diff --git a/hosts/dalinar/default.nix b/hosts/dalinar/default.nix
index e0ba3c9..f1ad30c 100644
--- a/hosts/dalinar/default.nix
+++ b/hosts/dalinar/default.nix
@@ -257,40 +257,44 @@
       };
       "https://search.dalinar.home.johannes-rothe.de" = {
         extraConfig = ''
-          reverse_proxy localhost:${builtins.toString config.services.searx.settings.server.port}
+          reverse_proxy ${config.containers.searx.localAddress}:${builtins.toString config.containers.searx.config.services.searx.settings.server.port}
         '';
       };
     };
   };
 
-  services.searx = {
+  networking.nat = {
     enable = true;
-    environmentFile = config.sops.templates."searx-env".path;
-    settings.server = {
-      port = 8181;
-      bind_address = "127.0.0.1";
-      secret_key = "@SEARX_SECRET_KEY@";
+    internalInterfaces = [ "ve-searx" ];
+    externalInterface = "eno1";
+  };
+
+  containers.searx = {
+    autoStart = true;
+    ephemeral = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.2";
+    localAddress = "192.168.100.3";
+    bindMounts."/run/secrets/searx-env" = {
+      isReadOnly = true;
+      hostPath = config.sops.templates."searx-env".path;
+    };
+    config = { config, ... }: {
+      networking.firewall.allowedTCPPorts = [ config.services.searx.settings.server.port ];
+      system.stateVersion = "24.11";
+      services.searx = {
+        enable = true;
+        environmentFile = /run/secrets/searx-env;
+        settings.server = {
+          port = 8181;
+          bind_address = "192.168.100.3";
+          secret_key = "@SEARX_SECRET_KEY@";
+        };
+      };
     };
   };
 
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
-  # to actually do that.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.11"; # Don't change
 
 }