diff --git a/modules/monitoring/prometheus.nix b/modules/monitoring/prometheus.nix
index 4763ee5..b813d12 100644
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@@ -62,6 +62,14 @@ in
             job_name = "caddy";
             static_configs = [ { targets = [ "caddy.internal:2024" ]; } ];
           }
+          {
+            job_name = "searxng";
+            static_configs = [ { targets = [ "searxng.internal:8080" ]; } ];
+            basic_auth = {
+              username = "searxng";
+              password_file = config.age.secrets.searx-prometheus-secret.path;
+            };
+          }
         ];
       };
 
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 679de8d..c43bdd4 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./media-mgr.nix
     ./nextcloud.nix
+    ./searx.nix
     ./vaultwarden.nix
   ];
 }
diff --git a/modules/services/searx.nix b/modules/services/searx.nix
new file mode 100644
index 0000000..44c0f27
--- /dev/null
+++ b/modules/services/searx.nix
@@ -0,0 +1,71 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.services.searx;
+in
+{
+
+  options.my.services.searx = {
+    enable = lib.mkEnableOption "Enable searXNG module";
+
+    proxy = {
+      enable = lib.mkEnableOption "Set the proxy entry for this service";
+
+      domain = lib.mkOption {
+        default = "example.com";
+        type = lib.types.str;
+        description = ''
+          The domain where Caddy is reachable
+        '';
+      };
+
+      host = lib.mkOption {
+        default = "localhost";
+        type = lib.types.str;
+        description = ''
+          host name where the service is running
+        '';
+      };
+
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+
+      age.secrets.searx-secret.file = ../../secrets/searx-secret.age;
+
+      services.searcx = {
+        enable = true;
+        redisCreateLocally = true;
+        environmentFile = config.age.secrets.searx-secret.path;
+        settings = {
+          general = {
+            open_metrics = "@METRICS_SECRET@";
+          };
+
+          server = {
+            base_url = "https://search.${cfg.proxy.domain}";
+            bind_address = "::1";
+            port = 8080;
+            secret_key = "@SEARX_SECRET_KEY@";
+          };
+        };
+      };
+
+    })
+
+    (lib.mkIf cfg.proxy.enable {
+      services.caddy = with cfg.proxy; {
+        virtualHosts."search.${domain}".extraConfig = ''
+          reverse_proxy http://${host}:8080
+          import cloudflare
+        '';
+      };
+    })
+  ];
+}
diff --git a/secrets.nix b/secrets.nix
index 2f1f76d..4620d05 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -13,6 +13,11 @@ let
     grafana-admin-pwd = [ machines.metrics ];
     nextcloud-admin-pwd = [ machines.nextcloud ];
     vaultwarden-admin-pwd = [ machines.vaultwarden ];
+    searx-secret = [ machines.search ];
+    searx-prometheus-secret = [
+      machines.search
+      machines.metrics
+    ];
   };
 in
 builtins.listToAttrs (
diff --git a/secrets/searx-prometheus-secret.age b/secrets/searx-prometheus-secret.age
new file mode 100644
index 0000000..545ceae
Binary files /dev/null and b/secrets/searx-prometheus-secret.age differ
diff --git a/secrets/searx-secret.age b/secrets/searx-secret.age
new file mode 100644
index 0000000..5a5c95e
Binary files /dev/null and b/secrets/searx-secret.age differ