diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index be78da0..e52b7ac 100644
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -17,7 +17,7 @@ in
       redisCreateLocally = true;
       uwsgiConfig = {
         socket = "/run/searx/searx.sock";
-        http = ":8888";
+        http = ":${builtins.toString service.ports.port0}";
         chmod-socket = "660";
       };
       settings = {
@@ -52,7 +52,7 @@ in
 
         server = {
           base_url = host;
-          port = 8888;
+          port = service.ports.port0;
           bind_address = localhost;
           secret_key = config.sops.secrets.searx-key.path;
           limiter = true;
@@ -152,22 +152,10 @@ in
             redir /.well-known/carddav /remote.php/dav/ 301
             redir /.well-known/caldav /remote.php/dav/ 301
 
-            reverse_proxy ${localhost}:${toString service.ports.port0} {
-                header_up X-Forwarded-Proto https
-                header_up X-Real-IP {remote_host}
-                header_up Host {host}
-            }
+            reverse_proxy ${localhost}:${toString service.ports.port0}
 
             tls ${service.ssl.cert} ${service.ssl.key}
 
-            header {
-                Strict-Transport-Security "max-age=31536000; includeSubDomains"
-                X-Content-Type-Options "nosniff"
-                X-Frame-Options "DENY"
-                Referrer-Policy "no-referrer"
-                X-XSS-Protection "1; mode=block"
-            }
-
             encode zstd gzip
           '';
         };
@@ -199,7 +187,7 @@ in
   networking = {
     firewall = {
       allowedTCPPorts = [
-        8888
+        service.ports.port0
       ];
     };
   };