diff --git a/modules/nixos/services/homeserver/default.nix b/modules/nixos/services/homeserver/default.nix
index df55c3c..bcfb424 100755
--- a/modules/nixos/services/homeserver/default.nix
+++ b/modules/nixos/services/homeserver/default.nix
@@ -11,6 +11,7 @@
     ./kanidm.nix
     ./nextcloud.nix
     ./ntfy.nix
+    ./searxng.nix
     ./sops.nix
     ./technitium-dns.nix
     ./uptime-kuma.nix
diff --git a/modules/nixos/services/homeserver/searxng.nix b/modules/nixos/services/homeserver/searxng.nix
new file mode 100644
index 0000000..eadcad1
--- /dev/null
+++ b/modules/nixos/services/homeserver/searxng.nix
@@ -0,0 +1,107 @@
+{ config, ... }:
+
+{
+  sops.secrets."searxng/secrets.env" = {};
+
+  services.caddy.virtualHosts."searxng.taild5f7e6.ts.net".extraConfig =
+  assert config.services.caddy.enable;
+  ''
+    import default-settings
+
+    bind tailscale/searxng
+
+    reverse_proxy localhost:${toString config.services.searx.settings.server.port}
+  '';
+
+  services.searx = {
+    enable = true;
+    redisCreateLocally = true;
+    settings = {
+      general = {
+        instance_name = "Wo2wz's SearXNG";
+        enable_metrics = false;
+      };
+
+      server = {
+        bind_address = "127.0.0.1";
+        port = 8009;
+        base_url = "https://searxng.taild5f7e6.ts.net";
+        secret_key = "$SEARXNG_SECRET_KEY";
+      };
+
+      ui.default_locale = "en";
+
+      search = {
+        safe_search = 1;
+        default_lang = "en-US";
+        autocomplete = "duckduckgo";
+        favicon_resolver = "duckduckgo";
+      };
+
+      engines = [
+        # brave is broken from what it seems
+        {
+          name = "brave";
+          disabled = true;
+        }
+
+        {
+          name = "bing news";
+          disabled = true;
+        }
+        
+        {
+          name = "deezer";
+          disabled = false;
+        }
+
+        {
+          name = "annas archive";
+          disabled = false;
+        }
+        {
+          name = "piratebay";
+          disabled = true;
+        }
+
+        {
+          name = "nixos wiki";
+          disabled = false;
+        }
+        {
+          name = "codeberg";
+          disabled = false;
+        }
+
+        {
+          name = "docker hub";
+          disabled = true;
+        }
+        {
+          name = "hoogle";
+          disabled = true;
+        }
+        {
+          name = "pypi";
+          disabled = true;
+        }
+
+        {
+          name = "hackernews";
+          disabled = false;
+        }
+      ];
+    };
+    faviconsSettings.favicons = {
+      cfg_schema = 1;
+      cache = {
+        db_url = "/var/cache/searx/faviconcache.db";
+        HOLD_TIME = 5184000;
+        LIMIT_TOTAL_BYTES = 104857600;
+        BLOB_MAX_BYTES = 40960;
+        MAINTENANCE_MODE = "auto";
+        MAINTENANCE_PERIOD = 600;
+      };
+    };
+  };
+}
\ No newline at end of file
diff --git a/secrets/drone.yaml b/secrets/drone.yaml
index f73481e..cf42338 100755
--- a/secrets/drone.yaml
+++ b/secrets/drone.yaml
@@ -13,6 +13,7 @@ grafana:
     secrets.env: ENC[AES256_GCM,data:yv7u5+8l7M4PJ4BzCUlTGX8PeFxxVMtS2Pi4yKnvAeZf+4tcz6NFNRjyPeqTFinqmZ8yq+iYA1tBS5Gy9DTHo8TzmhoaWBPI/ZUXQgl5Y7lnGBOyZ6wHlllsP8zbC+zEWW+gRssaXj6yYBuvQTTzfSqSlmZdB7VwhUegiVxMs722jbys1Rl+NE8TKDc384IbwPRAIi6ZO+UH,iv:M/dgcJ++gMH5/sNQDUQvkiJW2n+fSkPCEDZBcFRXWuE=,tag:SocmiehkaCzl9ZB8dNZPZQ==,type:str]
 kanidm:
     oauth2:
+        forgejo: ENC[AES256_GCM,data:Gi5JH0bFfJwzIe1JHjtWlnOf2Ucp/oEGr2nNngCaU8gRiWtd2QhWBeUQvcCuiKmF1kKNDJyi6F4R896FzXHEbg==,iv:bMQyYDv3cDhCQdSo8CP3qpqGQ2lapn5eZsLcNKZ+NFM=,tag:0J8qimAIfJAEDpW7Nu/1yw==,type:str]
         grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str]
         jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str]
         nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str]
@@ -24,6 +25,8 @@ restic:
     rest-auth.env: ENC[AES256_GCM,data:MAJVkdiutkhY8MCLrg1EMumAblektgO85VQLD65McX/VYInYDihxwJOV21+SAJSaN/8vA/MqUEmzsrUb04hgvqPYjXIyyUYpDrE8us47eqjF3SoZJsf70Ukps0lv3+L3LViRSpKJ+2v2v7GenaA/jAk=,iv:5yzIiEpQ1jvl9SDu/MxsAl25PmxmmuPxjRAa+iEGJRU=,tag:9UBXGt0vXj3F0YndwkeQaw==,type:str]
     rest-server:
         .htpasswd: ENC[AES256_GCM,data:605u/QTk6j1s3Wn3Lg2M0BDhy4WbVFIZRYijhLeGmPHC2sZUY0Ngoq8bkr/Jf97Erh+CM4oqiHXA+Jct8Yq0ml6MMFKk0v602yHRxIEn5MOBETygUz889kJnNLGsXDHJeJFCX5J5qmlnj9DZ+93hNEQJAzEP2CvzH/JoHJA/bMrCGl0aZyExrxJi,iv:wuTER92WYPUGm0QNpfoOepZSGcOmq2M16Xa3RVJFYAo=,tag:qgLqtf41735ajBvlEBlJCw==,type:str]
+searxng:
+    secrets.env: ENC[AES256_GCM,data:oOEHk2rHzQ5db8U3JfTyTFgvQsz2G/MWFOedvb3BAYrT7tRVP2x8868nlqjHkeo6GkLevw4ejghUJ/tRVdYEqfxAnTlQtRDhp6r1vxW07Lh3N+a6HQ==,iv:XUysHB/fLwbKEDJFkuhg3Y9D9qERJ/qErJ20AlcVjX4=,tag:NtYx1BcMLphMwgAD/MMCCA==,type:str]
 syncthing:
     cert.pem: ENC[AES256_GCM,data:BHZ+GuWS9MWWyeXmcGna2IaSli63QbMKOeYFoKZhs3nvLLI1fdsvWhkhR+UZ1/dPrKPz8ZcgvqeClCDnGQLR+UBOIV8/nbuLk/jQxcw+KRl4+OziFeDnHdHdk1ZeSrF8ek7ThCX/MIz3t0/UPv+X0kZQEpwtOYrrLqeYLh3syUKdnVm9N96erv3UWKfSot5dch5EEMDLvli48rZtbqDrNCdx1bg8/CLj56OvmVxKtyPrUW/DZ3euG7PuL4Crrxw1ZeafTWHINpGoTZDrpOfanLEO5BtK65WY6J18ggJ467P9SgpeC2MeRnCJu6WaH1nqRSM5KitDYwhMFFlcdGKDUF30pCUf/W63BZ8AokJFozuhwtTbCWJHAk39j/wYoU+S0MfIhb/5gZu2vs+2Qnkle6r0ew8AS3l0BNcNJbbSdWKnGbYo8uUAtUh6GmK4ADYFx2z8h31z7kONzFAeE03nAkhAEoDtUccDNUlwF6WBeQdaIKYk2lVwU0bi5C4L5RM5qanAlKvsWtqQ7re5B0nbn4QcnGFLBJZsLmxSzX73e+9MRxTaPUyVoPmAsELLuOMBL7y3wqBtmNeLPRih+7zfn2AwQGaZ/UgnfX1s2gJtx3+OnCy8GMRbaxTd+8AM2JkZsFpkQjwG+eI1HE28dELHcpeDZ4ZqzGUh4Xlgq15kmaXo3Ww89Ukq/QCMHs6xqQdbw4ra84Oh33Stt7YFtL+xVcJkoAzIVYKeoJDtqIwPf+LXukvAUZyMbaLSmEJTsfNnKkhsGU1clxyZXs6DK0EaP3LCY6iw9tv096PkrI9wFFNNxbIjuERkQK4xdus506s=,iv:rUJIqoZa9pSMUxSqUmUKnlUahKLEW/vzzmNI4V0LniE=,tag:EKExs0ms3LbIh7FJA923aA==,type:str]
     key.pem: ENC[AES256_GCM,data:jhYr/fFLvWOGKb7poh3reEDs6WatAoVgYEWw7Y5jwI06eAUO7yQCPpJefKZ+/0VRi0noX71U9Ul/Nv7VNo5bnZ8Yf0fcVxw8FBo0tMXYwg5AMqnJOIr3B48UZUJ9JiWjKG53rE7iGSbnJ4rzvVxB1Opu/wcEDzY=,iv:90R7tjucK/ogTicwAYL5VZ7YF0gCU7KberPQNtAwkBU=,tag:ECCuskrOefltx11+lk2NBA==,type:str]
@@ -40,7 +43,7 @@ sops:
             N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
             RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-15T22:36:28Z"
-    mac: ENC[AES256_GCM,data:aKyHq9f7NtLPklPRFwY2un40K+0Ar86oMPVZrzoPHhihX3WwyIhZvru8d84+eU6m6z0rS94yUcmVe7i8wcX+oDXvMFbX5nh2RNp3C14oBIP0PHNyA1V3z1dCy4wsc9lcM6x1ah0zEuqIIMTOxLVue4x8XBTneeqK47F6HRoNiWw=,iv:pSGLJxuinPCi1FnfXGsLZwlFoJa6GeOX7/e28e9vFOA=,tag:Imb3gEYz88Hu7SYbdz0lYg==,type:str]
+    lastmodified: "2026-01-23T19:01:32Z"
+    mac: ENC[AES256_GCM,data:zJalz3o5HGhlSrmBBMQ0nRBnry/rJPymQlszJYXDPi7fK7utZpMkYRH7DxrT4U5xM7q36mFiFm4O/m8BFXdoKsOzCxpCsvHHhfVvOFuR1Knoza33xeej/gEvqQmImBO6oauFBi3ZJ8ABbV8JbzkE33tu0qaE4xgQ9kC2q/6utck=,iv:oP1BGicUARP+HGhmhLbgssx1xLiPoBdNdNXk7gFLqdY=,tag:LhJbW5SmxFQzYYLjIWeH0Q==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0