feat: Replace SearXNG with Websurfx

- Add new Websurfx module (Rust-based meta search engine)
- Uses Redis for caching via Podman containers
- Configurable themes and color schemes (defaults to catppuccin-mocha)
- Disable SearXNG, enable Websurfx on search.ashisgreat.xyz

configuration.nix

@@ -90,12 +90,14 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  # === SearXNG ===
+  # === Websurfx (replaces SearXNG) ===
-  myModules.searxng = {
+  myModules.websurfx = {
     enable = true;
     port = 8888;
-    domain = "search.ashisgreat.xyz"; # Change to your domain
+    domain = "search.ashisgreat.xyz";
-    instanceName = "Ashie Search";
+    threads = 8;
+    theme = "simple";
+    colorscheme = "catppuccin-mocha";
   };
 
   # === Nginx Reverse Proxy ===

modules/default.nix

@@ -5,6 +5,7 @@
     ./podman.nix
     ./nginx.nix
     ./searxng.nix
+    ./websurfx.nix
     ./openclaw-podman.nix
     ./vaultwarden.nix
     ./crowdsec.nix

modules/websurfx.nix

@@ -0,0 +1,138 @@
+# Websurfx Module (Podman)
+# Provides: Fast, privacy-focused meta-search engine written in Rust
+#
+# Usage:
+#   myModules.websurfx = {
+#     enable = true;
+#     port = 8080;
+#     domain = "search.example.com";
+#   };
+
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.myModules.websurfx;
+in
+{
+  options.myModules.websurfx = {
+    enable = lib.mkEnableOption "Websurfx meta-search engine";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 8080;
+      description = "Port to expose Websurfx on localhost";
+    };
+
+    domain = lib.mkOption {
+      type = lib.types.str;
+      example = "search.example.com";
+      description = "Public domain name for Websurfx";
+    };
+
+    threads = lib.mkOption {
+      type = lib.types.int;
+      default = 8;
+      description = "Number of threads for the app to use";
+    };
+
+    theme = lib.mkOption {
+      type = lib.types.str;
+      default = "simple";
+      description = "Default theme (simple, dark, etc.)";
+    };
+
+    colorscheme = lib.mkOption {
+      type = lib.types.str;
+      default = "catppuccin-mocha";
+      description = "Color scheme (catppuccin-mocha, dracula, monokai, nord, etc.)";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Ensure Podman is enabled
+    myModules.podman.enable = true;
+
+    # Create bridge network
+    systemd.services.create-websurfx-network = {
+      description = "Create Websurfx podman network";
+      after = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+      path = [ pkgs.podman ];
+      script = ''
+        if ! podman network exists websurfx-net 2>/dev/null; then
+          podman network create websurfx-net --subnet 10.89.3.0/24
+        fi
+      '';
+    };
+
+    # Config file for Websurfx
+    environment.etc."xdg/websurfx/config.lua".text = ''
+      -- ### General ###
+      logging = true
+      debug = false
+      threads = ${toString cfg.threads}
+
+      -- ### Server ###
+      port = "8080"
+      binding_ip = "0.0.0.0"
+      production_use = true
+
+      -- ### Search ###
+      rate_limiter = {
+        number_of_requests = 20,
+        time_limit = 60,
+      }
+
+      -- ### Cache ###
+      redis_url = "redis://redis:6379"
+
+      -- ### UI ###
+      style = {
+        theme = "${cfg.theme}",
+        colorscheme = "${cfg.colorscheme}",
+      }
+    '';
+
+    # Allow list and block list files (empty by default)
+    environment.etc."xdg/websurfx/allowlist.txt".text = "";
+    environment.etc."xdg/websurfx/blocklist.txt".text = "";
+
+    # Redis Container (Cache)
+    virtualisation.oci-containers.containers."websurfx-redis" = {
+      image = "docker.io/redis:alpine";
+      cmd = [ "redis-server" "--save" "" "--appendonly" "no" ];
+      extraOptions = [
+        "--network=websurfx-net"
+        "--network-alias=redis"
+      ];
+    };
+
+    # Websurfx Container
+    virtualisation.oci-containers.containers."websurfx" = {
+      image = "docker.io/neonmmd/websurfx:latest";
+      ports = [ "127.0.0.1:${toString cfg.port}:8080" ];
+      extraOptions = [
+        "--network=websurfx-net"
+        "--network-alias=websurfx"
+        "--cap-drop=ALL"
+        "--dns=9.9.9.9"
+        "--dns=1.1.1.1"
+      ];
+      volumes = [
+        "/etc/xdg/websurfx/config.lua:/etc/xdg/websurfx/config.lua:ro"
+        "/etc/xdg/websurfx/allowlist.txt:/etc/xdg/websurfx/allowlist.txt:ro"
+        "/etc/xdg/websurfx/blocklist.txt:/etc/xdg/websurfx/blocklist.txt:ro"
+      ];
+      dependsOn = [ "websurfx-redis" ];
+    };
+  };
+}