{ config
, lib
, pkgs
, ... }:

let
  cfg = config.server;
in {
  services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
    quic = true;
    enableACME = true;
    forceSSL = true;
    # locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
    locations."/".extraConfig = ''
      uwsgi_pass "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
      include ${config.services.nginx.package}/conf/uwsgi_params;
    '';
  };

  services.searx.enable = true;
  services.searx.package = pkgs.searxng;
  services.searx.runInUwsgi = true;
  services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
    socket = "${lib.quoteListenAddr settings.server.bind_address}:${toString settings.server.port}";
  };
  services.searx.environmentFile = /var/lib/searx/searx.env;
  services.searx.settings = {
    use_default_settings = true;
    search = {
        safe_search = 0;
        autocomplete = "duckduckgo"; # dbpedia, duckduckgo, google, startpage, swisscows, qwant, wikipedia - leave blank to turn off
        default_lang = ""; # leave blank to detect from browser info or use codes from languages.py
    };

    server = {
      port = 8888;
      bind_address = "::1";
      secret_key = "@SEARX_SECRET_KEY@";
      base_url = "https://search.${cfg.domainName}/";
      image_proxy = true;
      default_http_headers = {
        X-Content-Type-Options = "nosniff";
        X-XSS-Protection = "1; mode=block";
        X-Download-Options = "noopen";
        X-Robots-Tag = "noindex, nofollow";
        Referrer-Policy = "no-referrer";
      };
    };
    outgoing = {
      request_timeout = 5.0;       # default timeout in seconds, can be override by engine
      max_request_timeout = 15.0;  # the maximum timeout in seconds
      pool_connections = 100;      # Maximum number of allowable connections, or null
      pool_maxsize = 10;           # Number of allowable keep-alive connections, or null
      enable_http2 = true;         # See https://www.python-httpx.org/http2/
    };
  };
}