docker-proxied
General
Here, all of the Docker containers that need to have proxied outgoing requests are being deployed.
Nix expression
{ garuda-lib
, sources
, ...
}: {
imports = sources.defaultModules ++ [ ../modules ];
# This container runs proxied docker containers
services.docker-compose-runner.proxied = {
envfile = garuda-lib.secrets.docker-compose.proxied;
source = ../../docker-compose/proxied;
};
# Let Docker use squid as outgoig proxy
# Fails to pull images if *.docker.io is not excluded from proxy
systemd.services.docker = {
environment = {
HTTPS_PROXY = "http://10.0.5.1:3128";
HTTP_PROXY = "http://10.0.5.1:3128";
NO_PROXY = "localhost,127.0.0.1,*.docker.io,ghcr.io";
};
};
# This one is set manually as service because it needs restart: always
# (which the docker-compose-runner overwrites)
virtualisation.oci-containers = {
backend = "docker";
containers.whoogle = {
environment = {
WHOOGLE_AUTOCOMPLETE = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_NEW_TAB = "1";
WHOOGLE_CONFIG_SEARCH_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_STYLE = ":root {--whoogle-logo: #4c4f69;--whoogle-page-bg: #eff1f5;--whoogle-element-bg: #bcc0cc;--whoogle-text: #4c4f69;--whoogle-contrast-text: #5c5f77;--whoogle-secondary-text: #6c6f85;
--whoogle-result-bg: #ccd0da;--whoogle-result-title: #7287fd;--whoogle-result-url: #dc8a78;--whoogle-result-visited: #e64553;--whoogle-dark-logo: #cdd6f4;
--whoogle-dark-page-bg: #1e1e2e;--whoogle-dark-element-bg: #45475a;--whoogle-dark-text: #cdd6f4;--whoogle-dark-contrast-text: #bac2de;--whoogle-dark-secondary-text: #a6adc8;
--whoogle-dark-result-bg: #313244;--whoogle-dark-result-title: #b4befe;--whoogle-dark-result-url: #f5e0dc;--whoogle-dark-result-visited: #eba0ac;}
#whoogle-w {fill: #89b4fa;} #whoogle-h {fill: #f38ba8;}#whoogle-o-1 {fill: #f9e2af;}#whoogle-o-2 {fill: #89b4fa;}#whoogle-g {fill: #a6e3a1;}#whoogle-l {fill: #f38ba8;}
#whoogle-e {fill: #f9e2af;}";
WHOOGLE_CONFIG_THEME = "dark";
WHOOGLE_CONFIG_URL = "https://search.garudalinux.org";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_RESULTS_PER_PAGE = "15";
};
extraOptions = [
"--cap-drop=all"
"--pids-limit=50"
"--security-opt=no-new-privileges:true"
"--tmpfs=/run/tor/:size=1M,uid=927,gid=927,mode=1700"
"--tmpfs=/var/lib/tor/:size=10M,uid=927,gid=927,mode=1700"
];
hostname = "whoogle";
image = "benbusby/whoogle-search:latest";
ports = [ "5000:5000" ];
user = "whoogle";
volumes = [ "/var/garuda/docker-compose-runner/proxied/whoogle:/config" ];
};
};
system.stateVersion = "23.05";
}
Docker compose
---
services:
# Searxng search engine
searx:
image: searxng/searxng:latest # It tends do be important to stay current
container_name: searx
volumes: [./searxng:/etc/searxng]
ports: [8080:8080]
environment:
BASE_URL: https://searx.garudalinux.org/
BIND_ADDRESS: 0.0.0.0:8080
HTTPS_PROXY: http://10.0.5.1:3128
HTTP_PROXY: http://10.0.5.1:3128
INSTANCE_NAME: Garuda's SearxNG
NO_PROXY: "*.garudalinux.org"
cap_drop: [ALL]
cap_add: [CHOWN, SETGID, SETUID, DAC_OVERRIDE]
restart: always
# Librey search engine
librey:
image: ghcr.io/ahwxorg/librey:latest # It tends do be important to stay current
container_name: librey
ports:
- 8081:8080
environment:
- CONFIG_CACHE_TIME=20
- CONFIG_DISABLE_BITTORRENT_SEARCH=false
- CONFIG_GOOGLE_DOMAIN=com
- CONFIG_HIDDEN_SERVICE_SEARCH=true
- CONFIG_INSTANCE_FALLBACK=true
- CONFIG_INVIDIOUS_INSTANCE=https://invidious.snopyta.org
- CONFIG_LANGUAGE=en
- CONFIG_NUMBER_OF_RESULTS=10
- CONFIG_RATE_LIMIT_COOLDOWN=25
- CONFIG_TEXT_SEARCH_ENGINE=google
restart: unless-stopped
# Lingva
lingva:
image: thedaviddelta/lingva-translate:latest # Only latest tag is available
container_name: lingva
environment:
DARK_THEME: "true"
DEFAULT_SOURCE_LANG: auto
DEFAULT_TARGET_LANG: en
HTTP_PROXY: http://10.0.5.1:3128
HTTPS_PROXY: http://10.0.5.1:3128
SITE_DOMAIN: lingva.garudalinux.org
ports: [3002:3000]
restart: always
redlib:
image: quay.io/redlib/redlib:latest
container_name: redlib
environment:
REDLIB_BANNER_: Garuda's Redlib
REDLIB_DEFAULT_AUTOPLAY_VIDEOS: true
REDLIB_DEFAULT_BLUR_NSFW: true
REDLIB_DEFAULT_COMMENT_SORT: confidence
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: false
REDLIB_DEFAULT_FIXED_NAVBAR: true
REDLIB_DEFAULT_FRONT_PAGE: popular
REDLIB_DEFAULT_HIDE_AWARDS: true
REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION=: true
REDLIB_DEFAULT_HIDE_SCORE: false
REDLIB_DEFAULT_LAYOUT: card
REDLIB_DEFAULT_POST_SORT: hot
REDLIB_DEFAULT_SHOW_NSFW: false
REDLIB_DEFAULT_THEME: dracula
REDLIB_DEFAULT_USE_HLS: true
REDLIB_DEFAULT_WIDE: false
REDLIB_PUSHSHIFT_FRONTEND: undelete.pullpush.io
REDLIB_ROBOTS_DISABLE_INDEXING: true
REDLIB_SFW_ONLY: false
ports:
- 8082:8080
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8082/settings"]
interval: 5m
timeout: 3s
restart: always
# Automated container updates
watchtower:
image: containrrr/watchtower:1.7.1
container_name: watchtower
command:
--cleanup searx lingva whoogle librey
volumes: [/var/run/docker.sock:/var/run/docker.sock]
restart: always
volumes:
piped_proxy: