassal
# configuration file [1] (user and group of the app .ini file).
#
# HINT: without option ``emperor-tyrant-initgroups=true`` in
# ``/etc/uwsgi.ini`` the process won't get the additional groups,
# but this option is not available in 2.0.x branch [2][3] / on
# fedora35 there is v2.0.20 installed --> no way to get additional
# groups on fedora's tyrant mode.
#
# ERROR:searx.redisdb: [searxng (993)] can't connect redis DB ...
# ERROR:searx.redisdb: Error 13 connecting to unix socket: /usr/local/searxng-redis/run/redis.sock. Permission denied.
# ERROR:searx.plugins.limiter: init limiter DB failed!!!
#
# $ ps -aef | grep '/usr/sbin/uwsgi --ini searxng.ini'
# searxng 93 92 0 12:43 ? 00:00:00 /usr/sbin/uwsgi --ini searxng.ini
# searxng 186 93 0 12:44 ? 00:00:01 /usr/sbin/uwsgi --ini searxng.ini
#
# Additional groups:
#
# $ groups searxng
# searxng : searxng searxng-redis
#
# Here you can see that the additional "Groups" of PID 186 are unset
# (missing gid of searxng-redis)
#
# $ cat /proc/186/task/186/status
# ...
# Uid: 993 993 993 993
# Gid: 993 993 993 993
# FDSize: 128
# Groups:
# ...
#
# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
# [2] https://github.com/unbit/uwsgi/issues/2099
# [3] https://github.com/unbit/uwsgi/pull/752
rst_para "\
Fedora uses emperor-tyrant mode / in this mode we had a lot of trouble with
sockets and permissions of the vasals. We recommend to setup a redis DB
and using redis:// TCP protocol in the settings.yml configuration."
;;
*)
if ask_yn "Do you want to install the redis DB now?" Yn; then
searxng.install.redis
uWSGI_restart "$SEARXNG_UWSGI_APP"
fi
;;
esac
}
searxng.install.http.site() {
@@ -380,16 +344,16 @@ searxng.install.http.site() {
}
searxng.remove.all() {
local redis_url
local valkey_url
rst_title "De-Install SearXNG (service)"
if ! ask_yn "Do you really want to deinstall SearXNG?"; then
return
fi
redis_url=$(searxng.instance.get_setting redis.url)
if ! [[ ${redis_url} = unix://${REDIS_HOME}/run/redis.sock* ]]; then
searxng.remove.redis
valkey_url=$(searxng.instance.get_setting valkey.url)
if ! [[ ${valkey_url} = unix://${VALKEY_HOME}/run/valkey.sock* ]]; then
searxng.remove.valkey
fi
searxng.remove.uwsgi
@@ -642,19 +606,18 @@ searxng.remove.uwsgi() {
uWSGI_remove_app "${SEARXNG_UWSGI_APP}"
}
searxng.install.redis() {
rst_title "SearXNG (install redis)"
redis.build
redis.install
redis.addgrp "${SERVICE_USER}"
}
searxng.remove.redis() {
rst_title "SearXNG (remove redis)"
redis.rmgrp "${SERVICE_USER}"
redis.remove
}
searxng.install.valkey() {
rst_title "SearXNG (install valkey)"
valkey.install
}
searxng.instance.localtest() {
rst_title "Test SearXNG instance locally" section
rst_para "Activate debug mode, start a minimal SearXNG "\
@@ -690,11 +653,11 @@ To install uWSGI use::
die 42 "SearXNG's uWSGI app not available"
fi
if ! searxng.instance.exec python -c "from searx import redisdb; redisdb.initialize() or exit(42)"; then
if ! searxng.instance.exec python -c "from searx import valkeydb; valkeydb.initialize() or exit(42)"; then
rst_para "\
The configured redis DB is not available: If your server is public to the
The configured valkey DB is not available: If your server is public to the
internet, you should setup a bot protection to block excessively bot queries.
Bot protection requires a redis DB. About bot protection visit the official
Bot protection requires a valkey DB. About bot protection visit the official
SearXNG documentation and query for the word 'limiter'.
"
fi

11
utils/searxng_check.py
View File

@@ -34,8 +34,11 @@ if os.path.isfile(OLD_BRAND_ENV):
msg = ('%s is no longer needed, remove the file' % (OLD_BRAND_ENV))
warnings.warn(msg, DeprecationWarning)
from searx import redisdb, get_setting
from searx import valkeydb, get_setting
if not redisdb.initialize():
warnings.warn("can't connect to redis DB at: %s" % get_setting('redis.url'), RuntimeWarning, stacklevel=2)
warnings.warn("--> no bot protection without redis DB", RuntimeWarning, stacklevel=2)
if get_setting('redis.url'):
warnings.warn("setting redis.url is deprecated, use valkey.url", RuntimeWarning, stacklevel=2)
if not valkeydb.initialize():
warnings.warn("can't connect to valkey DB at: %s" % get_setting('valkey.url'), RuntimeWarning, stacklevel=2)
warnings.warn("--> no bot protection without valkey DB", RuntimeWarning, stacklevel=2)

6
utils/templates/etc/apt/sources.list.d/debian-stable-backports.sources Normal file
View File

@@ -0,0 +1,6 @@
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: stable-backports
Components: main contrib non-free non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

6
utils/templates/etc/apt/sources.list.d/ubuntu-stable-backports.sources Normal file
View File

@@ -0,0 +1,6 @@
Types: deb deb-src
URIs: http://us.archive.ubuntu.com/ubuntu/
Suites: ${DIST_VERSION_CODENAME}-backports
Components: main multiverse restricted universe
Enabled: yes
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

6
utils/templates/etc/searxng/settings.yml
View File

@@ -21,9 +21,9 @@ server:
# by ${SEARXNG_BASE_URL}.
# base_url: http://example.com/location
redis:
# URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
url: unix:///usr/local/searxng-redis/run/redis.sock?db=0
valkey:
# URL to connect valkey database. Is overwritten by ${SEARXNG_VALKEY_URL}.
url: valkey://localhost:6379/0
ui:
static_use_hash: true

42
utils/templates/lib/systemd/system/searxng-redis.service
View File

@@ -1,42 +0,0 @@
[Unit]
Description=SearXNG redis service
After=syslog.target
After=network.target
Documentation=https://redis.io/documentation
[Service]
Type=simple
User=${REDIS_USER}
Group=${REDIS_USER}
WorkingDirectory=${REDIS_HOME}
Restart=always
TimeoutStopSec=0
Environment=USER=${REDIS_USER} HOME=${REDIS_HOME}
ExecStart=${REDIS_HOME_BIN}/redis-server ${REDIS_CONF}
ExecPaths=${REDIS_HOME_BIN}
LimitNOFILE=65535
NoNewPrivileges=true
PrivateDevices=yes
# ProtectSystem=full
ProtectHome=yes
ReadOnlyDirectories=/
ReadWritePaths=-${REDIS_HOME}/run
UMask=007
PrivateTmp=yes
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
[Install]
WantedBy=multi-user.target