let
  appName = "searxng";
  appImage = "docker.io/searxng/searxng:latest";
in
  {
    lib,
    config,
    kubenix,
    ...
  }: {
    kubernetes.resources.services.searxng = {
      metadata.namespace = "searxng";
      metadata.labels.app = appName;
      spec = {
        selector.app = appName;
        ports.http = {
          port = 8080;
          targetPort = 8080;
        };
      };
    };
    kubernetes.resources.deployments.searxng = {
      metadata.namespace = "searxng";
      spec = {
        selector.matchLabels.app = appName;
        template = {
          metadata.labels.app = appName;
          spec = {
            volumes = {
              config.configMap.name = "searxng";
            };
            containers = {
              searxng = {
                image = appImage;
                imagePullPolicy = "Always";
                volumeMounts = [
                  {
                    name = "config";
                    mountPath = "/etc/searxng/settings.yml";
                    subPath = "settings.yml";
                  }
                  {
                    name = "config";
                    mountPath = "/etc/searxng/limiter.toml";
                    subPath = "limiter.toml";
                  }
                ];
                envFrom = [{secretRef.name = "searxng";}];
                ports.http.containerPort = 8080;
                resources = {
                  requests = {
                    cpu = "100m";
                    memory = "512Mi";
                  };
                  limits = {
                    memory = "1Gi";
                  };
                };
              };
            };
          };
        };
      };
    };
    kubernetes.resources.configMaps.searxng = {
      metadata.namespace = "searxng";
      data."settings.yml" = ''
        use_default_settings: true
        server:
          image_proxy: true
          http_protocol_version: "1.1"
          method: "GET"
        ui:
          static_use_hash: true
        redis:
          url: redis://searxng-redis-master:6379/0
        general:
          instance_name: search.gmem.ca
        hostname_replace:
          '(.*\.)?youtube\.com$': 'piped.gmem.ca'
          '(.*\.)?youtu\.be$': 'piped.gmem.ca'
          '(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
          '(www\.)?twitter\.com$': 'nitter.gmem.ca'
          '(www\.)?x\.com$': 'nitter.gmem.ca'
          '(.*\.)?reddit\.com$': 'red.gmem.ca'
      '';
      data."limiter.toml" = ''
        # This configuration file updates the default configuration file
        # See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml

        [botdetection.ip_limit]
        # activate link_token method in the ip_limit method
        link_token = true
      '';
    };
    kubernetes.helm.releases.searxng-redis = {
      namespace = "searxng";
      chart = kubenix.lib.helm.fetch {
        repo = "https://charts.bitnami.com/bitnami";
        chart = "redis";
        version = "18.6.1";
        sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
      };
      values = {
        auth.enabled = false;
        architecture = "standalone";
      };
    };

    kubernetes.resources.ingresses.searxng = {
      metadata = {
        name = appName;
        namespace = "searxng";
        annotations = {
          "cert-manager.io/cluster-issuer" = "le-issuer";
        };
      };
      spec = {
        tls = [
          {
            hosts = ["search.gmem.ca"];
          }
        ];
        rules = [
          {
            host = "search.gmem.ca";
            http.paths = [
              {
                path = "/";
                pathType = "Prefix";
                backend.service = {
                  name = appName;
                  port.name = "http";
                };
              }
            ];
          }
        ];
      };
    };
  }