{ pkgs, config, ... }:
{
  sops.secrets."searx/secret_key".sopsFile = ../../../.secrets/sgx/searx.yaml;

  services.searx = {
    enable = true;
    configureNginx = true;
    domain = "search.hoyer.world";
    uwsgiConfig = {
      http = ":8081";
    };
    settings = {
      server = {
        secret_key = config.sops.secrets."searx/secret_key".path;
      };
      search.formats = [
        "html"
        "json"
        "rss"
      ];
    };
  };

  services.nginx.virtualHosts = {
    "search.hoyer.world" = {
      enableACME = false;
      useACMEHost = "search.hoyer.world";
      forceSSL = true;
    };
  };

  security.acme.certs = {
    "internal.hoyer.world" = {
      extraDomainNames = [
        "search.hoyer.world"
      ];
    };
  };
}