# Websurfx Module (Podman)
# Provides: Fast, privacy-focused meta-search engine written in Rust
#
# Usage:
#   myModules.websurfx = {
#     enable = true;
#     port = 8080;
#     domain = "search.example.com";
#   };

{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.myModules.websurfx;
in
{
  options.myModules.websurfx = {
    enable = lib.mkEnableOption "Websurfx meta-search engine";

    port = lib.mkOption {
      type = lib.types.port;
      default = 8080;
      description = "Port to expose Websurfx on localhost";
    };

    domain = lib.mkOption {
      type = lib.types.str;
      example = "search.example.com";
      description = "Public domain name for Websurfx";
    };

    threads = lib.mkOption {
      type = lib.types.int;
      default = 8;
      description = "Number of threads for the app to use";
    };

    theme = lib.mkOption {
      type = lib.types.str;
      default = "simple";
      description = "Default theme (simple, dark, etc.)";
    };

    colorscheme = lib.mkOption {
      type = lib.types.str;
      default = "catppuccin-mocha";
      description = "Color scheme (catppuccin-mocha, dracula, monokai, nord, etc.)";
    };
  };

  config = lib.mkIf cfg.enable {
    # Ensure Podman is enabled
    myModules.podman.enable = true;

    # Create bridge network
    systemd.services.create-websurfx-network = {
      description = "Create Websurfx podman network";
      after = [ "network-online.target" ];
      requires = [ "network-online.target" ];
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
      };
      path = [ pkgs.podman ];
      script = ''
        if ! podman network exists websurfx-net 2>/dev/null; then
          podman network create websurfx-net --subnet 10.89.3.0/24
        fi
      '';
    };

    # Config file for Websurfx
    environment.etc."xdg/websurfx/config.lua".text = ''
      -- ### General ###
      logging = true
      debug = false
      threads = ${toString cfg.threads}

      -- ### Server ###
      port = "8080"
      binding_ip = "0.0.0.0"
      production_use = true

      -- ### Search ###
      rate_limiter = {
        number_of_requests = 20,
        time_limit = 60,
      }

      -- ### Cache ###
      redis_url = "redis://redis:6379"

      -- ### UI ###
      style = {
        theme = "${cfg.theme}",
        colorscheme = "${cfg.colorscheme}",
      }
    '';

    # Allow list and block list files (empty by default)
    environment.etc."xdg/websurfx/allowlist.txt".text = "";
    environment.etc."xdg/websurfx/blocklist.txt".text = "";

    # Redis Container (Cache)
    virtualisation.oci-containers.containers."websurfx-redis" = {
      image = "docker.io/redis:alpine";
      cmd = [ "redis-server" "--save" "" "--appendonly" "no" ];
      extraOptions = [
        "--network=websurfx-net"
        "--network-alias=redis"
      ];
    };

    # Websurfx Container
    virtualisation.oci-containers.containers."websurfx" = {
      image = "docker.io/neonmmd/websurfx:latest";
      ports = [ "127.0.0.1:${toString cfg.port}:8080" ];
      extraOptions = [
        "--network=websurfx-net"
        "--network-alias=websurfx"
        "--cap-drop=ALL"
        "--dns=9.9.9.9"
        "--dns=1.1.1.1"
      ];
      volumes = [
        "/etc/xdg/websurfx/config.lua:/etc/xdg/websurfx/config.lua:ro"
        "/etc/xdg/websurfx/allowlist.txt:/etc/xdg/websurfx/allowlist.txt:ro"
        "/etc/xdg/websurfx/blocklist.txt:/etc/xdg/websurfx/blocklist.txt:ro"
      ];
      dependsOn = [ "websurfx-redis" ];
    };
  };
}