{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.my.services.searx;
in
{

  options.my.services.searx = {
    enable = lib.mkEnableOption "Enable searXNG module";

    secretFile = lib.mkOption {
      default = "";
      type = lib.types.str;
      description = ''
        Path to the file containing the secret for searXNG
      '';
    };

    enableAI = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Enable alternative search engine with AI. Requires [Perplexica](https://github.com/ItzCrazyKns/Perplexica)
      '';
    };

    perplexicaUrl = lib.mkOption {
      default = "";
      type = lib.types.str;
      description = ''
        URL to the Perplexica instance. It assumes that the Perplexica instance is running on port 3000 and the API on port 3001
      '';
    };

    proxy = {
      enable = lib.mkEnableOption "Set the proxy entry for this service";

      domain = lib.mkOption {
        default = "example.com";
        type = lib.types.str;
        description = ''
          The domain where Caddy is reachable
        '';
      };

      subdomain = lib.mkOption {
        default = "search";
        type = lib.types.str;
        description = ''
          Search subdomain
        '';
      };

      perplexicaSubdomain = lib.mkOption {
        default = "sai";
        type = lib.types.str;
        description = ''
          Perplexica subdomain
        '';
      };

      host = lib.mkOption {
        default = "localhost";
        type = lib.types.str;
        description = ''
          host name where the service is running
        '';
      };

    };
  };

  config = lib.mkMerge [
    (lib.mkIf cfg.enable {

      services.searx = {
        enable = true;
        redisCreateLocally = true;
        environmentFile = cfg.secretFile;
        settings = {
          general = {
            open_metrics = "@METRICS_SECRET@";
          };

          server = {
            base_url = with cfg.proxy; "https://${subdomain}.${domain}";
            bind_address = "0.0.0.0";
            port = 8080;
            secret_key = "@SEARX_SECRET_KEY@";
          };

          search = {
            formats = [
              "html"
              "json"
            ];
          };

        };
      };

      networking.firewall.allowedTCPPorts = [ 8080 ];

    })

    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
        virtualHosts."${subdomain}.${domain}".extraConfig = ''
          reverse_proxy http://${host}:8080
          import cloudflare_${domain}
        '';

        virtualHosts."${perplexicaSubdomain}.${domain}".extraConfig = lib.mkIf cfg.enableAI ''
          @websockets {
            header Connection *Upgrade*
            header Upgrade websocket
          }
          reverse_proxy ${cfg.perplexicaUrl}:3000
          reverse_proxy /api* ${cfg.perplexicaUrl}:3001
          reverse_proxy @websockets {
            header_up Host ${cfg.perplexicaUrl}
            to ${cfg.perplexicaUrl}:3001
          }

          import cloudflare_${domain}
        '';

      };
    })
  ];
}