diff --git a/1systems/savarcast/config.nix b/1systems/savarcast/config.nix
index 29a6072..dcf7e8a 100644
--- a/1systems/savarcast/config.nix
+++ b/1systems/savarcast/config.nix
@@ -33,6 +33,7 @@
       # services
       ../../2configs/bgt/savarcast/download.nix
       ../../2configs/bgt/savarcast/comments.nix
+      ../../2configs/bgt/savarcast/search.nix
 
       # backup
       #../../2configs/backup/state.nix
diff --git a/2configs/bgt/savarcast/comments.nix b/2configs/bgt/savarcast/comments.nix
index c9cc5b4..4977530 100644
--- a/2configs/bgt/savarcast/comments.nix
+++ b/2configs/bgt/savarcast/comments.nix
@@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:
 let
   configFile = config.sops.secrets."isso.conf".path;
-  searchdir = "/var/www/search";
 in {
 
   sops.secrets."isso.conf" = {
@@ -14,21 +13,8 @@ in {
     isSystemUser = true;
   };
 
-  users.users.stork = {
-    group = "stork";
-    isNormalUser = true;
-    home = searchdir;
-    createHome = false;
-    openssh.authorizedKeys.keys = [
-      # GitHub deploy search (bgt_github_deploy.pub)
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrj6cLVxv6LR0INj2OL/EVdEFMZSk0fOc0pCeXVTirz hi@l33t.name"
-    ];
-  };
-
   users.groups.isso = {};
 
-  systemd.tmpfiles.rules = [ "d ${searchdir} 0770 stork nginx - -" ];
-
   services.isso.enable = true;
   # override the startup to allow secrets in the configFile
   # following relevant config is inside:
@@ -40,15 +26,8 @@ in {
   systemd.services.isso.serviceConfig.ExecStart = lib.mkForce "${pkgs.isso}/bin/isso -c ${configFile}" ;
   systemd.services.isso.serviceConfig.DynamicUser = lib.mkForce false;
 
-  services.nginx.virtualHosts."search.binaergewitter.de" = {
-    locations."/" = {
-      root = "/var/www/search/";
-      tryFiles = "/bgt.st =404"; 
-    };
-  };
   # savarcast is behind traefik, do not configure tls
   services.nginx.virtualHosts."comments.binaergewitter.de" = {
-    locations."= /bgt.st".root = "/var/www/search/";
     locations."/".proxyPass = "http://localhost:9292";
   };
 
diff --git a/2configs/bgt/savarcast/search.nix b/2configs/bgt/savarcast/search.nix
new file mode 100644
index 0000000..411de66
--- /dev/null
+++ b/2configs/bgt/savarcast/search.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+let
+  searchdir = "/var/www/search";
+in {
+
+  users.users.stork = {
+    group = "stork";
+    isNormalUser = true;
+    home = searchdir;
+    createHome = false;
+    openssh.authorizedKeys.keys = [
+      # GitHub deploy search (bgt_github_deploy.pub)
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrj6cLVxv6LR0INj2OL/EVdEFMZSk0fOc0pCeXVTirz hi@l33t.name"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [ "d ${searchdir} 0770 stork nginx - -" ];
+
+  # savarcast is behind traefik, do not configure tls
+  services.nginx.virtualHosts."search.binaergewitter.de" = {
+    locations."/" = {
+      extraConfig = ''
+        add_header Access-Control-Allow-Origin *;
+'';
+      root = "/var/www/search/";
+      tryFiles = "/bgt.st =404"; 
+    };
+  };
+}