diff --git a/flake.nix b/flake.nix
index c1f61cd..ef0826d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,7 +11,7 @@
         pkgs-stable = nixpkgs-stable.legacyPackages.${system};
         pname = "some-automoderation";
         version = "0.0.1";
-      in {
+      in rec {
         devShells.default = pkgs.mkShell {
           buildInputs = [
             pkgs.go
@@ -40,5 +40,88 @@
           };
           default = some-automoderation;
         };
+        nixosModules.some-automoderation-module = { lib, pkgs, config, ... }:
+          let
+            cfg = config.services.${pname};
+          in {
+            options.services.${pname} = {
+              enable =
+                lib.mkEnableOption "Enable Some-Automoderation web service";
+              host = lib.mkOption {
+                type = lib.types.str;
+                default = "127.0.0.1";
+                description = "Host to bind to.";
+              };
+              useNginx = lib.mkOption {
+                type = lib.types.bool;
+                default = true;
+                description =
+                  "Whether to set up nginx reverse proxy";
+              };
+              port = lib.mkOption {
+                type = lib.types.int;
+                default = 8090;
+                description =
+                  "Port to listen on. Use 443 for tls when no nginx, usual plaintext is 8090.";
+              };
+              redisPort = lib.mkOption {
+                type = lib.types.int;
+                default = 7777;
+                description = "Port on which to connect to redis database.";
+              };
+              useHostTls = lib.mkOption {
+                type = lib.types.bool;
+                default = false;
+                description =
+                  "Whether virtual host should enable NixOS ACME certs";
+              };
+            };
+            config =
+              let
+              username = "${pname}";
+              groupname = "${pname}";
+            in
+              lib.mkIf cfg.enable {
+              users.groups."${groupname}" = { };
+              users.users."${username}" = {
+                isNormalUser = true; # needed to allow for home dir
+                group = "${groupname}";
+              };
+              systemd.services.${pname} = {
+                description = "Some Automoderation systemd service";
+                wantedBy = [ "multi-user.target" ];
+                after = [ "network.target" ];
+                startLimitIntervalSec = 30;
+                startLimitBurst = 10;
+                serviceConfig = {
+                  ExecStart = let
+                    serveCliArg =
+                      "--port ${toString cfg.port} --redisPort ${toString cfg.redisPort}";
+                  in "${packages.some-automoderation}/bin/${pname} ${serveCliArg}";
+                  Restart = "on-failure";
+                  User = "${username}";
+                  Group = "${groupname}";
+                };
+              };
+              services.nginx = lib.mkIf cfg.useNginx {
+                virtualHosts.${cfg.host} = {
+                  forceSSL = cfg.useHostTls;
+                  enableACME = cfg.useHostTls;
+                  locations."/" = {
+                    proxyPass = "http://127.0.0.1:${toString cfg.port}";
+                  };
+                };
+              };
+              services.redis.servers.${pname} = {
+                enable = true;
+                user = "${username}";
+                port = cfg.redisPort;
+                settings = {
+                    notify-keyspace-events = "KEA";
+                  }
+                ;
+              };
+            };
+          };
       });
 }