added git lfs step to fix images

Reviewed-on: #1

.gitea/workflows/hugo-deploy.yaml

@@ -11,31 +11,32 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          lfs: true
           submodules: true  # Fetch Hugo themes (true OR recursive)
           fetch-depth: 0    # Fetch all history for .GitInfo and .Lastmod
       
+      - name: Checkout LFS objects
+        run: git lfs checkout
+
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v3
         with:
           hugo-version: '0.128.0'
 
+      - name: Setup Rsync
+        uses: GuillaumeFalourd/setup-rsync@v1.2
+
       - name: Build
         run: hugo --minify
 
-      - name: Deploy to Staging server
+      - name: Install SSH Key
-        uses: easingthemes/ssh-deploy@main
+        uses: shimataro/ssh-key-action@v2
         with:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }} 
-          ARGS: "-rlgoDzvc -i"
+          known_hosts: 'placeholder' # to make it work
-          SOURCE: "public/"
+
-          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
+      - name: Adding Known Hosts
-          REMOTE_USER: ${{ secrets.REMOTE_USER }}
+        run: ssh-keyscan -H ${{ secrets.REMOTE_HOST }} >> ~/.ssh/known_hosts
-          TARGET: ${{ secrets.REMOTE_TARGET }}
+
-          EXCLUDE: "/dist/, /node_modules/"
+      - name: Deploy with rsync
-          SCRIPT_BEFORE: |
+        run: rsync -avz --delete ./public/ ${{ secrets.REMOTE_USER }}@${{ secrets.REMOTE_HOST }}:${{ secrets.REMOTE_TARGET }}
-            whoami
-            ls -al
-          SCRIPT_AFTER: |
-            whoami
-            ls -al
-            echo $RSYNC_STDOUT

content/posts/2024/installing-searxng/images/ip.png

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:63205e9a744500be6ba817f1b3022ab0c1f699aa89391db2f871b3c42c08f433
+size 66754

content/posts/2024/installing-searxng/images/searchresult.png

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e62d2e7403509dd68da0accd592267009d6d79edc1c348115e77acc1da573b64
+size 200826

content/posts/2024/installing-searxng/images/searxng.png

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fa33b839661f95814297447dd5288f7e9fa99ce39163e2fd0a02bb65aba6dcc7
+size 49608

content/posts/2024/installing-searxng/index.md

@@ -0,0 +1,111 @@
+---
+title: "Installing SearXNG with a VPN for private searching"
+date: 2024-06-28T17:02:45+01:00
+summary: 'How to install SearXNG on a local machine to stop your searches being tracked and create your own search engine'
+---
+
+How to install SearXNG on a local machine to stop your searches being tracked and create your own search engine
+
+<!-- more -->
+
+# Introduction
+
+It's a well known fact that [Google tracks everything you do](https://www.knowyourmobile.com/data-privacy/ways-google-tracks-you/) online and builds up a profile that knows you better than you know yourself. One of the major ways they do this is through Google Search. Even if you aren't logged in, they can link your IP address and browser fingerprint to your profile and still add to their database.
+
+There are ways around this. You can use [DuckDuckGo](https://duckduckgo.com) which gives you Bing results in a more privacy conscious ([but not fully private](https://www.techradar.com/news/duckduckgo-in-hot-water-over-hidden-tracking-agreement-with-microsoft)) way. Or [Startpage](https://startpage.com), which aims to serve Google results in a private way. However, it is hard to beat a piece of self-hostable software called **SearXNG** for the ability to host it yourself, and thus you don't have to trust anyone else. 
+
+# What is SearXNG?
+
+[SearXNG](https://github.com/searxng/searxng) is a free, open source, *metasearch* engine. This means that when you type a query, it can gather the results from multiple different search engines such as Google, DuckDuckGo, Brave, etc, for better overall results. It strips away any tracking scripts, browser fingerprinting, and cookies, so Google et al. only see a search query and the IP address of the server it comes from.
+
+![SearXNG screenshot](images/searxng.png)
+
+You can use a [public instance](https://searx.space/) to test it out. You can also use these permanently if you trust the person running them not to log your searches, and there are benefits to doing this as all your searches get mixed in with the other users on this instance, making it harder for the search engines to know who is searching what.
+
+# Installation
+
+## Prerequisites
+You will need a computer running on your local network with [Docker Compose](https://docs.docker.com/compose/) installed. This could be something as simple as a Raspberry Pi or old laptop. You'll also ideally need a privacy respecting VPN such as Mullvad or Proton VPN.
+
+## Setup
+The first step is to make a *Docker* folder somewhere, e.g. your home folder. Inside the Docker folder, create a folder called *vpn-project*, and inside this, two folders called *gluetun* and *searxng*.
+
+Now in the *vpn-project* folder, create a file called *docker-compose.yaml* and add the following: 
+```
+services:
+  gluetun:
+    image: qmcgaw/gluetun:latest
+    container_name: gluetun
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    ports:
+      - 8080:8080/tcp # SearXNG
+    volumes:
+      - /path/to/vpn-project/gluetun:/gluetun
+    environment:
+      - PUID=1000 #CHANGE_TO_YOUR_UID
+      - PGID=1000 #CHANGE_TO_YOUR_GID
+      - TZ=Europe/London #CHANGE_TO_YOUR_TZ
+      - VPN_SERVICE_PROVIDER=protonvpn #Change to your VPN provider
+      - OPENVPN_USER=
+      - OPENVPN_PASSWORD=
+      - SERVER_COUNTRIES=United Kingdom #Change based on the Wiki
+      - HTTPPROXY=off #change to on if you wish to enable
+      - SHADOWSOCKS=off #change to on if you wish to enable
+      - UPDATER_PERIOD=24h
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+    security_opt:
+      - no-new-privileges:true
+    restart: always
+    
+  searxng:
+    image: searxng/searxng
+    container_name: SearXNG
+    network_mode: service:gluetun
+    mem_limit: 512mb
+    depends_on:
+      gluetun:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - /path/to/vpn-project/searxng:/etc/searxng:rw 
+    restart: on-failure:5
+```
+
+This is the markup that tells Docker we want to download an application called Gluetun (our VPN client), and run both it and SearXNG, running SearXNG's traffic through Gluetun. You can see that there are several things you need to change to make this work for your config:
+* Update **/path/to/vpn-project** with the actual path to your *vpn-project* folder. This needs updating in two places
+* Change the **PUID** and **PGID** to your user's values, found by running *id -u* and *id -g* respectively in the terminal.
+* Change **TZ** to your [Timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
+* Change **VPN_SERVICE_PROVIDER** to your VPN Provider. Follow the instructions on the [Gluetun Wiki](https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers) for your provider, and add any lines necessary to log in with your provider. The example above is for ProtonVPN and needs you to add the user and password keys as outlined in the Wiki, you will need to change the section entirely if you use another VPN service.
+* Change **SERVER_COUNTRIES** to the country you want your VPN to connect to.
+
+Once you've done all this, save the *docker-compose.yaml* file and go to your Terminal, in the *vpn-project* directory. Run the following command:
+```
+docker compose up
+```
+Docker will now download the applications, set up the Gluetun VPN container, and then set up SearXNG. If all went well, we will be able to see SearXNG on the IP address of the machine you installed it on. If you don't know this, run the following command in a terminal:
+```
+ip addr show | grep 192.168
+```
+This should print out your private IP address. For example, mine is 192.168.86.46, so I'd point my browser to http://192.168.86.46:8080 to see SearXNG:
+![SearXNG IP screenshot](images/ip.png)
+
+From here you are free to search the web and note that results are labelled as coming from a number of search engines. Thanks to Gluetun, Google et al. now see these searches as coming from the IP address of your VPN, not your home IP address, and thanks to SearXNG all their tracking scripts and cookies have been blocked.
+![SearXNG Results screenshot](images/searchresult.png)
+
+You may want to now stop the docker command you ran, and run:
+```
+docker compose up -d
+```
+This runs the containers in the background so when you close the terminal window they will still persist. You can now experiment with some of the preferences in the SearcXNG browser window: you can choose who provides your autocomplete if any, choose which search engines you want results from, etc. You can also add your new search engine to your web browser so it is used every time you search in the address bar.
+
+Finally, you need to decide if you just want to have your search engine accessible at home like it is now, or if you want to be able to use it when you're out the house. There are many ways to access self hosted applications outside of home and I will be doing guides on several of them shortly, but some options include: 
+* [Tailscale](https://www.howtogeek.com/how-to-remote-access-your-network-using-tailscale-vpn/) which sets up a VPN between your devices so you can access local applications over the internet to any device you've logged into Tailscale on.
+* [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) to expose your local applications over the internet to anyone who has the URL you assign to them, but you don't have to open ports on your router and have the protection of Cloudflare build in
+* [Port forwarding](https://portforward.com/how-to-port-forward/) where you open up ports on your router so you (and anyone else) can access your internal applications that you forward to, via your public IP address. There are security implications of doing this method.
+
+Whichever method you choose, or even if you choose to keep your SearXNG on your local network for now, hopefully you are now enjoying powerful, private search results, without everything you do being stored!