diff --git a/modules/services/default.nix b/modules/services/default.nix
index bea2139..268a3a5 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -20,6 +20,7 @@
     ./navidrome
     ./nextcloud
     ./nginx
+    ./nix-serve
     ./paperless
     ./pirate
     ./podgrab
diff --git a/modules/services/nix-serve/default.nix b/modules/services/nix-serve/default.nix
new file mode 100644
index 0000000..0cf1573
--- /dev/null
+++ b/modules/services/nix-serve/default.nix
@@ -0,0 +1,57 @@
+# Binary cache through nix-serve
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.nix-serve;
+in
+{
+  options.my.services.nix-serve = with lib; {
+    enable = mkEnableOption "nix-serve binary cache";
+
+    port = mkOption {
+      type = types.port;
+      default = 5000;
+      example = 8080;
+      description = "Internal port for serving cache";
+    };
+
+    secretKeyFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/nix-serve";
+      description = "Secret signing key for the cache";
+    };
+
+    priority = mkOption {
+      type = types.int;
+      default = 50;
+      example = 30;
+      description = ''
+        Which priority to assign to this cache. Lower number is higher priority.
+        The official nixpkgs hydra cache is priority 40.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nix-serve = {
+      enable = true;
+
+      bindAddress = "127.0.0.1";
+
+      inherit (cfg)
+        port
+        secretKeyFile
+        ;
+
+      package = pkgs.nix-serve-ng;
+
+      extraParams = "--priority=${toString cfg.priority}";
+    };
+
+    my.services.nginx.virtualHosts = [
+      {
+        subdomain = "cache";
+        inherit (cfg) port;
+      }
+    ];
+  };
+}