Olympus/system/virtualization/docker/searxng/default.nix

{ ... }: {

    flake.nixosModules.default = { config, lib, ... }: let

    subdomain = "searxng";

    name = "searxng";

    in {

        options.sysconfig.docker.searxng.enable = with lib; mkOption {
            type = with types; bool;
            default = false;
        };

        config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) {

            environment.etc."searxng/settings.yml".source = ./settings.yml;

            virtualisation.oci-containers.containers.searxng = {
                image = "searxng/searxng:latest";

# unstable, waiting for 26.05
#pull = "newer";

                hostname = "${subdomain}.esotericbytes.com";

                networks = [
                    "docker-main"
                ];

                labels = {
                    "traefik.enable" = "true";
                    "traefik.http.routers.${name}.entrypoints" = "localsecure";
                    "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";

#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
                    "traefik.http.services.${name}.loadbalancer.server.port" = "8080";
                };

                ports = [
                ];

                extraOptions = [
                    "--ip=192.168.101.9"
                ];

                volumes = [
                    "vol_searxng_settings:/etc/searxng/"
                        "vol_searxng_data:/var/cache/searxng/"
                        "/etc/searxng/settings.yml:/etc/searxng/settings.yml"
                ];

                environment = {
                    SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0";
                };
            };
        };
    };
}