diff --git a/src/freedombone-app-searx b/src/freedombone-app-searx new file mode 100755 index 00000000..92bce04e --- /dev/null +++ b/src/freedombone-app-searx @@ -0,0 +1,291 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# Searx engine application +# +# License +# ======= +# +# Copyright (C) 2014-2016 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 + +SEARX_REPO="https://github.com/asciimoo/searx" +SEARX_COMMIT='fee556c9904637051a9ba874ba7e71cd9f10789f' +SEARX_PATH=/etc +SEARX_ONION_PORT=8094 +SEARX_ONION_HOSTNAME= +SEARX_LOGIN_TEXT=$"Search engine login" +SEARX_PASSWORD= + +searx_variables=(SEARX_REPO + SEARX_COMMIT + SEARX_PATH + SEARX_LOGIN_TEXT + MY_USERNAME + SYSTEM_TYPE) + +function install_interactive_searx { + echo -n '' + APP_INSTALLED=1 +} + +function change_password_searx { + echo -n '' +} + +function reconfigure_searx { + echo -n '' +} + +function upgrade_searx { + set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO + if grep "Search engine key" $COMPLETION_FILE; then + if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then + # note: this might change to a --tor option in a later version + if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then + echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + fi + SEARX_SECRET_KEY=$(get_completion_param "searx key") + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml + if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then + SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname) + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml + fi + fi + fi +} + +function backup_local_searx { + echo -n '' +} + +function restore_local_searx { + echo -n '' +} + +function backup_remote_searx { + echo -n '' +} + +function restore_remote_searx { + echo -n '' +} + +function remove_searx { + systemctl stop searx + systemctl disable searx + rm /etc/systemd/system/searx.service + function_check remove_onion_service + remove_onion_service searx ${SEARX_ONION_PORT} + userdel -r searx + nginx_dissite searx + if [ -f /etc/nginx/sites-available/searx ]; then + rm /etc/nginx/sites-available/searx + fi + if [ -d ${SEARX_PATH}/searx ]; then + rm -rf ${SEARX_PATH}/searx + fi + remove_completion_param install_searx + sed -i '/Search engine /d' $COMPLETION_FILE + sed -i '/Search Engine /d' /home/$MY_USERNAME/README + sed -i '/Search engine /d' /home/$MY_USERNAME/README + sed -i '/search engine /d' /home/$MY_USERNAME/README +} + +function install_searx { + # Note: currently socks5 outgoing proxies to other search engines does not work + if [ ! -d /etc/nginx ]; then + echo $'Webserver is not installed' + exit 62429 + fi + + apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils + apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi + + pip install --upgrade pip + + pip install certifi + if [ ! "$?" = "0" ]; then + echo $'Failed to install certifi' + exit 737692 + fi + + pip install pyyaml + if [ ! "$?" = "0" ]; then + echo $'Failed to install pyyaml' + exit 469242 + fi + + pip install flask --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask' + exit 888575 + fi + + pip install flask_restless --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask_restless' + exit 54835 + fi + + pip install flask_babel --upgrade + if [ ! "$?" = "0" ]; then + echo $'Failed to install flask_babel' + exit 63738 + fi + + if [ ! -d $SEARX_PATH ]; then + mkdir -p $SEARX_PATH + fi + + # clone the repo + cd $SEARX_PATH + function_check git_clone + git_clone $SEARX_REPO searx + git checkout $SEARX_COMMIT -b $SEARX_COMMIT + set_completion_param "searx commit" "$SEARX_COMMIT" + + # create an onion service + SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT}) + + # an unprivileged user to run as + useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx + adduser searx debian-tor + + # daemon + echo '[Unit]' > /etc/systemd/system/searx.service + echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service + echo 'After=syslog.target' >> /etc/systemd/system/searx.service + echo 'After=network.target' >> /etc/systemd/system/searx.service + echo '' >> /etc/systemd/system/searx.service + echo '[Service]' >> /etc/systemd/system/searx.service + echo 'Type=simple' >> /etc/systemd/system/searx.service + echo 'User=searx' >> /etc/systemd/system/searx.service + echo 'Group=searx' >> /etc/systemd/system/searx.service + echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service + echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service + echo 'Restart=always' >> /etc/systemd/system/searx.service + echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service + echo '' >> /etc/systemd/system/searx.service + echo '[Install]' >> /etc/systemd/system/searx.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service + + # create a webserver file + echo 'server {' > /etc/nginx/sites-available/searx + echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx + echo " root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx + echo " server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx + echo ' access_log /dev/null;' >> /etc/nginx/sites-available/searx + echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + function_check nginx_disable_sniffing + nginx_disable_sniffing searx + echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' location / {' >> /etc/nginx/sites-available/searx + function_check nginx_limits + nginx_limits searx '1M' + echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx + echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx + echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx + + echo " auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx + echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx + echo ' }' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx + echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx + echo '' >> /etc/nginx/sites-available/searx + echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx + echo ' allow all;' >> /etc/nginx/sites-available/searx + echo ' log_not_found off;' >> /etc/nginx/sites-available/searx + echo ' access_log /dev/null;' >> /etc/nginx/sites-available/searx + echo ' }' >> /etc/nginx/sites-available/searx + echo '}' >> /etc/nginx/sites-available/searx + + # replace the secret key + if ! grep "searx key" $COMPLETION_FILE; then + SEARX_SECRET_KEY="$(create_password 30)" + fi + set_completion_param "searx key" "${SEARX_SECRET_KEY}" + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml + sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml + sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml + + # note: this might change to a --tor option in a later version + if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then + echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml + fi + + chown -R searx:searx ${SEARX_PATH}/searx + + # enable the site + nginx_ensite searx + + # restart the web server + systemctl restart php5-fpm + systemctl restart nginx + + # start the daemon + systemctl enable searx.service + systemctl daemon-reload + systemctl start searx.service + + if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then + if [ ${#SEARX_PASSWORD} -lt 8 ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'# Search Engine' >> /home/$MY_USERNAME/README + echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + APP_INSTALLED=1 +} + +# NOTE: deliberately no exit 0