diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index 1b33e663a98d..1cf330ae9cb9 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -34,6 +34,8 @@
 
 - [Bat](https://github.com/sharkdp/bat), a {manpage}`cat(1)` clone with wings. Available as [programs.bat](options.html#opt-programs.bat).
 
+- [Whoogle Search](https://github.com/benbusby/whoogle-search), a self-hosted, ad-free, privacy-respecting metasearch engine. Available as [services.whoogle-search](options.html#opt-services.whoogle-search.enable).
+
 - [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable).
 
 - [waagent](https://github.com/Azure/WALinuxAgent), the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. Available with [services.waagent](options.html#opt-services.waagent.enable).
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index d3963d6114cc..783f20546af4 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1291,6 +1291,7 @@
   ./services/networking/websockify.nix
   ./services/networking/wg-access-server.nix
   ./services/networking/wg-netmanager.nix
+  ./services/networking/whoogle-search.nix
   ./services/networking/wvdial.nix
   ./services/networking/webhook.nix
   ./services/networking/wg-quick.nix
diff --git a/nixos/modules/services/networking/whoogle-search.nix b/nixos/modules/services/networking/whoogle-search.nix
new file mode 100644
index 000000000000..4665cfc5793d
--- /dev/null
+++ b/nixos/modules/services/networking/whoogle-search.nix
@@ -0,0 +1,70 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.services.whoogle-search;
+in
+{
+  options = {
+    services.whoogle-search = {
+      enable = lib.mkEnableOption "Whoogle, a metasearch engine";
+
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 5000;
+        description = "Port to listen on.";
+      };
+
+      listenAddress = lib.mkOption {
+        type = lib.types.str;
+        default = "127.0.0.1";
+        description = "Address to listen on for the web interface.";
+      };
+
+      extraEnv = lib.mkOption {
+        type = with lib.types; attrsOf str;
+        default = { };
+        description = ''
+          Extra environment variables to pass to Whoogle, see
+          https://github.com/benbusby/whoogle-search?tab=readme-ov-file#environment-variables
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    systemd.services.whoogle-search = {
+      description = "Whoogle Search";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.whoogle-search ];
+
+      environment = {
+        CONFIG_VOLUME = "/var/lib/whoogle-search";
+      } // cfg.extraEnv;
+
+      serviceConfig = {
+        Type = "simple";
+        ExecStart =
+          "${lib.getExe pkgs.whoogle-search}"
+          + " --host '${cfg.listenAddress}'"
+          + " --port '${builtins.toString cfg.port}'";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        StateDirectory = "whoogle-search";
+        StateDirectoryMode = "0750";
+        DynamicUser = true;
+        PrivateTmp = true;
+        ProtectSystem = true;
+        ProtectHome = true;
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+
+    meta.maintainers = with lib.maintainers; [ malte-v ];
+  };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 74d98935e54d..b56d7183a527 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1149,6 +1149,7 @@ in {
   webhook = runTest ./webhook.nix;
   weblate = handleTest ./web-apps/weblate.nix {};
   whisparr = handleTest ./whisparr.nix {};
+  whoogle-search = handleTest ./whoogle-search.nix {};
   wiki-js = handleTest ./wiki-js.nix {};
   wine = handleTest ./wine.nix {};
   wireguard = handleTest ./wireguard {};
diff --git a/nixos/tests/whoogle-search.nix b/nixos/tests/whoogle-search.nix
new file mode 100644
index 000000000000..0f25609601ee
--- /dev/null
+++ b/nixos/tests/whoogle-search.nix
@@ -0,0 +1,24 @@
+import ./make-test-python.nix (
+  { pkgs, lib, ... }:
+  {
+    name = "whoogle-search";
+    meta.maintainers = with lib.maintainers; [ malte-v ];
+
+    nodes.machine =
+      { pkgs, ... }:
+      {
+        services.whoogle-search = {
+          enable = true;
+          port = 5000;
+          listenAddress = "127.0.0.1";
+        };
+      };
+
+    testScript = ''
+      machine.start()
+      machine.wait_for_unit("whoogle-search.service")
+      machine.wait_for_open_port(5000)
+      machine.wait_until_succeeds("curl --fail --show-error --silent --location localhost:5000/")
+    '';
+  }
+)