diff --git a/hosts/controller/default.nix b/hosts/controller/default.nix
index b4fa1ef..b289855 100644
--- a/hosts/controller/default.nix
+++ b/hosts/controller/default.nix
@@ -15,10 +15,17 @@
     ../../modules/nixos/monitoring/loki.nix
     ../../modules/nixos/monitoring/promtail.nix
     ../../modules/nixos/ntfy-sh.nix
+    ../../modules/nixos/searx.nix
   ];
 
-  sops.secrets.borg_encryption_key = {
-    sopsFile = ./secrets.yaml;
+  sops.secrets = {
+    borg_encryption_key = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    searx_secret_key = {
+      sopsFile = ./secrets.yaml;
+    };
   };
 
   boot = {
diff --git a/hosts/controller/secrets.yaml b/hosts/controller/secrets.yaml
index 060fa92..fd74e74 100644
--- a/hosts/controller/secrets.yaml
+++ b/hosts/controller/secrets.yaml
@@ -1,4 +1,5 @@
 borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
+searx_secret_key: ENC[AES256_GCM,data:FzQBnYDB6mrAfIBB1LCdTLSNltD7T1PoUGssW+EX74j/y9kNqPZOtxIYpsWqAfenEODrP+rUjrLXAsVrMLFng3ZOtBAI1HYTobA=,iv:Vty/zrD8jE2CoWfguHwDr14TUSejOTnpBHJjc9IcEiE=,tag:yz4ZdWsmg+ammb/dup6f4A==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +24,8 @@ sops:
             NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
             uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-08T07:50:43Z"
-    mac: ENC[AES256_GCM,data:HjKpSZ1GNp5yUphE0edv9dN45kVTh/jZVQWb+d2Ve46932e+Shadt90DclsLexlxkSFSRqBxWNl1+JqD1OBfuea73Z6zykRpjz5kcRcop8o3KSEG7V/cTvK/SRSglkIHwrO4ALweoUKjixct7ich+OqTHJ06KIxSWNcRpAYlFWQ=,iv:JZ0JX2B2LJcq3+9O9KdKupV9f1ydbMCyDs8bACphOP8=,tag:V4LKBazr4+Dj1UXtoBaWLw==,type:str]
+    lastmodified: "2024-08-25T19:35:08Z"
+    mac: ENC[AES256_GCM,data:EtYv7GNuYAmUSSu6SZUCJTnAb42qDIQIuyTLSEsT8Jp3H7UIX7QH2eHxmAV8RfEPQ18XevQAM9UdK4YVR2trLRSBeDn/xxdFtzpo2z7kUQXz+1pDmFBLpdiPfrmNJ76ZuBr5qihiB7J8Go3KkErcyYAFEw1KQV/N4OSQB+CPnhw=,iv:QYVKKRpaJHXmICpQMhW+Le4wJwSh4yOH2NfVUpRDcbI=,tag:98m/t5U96MikHrMTgn510g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0
diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix
new file mode 100644
index 0000000..85dbc08
--- /dev/null
+++ b/modules/nixos/searx.nix
@@ -0,0 +1,39 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  services = {
+    searx = {
+      enable = true;
+      package = pkgs.searxng;
+      environmentFile = "/run/secrets/searx_secret_key";
+      settings = {
+        general = {
+          instance_name = "SearXNG";
+        };
+        server = {
+          bind_address = "0.0.0.0";
+          port = 3415;
+          base_url = "https://sx.tux.rs";
+          secret_key = "@secret_key@";
+        };
+      };
+    };
+
+    nginx = {
+      enable = lib.mkForce true;
+      virtualHosts = {
+        "sx.tux.rs" = {
+          forceSSL = true;
+          enableACME = true;
+          locations = {
+            "/" = {
+              proxyPass = "http://localhost:3415";
+            };
+          };
+        };
+      };
+    };
+  };
+}