{ config, pkgs, lib, ... }:
let
  cfg = config.services.searx;
  domain = "search.home.feal.no";
in {
  services.searx = {
    enable = true;
    environmentFile = config.sops.secrets."searx/envfile".path;
    settings = {
      server = {
        secret_key = "@SEARX_SECRET_KEY@";
        base_url = "http://${domain}";
      };
    };

    runInUwsgi = true;
    uwsgiConfig = {
      socket = "/run/searx/searx.sock";
      chmod-socket = "660";
    };

    redisCreateLocally = true;
  };

  sops.secrets."searx/envfile" = {
    owner = "searx";
    group = "searx";
  };

  users.groups."searx".members = [ "nginx" ];

  services.nginx.virtualHosts."${domain}" = {
    locations."/".extraConfig = ''
      include ${config.services.nginx.package}/conf/uwsgi_params;
      uwsgi_pass unix:${cfg.uwsgiConfig.socket};
    '';
  };
}