diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index c5cc8a8..b85e83a 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -9,6 +9,7 @@
       ./modules/nextcloud
       ./modules/vaultwarden
       ./modules/nginx
+      ./modules/nix-serve
     ];
 
   boot = {
diff --git a/hosts/nuc/modules/nix-serve/default.nix b/hosts/nuc/modules/nix-serve/default.nix
new file mode 100644
index 0000000..42dc333
--- /dev/null
+++ b/hosts/nuc/modules/nix-serve/default.nix
@@ -0,0 +1,18 @@
+{config, ...}:
+let
+  domain = "cache.rfive.de";
+in
+{
+  sops.secrets."nix-serve/secretkey" = {};
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.sops.secrets."nix-serve/secretkey".path;
+  };
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
+    };
+  };
+}
diff --git a/secrets/nuc.yaml b/secrets/nuc.yaml
index e7fa8ea..21fae0b 100644
--- a/secrets/nuc.yaml
+++ b/secrets/nuc.yaml
@@ -1,3 +1,6 @@
+nix-serve:
+    secretkey: ENC[AES256_GCM,data:h4d4CYXm58qpYoiZenS1ARRQkmfX0Q/wGtArNUpCFyD82grl189a9yZ6rPN3MOGHVsTdvZ57N1G8mGnnQYBUf66ZJuQQOr5HhjehenvRv4ZjVzT19zg4U9OyCbCaFPprJXfskyrq0A==,iv:RRezZwpmxR7ZtUE4LDevloWwi5fKkNb7hohXZgfyVVw=,tag:HN7TiFZV1LrrBnl7iv859A==,type:str]
+    publickey_unencrypted: cache.rfive.de:2E/yzJduGj4SJqYqDhpXO7aM2m5buMMUHN64EZdml3I=
 nextcloud:
     adminpass: ENC[AES256_GCM,data:Y7JrzfJTDEZa60r4LCU8gS+HH5eRc7UY1g==,iv:axm69xiZhIiJgz/PLshhAfMCo9B9qnENeDTdSy08WDw=,tag:wM81yqHQlQQZXIjcrJ+Ovg==,type:str]
 vaultwarden:
@@ -17,8 +20,8 @@ sops:
             VmxkWFRsK1IzaG45TmVhVXhkZTVHREUKm7EzsUBCv6/jV4Q5wg1oSLnwJ2bElxDi
             tWBWzo0oCQAk9mKDKLJoJu7xoCqDnrwhXjbxuvoWPkuAJmclUcZm1w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-17T20:34:58Z"
-    mac: ENC[AES256_GCM,data:WqW1hNH7Ug0NDYj/feA6ys/xf69R+TUCXaiCKR80nsyPYFviQh3u4ELYo8EWXHA5IO0zUZOxi7LGjDffanxIeXnpuPsoDXVdpdyGNrcJCXqAFZgRQ0yMR6n9ffK0yViYJVKDt3hBrAidhElOGNFQchKno7ozxgGS6tIPff27gvw=,iv:ED+R7Z1kA4YnLNaPPIh620BA0gfBRVQmo3C7CfLq9II=,tag:fb7eo1x7zfwJmIMP4sg3Xw==,type:str]
+    lastmodified: "2023-04-12T08:02:18Z"
+    mac: ENC[AES256_GCM,data:GcymfRqgh3f9YpFJ99Y4IhxiFHVIMGuPyMSfXbK7frk6n11vS1o/6qcOZg+Ja69Z2MiDxBnQ7n0JIus7f4A8dwcUEWziNbrvhWKjgq6RMrfElfHlmKvfbNUxJ+sV3vcmlwopv7vrip1Fu+BW/E08rNjppfCvwBfu2dyVmssnIwE=,iv:XBZO1q+ZwbuOKRuLxiKPh4vDSNuTkMsrxJPpeKhIW3k=,tag:UUKxKgTpDxTtHKE/QPnFLg==,type:str]
     pgp:
         - created_at: "2023-02-17T20:34:57Z"
           enc: |-