diff --git a/flake.lock b/flake.lock
index ae76547..97e3e93 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "kpp": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1688479784,
+        "narHash": "sha256-xCI0Q8pQK5JRHYwieQApHmLseuXLiHnsYVlxUVKLCQA=",
+        "owner": "fsr",
+        "repo": "kpp",
+        "rev": "bf78c8481cbd1a43a122da90a63bbd0ed257b244",
+        "type": "github"
+      },
+      "original": {
+        "owner": "fsr",
+        "repo": "kpp",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1685004253,
@@ -34,6 +54,7 @@
     },
     "root": {
       "inputs": {
+        "kpp": "kpp",
         "nixpkgs": "nixpkgs",
         "sops-nix": "sops-nix"
       }
diff --git a/flake.nix b/flake.nix
index 86b419c..c86ab7e 100755
--- a/flake.nix
+++ b/flake.nix
@@ -3,9 +3,11 @@
     nixpkgs.url = github:nixos/nixpkgs/nixos-23.05;
     sops-nix.url = github:Mic92/sops-nix;
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    kpp.url = "github:fsr/kpp";
+    kpp.inputs.nixpkgs.follows = "nixpkgs";
     # fsr-infoscreen.url = github:fsr/infoscreen; # some anonymous strukturer accidentally removed the flake.nix
   };
-  outputs = { self, nixpkgs, sops-nix, ... }@inputs:
+  outputs = { self, nixpkgs, sops-nix, kpp, ... }@inputs:
     {
       #packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage;
       packages."x86_64-linux".quitte = self.nixosConfigurations.quitte-vm.config.system.build.vm;
@@ -36,10 +38,12 @@
           system = "x86_64-linux";
           modules = [
             inputs.sops-nix.nixosModules.sops
+            inputs.kpp.nixosModules.default
             ./hosts/quitte/configuration.nix
             ./modules/options.nix
             ./modules/base.nix
             ./modules/sops.nix
+            ./modules/kpp.nix
             ./modules/ldap
             # ./modules/keycloak.nix replaced by portunus
             ./modules/mail.nix
diff --git a/modules/kpp.nix b/modules/kpp.nix
new file mode 100644
index 0000000..7767711
--- /dev/null
+++ b/modules/kpp.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+let
+  domain = "kpp.${config.fsr.domain}";
+in
+{
+  services.kpp = {
+    enable = true;
+    hostName = domain;
+  };
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+}