{ config, lib, pkgs, ... }:

let
  svc_domain = "searx.${config.mine.shared.settings.domain}";
  port = 7378;
in {
  services.searx = {
    enable = true;
    runInUwsgi = true;
    redisCreateLocally = true;

    environmentFile = config.age.secrets.searx-env.path;

    uwsgiConfig.http = "127.0.0.1:${builtins.toString port}";
    settings = {
      general.debug = false;
      server = {
        base_url = "https://${svc_domain}";
        secret_key = "@SECRET_KEY@";
      };
    };
  };

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
  };

  # meta
  mine.shared.meta.searx = {
    name = "searX";
    description = "We host our own searX, use it to search the web!";
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.searx.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}