forked from Archives/searxng
utils/morty.sh: add script to install morty result proxy
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>dependabot/pip/master/sphinx-6.1.3
parent
709ac51d33
commit
a4437c47ac
@ -1,9 +1,17 @@
|
||||
# -*- coding: utf-8; mode: sh -*-
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
#
|
||||
# environment used by utils scripts like filtron.sh or searx.sh
|
||||
#
|
||||
# This environment is used by ./utils scripts like filtron.sh or searx.sh. The
|
||||
# default values are *most flexible* and *best maintained*, you normally not
|
||||
# need to change them. Before you change any value here you have to uninstall
|
||||
# any previous installation. It is recommended to backup your changes simply by
|
||||
# adding them to you local brand (git branch).
|
||||
|
||||
# the public URL of the searx instance
|
||||
# The public URL of the searx instance
|
||||
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
|
||||
PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}"
|
||||
|
||||
# Run all services by one account, but be aware that removing discrete
|
||||
# components might conflict! **experimental**
|
||||
#
|
||||
# SERVICE_USER=service_account42
|
||||
|
@ -0,0 +1,382 @@
|
||||
#!/usr/bin/env bash
|
||||
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
# shellcheck source=utils/lib.sh
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
||||
source_dot_config
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# config
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
PUBLIC_URL_PATH_MORTY="/morty"
|
||||
PUBLIC_URL_MORTY="$(dirname ${PUBLIC_URL})${PUBLIC_URL_PATH_MORTY}"
|
||||
|
||||
MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
|
||||
MORTY_TIMEOUT=5
|
||||
|
||||
SERVICE_NAME="morty"
|
||||
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
|
||||
SERVICE_HOME="/home/${SERVICE_USER}"
|
||||
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
|
||||
# shellcheck disable=SC2034
|
||||
SERVICE_GROUP="${SERVICE_USER}"
|
||||
SERVICE_ENV_DEBUG=false
|
||||
|
||||
GO_ENV="${SERVICE_HOME}/.go_env"
|
||||
GO_PKG_URL="https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz"
|
||||
GO_TAR=$(basename "$GO_PKG_URL")
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
CONFIG_FILES=()
|
||||
|
||||
# Apache Settings
|
||||
|
||||
APACHE_MORTY_SITE="morty.conf"
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
usage() {
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# shellcheck disable=SC1117
|
||||
cat <<EOF
|
||||
|
||||
usage::
|
||||
|
||||
$(basename "$0") shell
|
||||
$(basename "$0") install [all|user]
|
||||
$(basename "$0") update [morty]
|
||||
$(basename "$0") remove [all]
|
||||
$(basename "$0") activate [service]
|
||||
$(basename "$0") deactivate [service]
|
||||
$(basename "$0") inspect [service]
|
||||
$(basename "$0") option [debug-on|debug-off]
|
||||
$(basename "$0") apache [install|remove]
|
||||
|
||||
shell
|
||||
start interactive shell from user ${SERVICE_USER}
|
||||
install / remove
|
||||
all: complete setup of morty service
|
||||
user: add/remove service user '$SERVICE_USER' at $SERVICE_HOME
|
||||
update morty
|
||||
Update morty installation of user ${SERVICE_USER}
|
||||
activate service
|
||||
activate and start service daemon (systemd unit)
|
||||
deactivate service
|
||||
stop and deactivate service daemon (systemd unit)
|
||||
inspect service
|
||||
show service status and log
|
||||
option
|
||||
set one of the available options
|
||||
apache : ${PUBLIC_URL_MORTY}
|
||||
:install: apache site with a reverse proxy (ProxyPass)
|
||||
:remove: apache site ${APACHE_MORTY_SITE}
|
||||
|
||||
If needed, set the environment variable MORTY_LISTEN in the
|
||||
${DOT_CONFIG#"$REPO_ROOT/"} file::
|
||||
|
||||
MORTY_LISTEN : ${MORTY_LISTEN}
|
||||
|
||||
To activate morty in searx, add result_proxy to your settings.yml::
|
||||
|
||||
result_proxy:
|
||||
url : ${PUBLIC_URL_MORTY}
|
||||
|
||||
further read: https://asciimoo.github.io/searx/admin/morty.html
|
||||
|
||||
EOF
|
||||
[ ! -z ${1+x} ] && echo -e "$1"
|
||||
}
|
||||
|
||||
main() {
|
||||
rst_title "$SERVICE_NAME" part
|
||||
|
||||
required_commands \
|
||||
dpkg apt-get install git wget curl \
|
||||
|| exit
|
||||
|
||||
local _usage="ERROR: unknown or missing $1 command $2"
|
||||
|
||||
case $1 in
|
||||
--source-only) ;;
|
||||
-h|--help) usage; exit 0;;
|
||||
|
||||
shell)
|
||||
sudo_or_exit
|
||||
interactive_shell "${SERVICE_USER}"
|
||||
;;
|
||||
inspect)
|
||||
case $2 in
|
||||
service)
|
||||
sudo_or_exit
|
||||
inspect_service
|
||||
;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
install)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
all) install_all ;;
|
||||
user) assert_user ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
update)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
morty) update_morty ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
remove)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
all) remove_all;;
|
||||
user) drop_service_account "${SERVICE_USER}" ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
activate)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
service) systemd_activate_service "${SERVICE_NAME}" ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
deactivate)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
service) systemd_deactivate_service "${SERVICE_NAME}" ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
apache)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
install) install_apache_site ;;
|
||||
remove) remove_apache_site ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
option)
|
||||
sudo_or_exit
|
||||
case $2 in
|
||||
debug-on) enable_debug ;;
|
||||
debug-off) disable_debug ;;
|
||||
*) usage "$_usage"; exit 42;;
|
||||
esac ;;
|
||||
|
||||
*) usage "ERROR: unknown or missing command $1"; exit 42;;
|
||||
esac
|
||||
}
|
||||
|
||||
install_all() {
|
||||
rst_title "Install $SERVICE_NAME (service)"
|
||||
assert_user
|
||||
wait_key
|
||||
install_go "${GO_PKG_URL}" "${GO_TAR}" "${SERVICE_USER}"
|
||||
wait_key
|
||||
install_morty
|
||||
wait_key
|
||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
||||
wait_key
|
||||
echo
|
||||
if ! service_is_available "http://${MORTY_LISTEN}" ; then
|
||||
err_msg "Morty does not listening on: http://${MORTY_LISTEN}"
|
||||
fi
|
||||
if ask_yn "Do you want to inspect the installation?" Yn; then
|
||||
inspect_service
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
remove_all() {
|
||||
rst_title "De-Install $SERVICE_NAME (service)"
|
||||
|
||||
rst_para "\
|
||||
It goes without saying that this script can only be used to remove
|
||||
installations that were installed with this script."
|
||||
|
||||
if systemd_remove_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"; then
|
||||
drop_service_account "${SERVICE_USER}"
|
||||
fi
|
||||
}
|
||||
|
||||
assert_user() {
|
||||
rst_title "user $SERVICE_USER" section
|
||||
echo
|
||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
|
||||
--disabled-password --group --gecos 'Morty' $SERVICE_USER
|
||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
||||
groups $SERVICE_USER
|
||||
EOF
|
||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||
export SERVICE_HOME
|
||||
echo "export SERVICE_HOME=$SERVICE_HOME"
|
||||
|
||||
cat > "$GO_ENV" <<EOF
|
||||
export GOPATH=\$HOME/go-apps
|
||||
export PATH=\$PATH:\$HOME/local/go/bin:\$GOPATH/bin
|
||||
EOF
|
||||
echo "Environment $GO_ENV has been setup."
|
||||
|
||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER"
|
||||
grep -qFs -- 'source $GO_ENV' ~/.profile || echo 'source $GO_ENV' >> ~/.profile
|
||||
EOF
|
||||
}
|
||||
|
||||
morty_is_installed() {
|
||||
[[ -f $SERVICE_HOME/go-apps/bin/morty ]]
|
||||
}
|
||||
|
||||
_svcpr=" |${SERVICE_USER}| "
|
||||
|
||||
install_morty() {
|
||||
rst_title "Install morty in user's ~/go-apps" section
|
||||
echo
|
||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER" 2>&1 | prefix_stdout "$_svcpr"
|
||||
go get -v -u github.com/asciimoo/morty
|
||||
EOF
|
||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER" 2>&1 | prefix_stdout "$_svcpr"
|
||||
cd \$GOPATH/src/github.com/asciimoo/morty
|
||||
go test
|
||||
go test -benchmem -bench .
|
||||
EOF
|
||||
}
|
||||
|
||||
update_morty() {
|
||||
rst_title "Update morty" section
|
||||
echo
|
||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER" 2>&1 | prefix_stdout "$_svcpr"
|
||||
go get -v -u github.com/asciimoo/morty
|
||||
EOF
|
||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER" 2>&1 | prefix_stdout "$_svcpr"
|
||||
cd \$GOPATH/src/github.com/asciimoo/morty
|
||||
go test
|
||||
go test -benchmem -bench .
|
||||
EOF
|
||||
}
|
||||
|
||||
set_service_env_debug() {
|
||||
|
||||
# usage: set_service_env_debug [false|true]
|
||||
|
||||
local SERVICE_ENV_DEBUG="${1:-false}"
|
||||
if systemd_remove_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"; then
|
||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
||||
fi
|
||||
}
|
||||
|
||||
inspect_service() {
|
||||
|
||||
rst_title "service status & log"
|
||||
|
||||
cat <<EOF
|
||||
|
||||
sourced ${DOT_CONFIG#"$REPO_ROOT/"} :
|
||||
|
||||
MORTY_LISTEN : ${MORTY_LISTEN}
|
||||
|
||||
EOF
|
||||
|
||||
if service_account_is_available "$SERVICE_USER"; then
|
||||
info_msg "service account $SERVICE_USER available."
|
||||
else
|
||||
err_msg "service account $SERVICE_USER not available!"
|
||||
fi
|
||||
if go_is_available "$SERVICE_USER"; then
|
||||
info_msg "~$SERVICE_USER: go is installed"
|
||||
else
|
||||
err_msg "~$SERVICE_USER: go is not installed"
|
||||
fi
|
||||
if morty_is_installed; then
|
||||
info_msg "~$SERVICE_USER: morty app is installed"
|
||||
else
|
||||
err_msg "~$SERVICE_USER: morty app is not installed!"
|
||||
fi
|
||||
|
||||
if ! service_is_available "http://${MORTY_LISTEN}" ; then
|
||||
err_msg "Morty does not listening on: http://${MORTY_LISTEN}"
|
||||
echo -e "${_Green}stop with [${_BCyan}CTRL-C${_Green}] or .."
|
||||
wait_key
|
||||
fi
|
||||
|
||||
local _debug_on
|
||||
if ask_yn "Enable filtron debug mode?"; then
|
||||
enable_debug
|
||||
_debug_on=1
|
||||
fi
|
||||
|
||||
echo
|
||||
systemctl --no-pager -l status "${SERVICE_NAME}"
|
||||
echo
|
||||
|
||||
# shellcheck disable=SC2059
|
||||
info_msg "morty URL --> http://${MORTY_LISTEN}"
|
||||
info_msg "public URL --> ${PUBLIC_URL_MORTY}"
|
||||
printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log"
|
||||
read -r -s -n1 -t 2
|
||||
echo
|
||||
while true; do
|
||||
trap break 2
|
||||
journalctl -f -u "${SERVICE_NAME}"
|
||||
done
|
||||
|
||||
if [[ $_debug_on == 1 ]]; then
|
||||
FORCE_SELECTION=Y disable_debug
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
enable_debug() {
|
||||
warn_msg "Do not enable debug in production enviroments!!"
|
||||
info_msg "Enabling debug option needs to reinstall systemd service!"
|
||||
set_service_env_debug true
|
||||
}
|
||||
|
||||
disable_debug() {
|
||||
info_msg "Disabling debug option needs to reinstall systemd service!"
|
||||
set_service_env_debug false
|
||||
}
|
||||
|
||||
install_apache_site() {
|
||||
|
||||
rst_title "Install Apache site $APACHE_MORTY_SITE"
|
||||
|
||||
rst_para "\
|
||||
This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE})"
|
||||
|
||||
! apache_is_installed && err_msg "Apache is not installed."
|
||||
|
||||
if ! ask_yn "Do you really want to continue?"; then
|
||||
return
|
||||
fi
|
||||
|
||||
a2enmod headers
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
|
||||
echo
|
||||
apache_install_site "${APACHE_MORTY_SITE}"
|
||||
|
||||
info_msg "testing public url .."
|
||||
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
|
||||
err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
|
||||
fi
|
||||
}
|
||||
|
||||
remove_apache_site() {
|
||||
|
||||
rst_title "Remove Apache site $APACHE_MORTY_SITE"
|
||||
|
||||
rst_para "\
|
||||
This removes apache site ${APACHE_MORTY_SITE}."
|
||||
|
||||
! apache_is_installed && err_msg "Apache is not installed."
|
||||
|
||||
if ! ask_yn "Do you really want to continue?"; then
|
||||
return
|
||||
fi
|
||||
|
||||
apache_remove_site "$APACHE_MORTY_SITE"
|
||||
}
|
||||
# ----------------------------------------------------------------------------
|
||||
main "$@"
|
||||
# ----------------------------------------------------------------------------
|
@ -0,0 +1,23 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
||||
<Location ${PUBLIC_URL_PATH_MORTY} >
|
||||
|
||||
Require all granted
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
ProxyPass http://${MORTY_LISTEN}
|
||||
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
|
||||
|
||||
# In Apache it seems, that setting HTTP_HOST header direct here does have no
|
||||
# effect. I needed to set 'ProxyPreserveHost On' (see above). HTTP_HOST is
|
||||
# needed by searx to render correct *Search URL* in the *Link* box and
|
||||
# *saved preference*.
|
||||
|
||||
# RequestHeader set Host ${PUBLIC_URL_PATH_MORTY}
|
||||
|
||||
</Location>
|
@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
|
||||
Description=${SERVICE_NAME}
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
|
||||
Type=simple
|
||||
User=${SERVICE_USER}
|
||||
Group=${SERVICE_GROUP}
|
||||
WorkingDirectory=${SERVICE_HOME}
|
||||
ExecStart=${SERVICE_HOME}/go-apps/bin/morty -key '' -listen '${MORTY_LISTEN}' -timeout ${MORTY_TIMEOUT}
|
||||
|
||||
Restart=always
|
||||
Environment=USER=${SERVICE_USER} HOME=${SERVICE_HOME} DEBUG=${SERVICE_ENV_DEBUG}
|
||||
|
||||
# Some distributions may not support these hardening directives. If you cannot
|
||||
# start the service due to an unknown option, comment out the ones not supported
|
||||
# by your version of systemd.
|
||||
|
||||
ProtectSystem=full
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
NoNewPrivileges=true
|
||||
|
||||
[Install]
|
||||
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue