diff --git a/modules/servers/nix-serve.nix b/modules/servers/nix-serve.nix
new file mode 100644
index 0000000..9b2e3f3
--- /dev/null
+++ b/modules/servers/nix-serve.nix
@@ -0,0 +1,28 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.servers.nix-serve;
+  setup = import ./setup.nix { inherit lib config; };
+in
+{
+  options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;
+  config = lib.mkIf cfg.enable {
+    sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml;
+    services = {
+      nix-serve = {
+        enable = true;
+        openFirewall = true;
+        package = pkgs.nix-serve-ng;
+        port = cfg.port;
+        secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path;
+      };
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
+        setup.proxyReverse cfg.hostName cfg.port // { }
+      );
+    };
+  };
+}
diff --git a/secrets/keys.yaml b/secrets/keys.yaml
index 1745d1c..f3c1cc0 100644
--- a/secrets/keys.yaml
+++ b/secrets/keys.yaml
@@ -1,3 +1,7 @@
+private_cache_keys:
+    miniserver: ENC[AES256_GCM,data:Qr7TFZodQKUK/v2IcvVtjk2hv7JlPHbztn7pEgxBHeo55Kzj/Dme+iNcF5nt/nrO2kooKPHdXkB6JpcyUh4/1Uv63VDgZ4S10VZaT9ZuretA0uODagaAo12HaKDPn/j6kVCmEKLDqBXZCoI=,iv:Dq6fpnJRRWub1CHAvBcvmtrhE2qglzuhBjsfAEgxpIM=,tag:WF4fXIqm3iVipnJk6fIzFQ==,type:str]
+public_cache_keys:
+    miniserver: ENC[AES256_GCM,data:HttfFZyf+Cs+mMlsF43Kel0Kvivw/ONH8SQukPzPMz/ehdalXS3h4YxExUO+2UYv85DoddSEn5PFRgTwlCX4,iv:9M2/NkRQZII0v1ljlpu3AEZSNRaWv+444EMiex6dums=,tag:l+zHv94Fd2VB2/+KhQ74lQ==,type:str]
 public_keys:
     age: ENC[AES256_GCM,data:zHxSM0lMbOFgxR0zV/byXg1qfZ2fz+coAEnUg64HCYTir6Fbf4lKKLJPuN7md42IsCgzBkE2aR6EXfDxRNZk59kYqZw4GZtOQV9FWmeB5JsUwGP1TapRebmR/zcjgbwQ,iv:ispmW1I50n8WKn/34V+gdicEb7396SK7OcTLQWKq4+4=,tag:8PivakR8Mo/w2j0rLt/dUA==,type:str]
     workstation: ENC[AES256_GCM,data:g1qejAegE2WLQ8pW868ZOuCzxIeKAPnSTl1tfMS5WEZCI1iwFA8L5N/nEwPWpzr1AhnKAP2CxnguBes7AgR9qzaFf56fVByfA4Zc5LqYBiSyCpZ7mF/nGrcQzMiqttJq5g==,iv:58/tWUjNdLzOHrliAlyhtZSNEakA1sphYrrqcWRTIMY=,tag:1fY94k11cvNploDtbglQ/w==,type:str]
@@ -74,8 +78,8 @@ sops:
             dklwODNxYVo4a2FaWDJFM0FnV1l3SlUKMnq/MAJRwR7iEri2KomPrMj0gTkMyhzH
             P5E4zheU7chJTAz5jf6iecyOvKAt6q5g9Q1MU0D6dkOcv2gzWSNAAw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-22T07:14:18Z"
-    mac: ENC[AES256_GCM,data:K3oC/OqRJyTZiCuTz/elzUjSl4sxjlkk3l9ePZ8ozTQQkXsbv/8f0uKFQwVnsErIxoKnpRhrxiQbeYFvXOIUH1ve3Bv6TDcGbFwmKZb9PTFaa/BT79+WYWkFNGk+WzExfOGf2lsSThtgqNUJhCPsdXOSbe1VLPYuKteo7/u55ys=,iv:kF1Yus8eXjkcQFy+sl3M01nJq4lWmNUyPB3Mxb37wGU=,tag:VkByqvYVmZVUXTEeHYorzA==,type:str]
+    lastmodified: "2024-11-12T19:33:07Z"
+    mac: ENC[AES256_GCM,data:qTNxQX0G3JleBKt1+ki6weEzYlyuLT0xz70gVxHFgnJbJdFbS0H/wHhLkE5P/AHwjgvX/Ol1zRCYrR7piNmvBA2Kn6R9gCzACZDWpupvrSOrRaA5sz2u42omQAs2mlWxtAzcysUobx4gwHb/qZo2k/2+UFQRU2CfLuzyxN+Znw4=,iv:ocdRnrgvKwliFo75Al5JCGvhp2UVTgZJjrVSswK02pA=,tag:fYB6gLeD9VQ2lklepVMNtA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.1