{ config, lib, pkgs, ... }:
let
  domain = "search.feal.no";
  cfg = config.services.searx.settings;
in {

  sops.secrets."searx/env" = {
    restartUnits = [ "searx.service" ];
  };

  services.searx = {
    enable = true;
    
    settings = {
      general = {
        debug = false;
        instance_name = "Taschmex Searx";
        wiki_url = false;
        docs_url = false;
        twitter_url = false;
      };
      server = {
        port = 8090;
        bind_address = "127.0.1.2";
        secret_key = "@SEARX_SECRETKEY@";
        base_url = domain;
        image_proxy = true;
      };
      outgoing = {
        request_timeout = 2.0;
        useragent_suffix = "searx@albrigtsen.it";
        pool_connections = 100;
        pool_maxsize = 10;
      };
    };

    environmentFile = config.sops.secrets."searx/env".path;
  };

  services.nginx.virtualHosts.${domain} = {
    locations."/".proxyPass = "http://${cfg.server.bind_address}:${toString cfg.server.port}";
    /* addSSL = true; */
    /* enableACME = true; */
    /* listen = [ */
    /*   { */
    /*     addr = "0.0.0.0"; */
    /*     port = 43443; */
    /*     ssl = true; */
    /*   } */
    /*   { */
    /*     addr = "0.0.0.0"; */
    /*     port = 43080; */
    /*   } */
    /* ]; */
  };

  networking.firewall.allowedTCPPorts = [ 43443 43080 ];
}