# {{ ansible_managed }}

version: '3.7'

services:

  # Gluetun is used to connect container to VPN
  searxng-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ searxng_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.4/32
      - FIREWALL_VPN_INPUT_PORTS=8080
    ports:
      - "8080:8080"

  searxng-redis:
    network_mode: "service:searxng-gluetun"
    container_name: redis
    image: "redis:alpine"
    command: redis-server --save "" --appendonly "no"
    tmpfs:
      - /var/lib/redis
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE

  # If you want to change container listen port from default 8080 https://github.com/searxng/searxng-docker/issues/20
  # Set environment variable BIND_ADDRESS, example:
  # environment:
  #    BIND_ADDRESS=0.0.0.0:1234
  # Then you can expose the newly changed port on gluetun
  searxng:
    network_mode: "service:searxng-gluetun"
    container_name: searxng
    image: searxng/searxng:latest
    # UID/GID of spool1_searxng
    # user: 1008:1009
    # UID/GID of root 
    user: 0:0
    volumes:
      - ./searxng-data:/etc/searxng:rw
    environment:
      - SEARXNG_BASE_URL=http://${SEARXNG_HOSTNAME:-localhost}/
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"