{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.services.searx;
in
{

  options.my.services.searx = {
    enable = lib.mkEnableOption "Enable searXNG module";

    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";

      domain = lib.mkOption {
        default = "example.com";
        type = lib.types.str;
        description = ''
          The domain where Caddy is reachable
        '';
      };

      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
        description = ''
          host name where the service is running
        '';
      };

    };
  };

  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

      age.secrets.searx-secret.file = ../../secrets/searx-secret.age;

      services.searcx = {
        enable = true;
        redisCreateLocally = true;
        environmentFile = config.age.secrets.searx-secret.path;
        settings = {
          general = {
            open_metrics = "@METRICS_SECRET@";
          };

          server = {
            base_url = "https://search.${cfg.proxy.domain}";
            bind_address = "::1";
            port = 8080;
            secret_key = "@SEARX_SECRET_KEY@";
          };
        };
      };

    })

    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
        virtualHosts."search.${domain}".extraConfig = ''
          reverse_proxy http://${host}:8080
          import cloudflare
        '';
      };
    })
  ];
}