# Ticket: Add SearxNG service to homelab network

## Metadata
- Type: Ticket
- Status: Done
- Project: Homelab / Search / Pi Security
- Created: 2026-06-06
- Updated: 2026-06-06
- Priority: High

## Goal

Deploy a private SearxNG instance on the user's network to provide privacy-preserving web search for the user, internal webapps, and as the first building block for safe assistant web research capability.

## Why

The user wants SearxNG to serve multiple roles: default personal search engine, search backend for webapps, and controlled search provider for Pi. For Pi specifically, direct arbitrary web browsing increases prompt-injection, privacy, and network-safety risks. A local/private SearxNG service can provide search result metadata without giving the assistant full browser access, and can become the controlled upstream for later safe web fetch/research tools.

## Scope

Included:
- Decide where SearxNG should run, preferably a dedicated VM or container host rather than a critical management system.
- Document deployment architecture, DNS/name, port, access policy, and backup needs.
- Deploy SearxNG with least-privilege network exposure.
- Restrict access to LAN/VPN/internal clients unless the user explicitly chooses otherwise.
- Configure privacy/security settings appropriate for personal/homelab use.
- Support use as the user's default search engine.
- Support future internal webapp integration/API use where appropriate.
- Verify search works from approved clients.
- Document operations and rollback.
- Log server-side changes in `docs/server-change-log.md` when deployment occurs.

Not included:
- Giving Pi unrestricted web browsing.
- Fetching arbitrary page contents into the LLM.
- Using authenticated browser sessions, cookies, or user web profiles.
- Exposing SearxNG publicly without a separate security review.

## Acceptance Criteria

This ticket is done when:
- [x] A target host/VM/container location is selected and documented.
- [x] Network exposure policy is defined: LAN/VPN-only by default.
- [x] SearxNG is deployed and reachable at an agreed internal URL.
- [x] Search functionality is verified from an approved client.
- [x] Service restart/update/backup notes are documented.
- [x] Any server-side changes are recorded in `docs/server-change-log.md`.
- [x] Rollback/removal steps are documented.
- [x] `search.dropcutstud.io` DNS resolves correctly for LAN clients via internal Unbound (`dig @192.168.0.124 search.dropcutstud.io` returns `192.168.0.137`). Tailscale DNS integration remains tracked in `tickets/active/2026-06-06-internal-dns-and-tailscale-naming.md`.

## Decisions

- Target platform: Proxmox, using API credentials from `.tokens/proxmox.env`.
- Internal service name: `search.dropcutstud.io`.
- Access policy: LAN and Tailscale only.
- Preferred deployment: dedicated lightweight VM/LXC, not colocated with critical services.

## Questions

- Which DNS system should be updated for `search.dropcutstud.io` LAN/Tailscale resolution?
- Should first deployment use internal HTTP only, or should TLS be configured immediately?
- Does the available Proxmox API token permit guest provisioning/command execution, or only guest creation?

## Plan / Next Actions

- [x] Confirm target platform and access policy with the user.
- [x] Create a short deployment spec before touching infrastructure.
- [x] Take snapshot/backup if deploying to an existing VM. N/A: deployed into new dedicated LXC; post-deployment snapshot created.
- [x] Deploy SearxNG.
- [x] Verify service health and search behavior.
- [x] Document runbook and rollback.

## Deployment Notes

- Created Proxmox LXC `103` named `searxng` on `buntbox01`.
- Guest IP: `192.168.0.133` via DHCP.
- Current verified URL: `http://192.168.0.133:8080/`.
- Intended DNS name: `search.dropcutstud.io`.
- Current DNS follow-up: public DNS currently resolves `search.dropcutstud.io` to `202.90.245.135`, not the new internal service.
- Runtime: Docker Compose under `/opt/searxng` with `searxng` and `valkey` containers.
- Created Proxmox snapshot `post-searxng-initial` after verification.
- Runbook: `runbooks/searxng-homelab.md`.

## Notes

- This supports the broader safe web browsing/prompt-injection guard work in `tickets/active/2026-05-17-safe-web-browsing-and-prompt-injection-guard.md`.
- SearxNG is also intended as the user's default search engine and as a search backend for internal webapps.
- For assistant/Pi use specifically, SearxNG should provide search result discovery only; page fetch and prompt-injection scanning should remain separate controlled steps.