diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index eb1b7d7..f0d7c70 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -37,6 +37,7 @@
       qbittorrent.enable = true;
       sabnzbd.enable = true;
       unpackerr.enable = true;
+      plex.enable = true;
       jellyfin = {
         enable = true;
         enableCron = true;
diff --git a/modules/servers/plex.nix b/modules/servers/plex.nix
new file mode 100644
index 0000000..c24a577
--- /dev/null
+++ b/modules/servers/plex.nix
@@ -0,0 +1,93 @@
+{
+  lib,
+  config,
+  ...
+}:
+let
+  cfg = config.my.servers.plex;
+  setup = import ./setup.nix { inherit lib config; };
+in
+{
+  options.my.servers.jellyfin = setup.mkOptions "plex" "plex" 32400;
+  config = {
+    services = {
+      plex = lib.mkIf cfg.enable {
+        enable = true;
+        group = "piracy";
+      };
+      nginx = lib.mkIf cfg.enableProxy {
+        appendHttpConfig = ''
+          # JELLYFIN
+          proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=1d use_temp_path=off;
+          map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
+          map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
+        '';
+        virtualHosts."${cfg.host}" = {
+          forceSSL = true;
+          enableACME = true;
+          http2 = true;
+          serverAliases = [ "flix.rotehaare.art" ];
+          extraConfig = ''
+            #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
+            send_timeout 100m;
+
+            # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
+            ssl_stapling on;
+            ssl_stapling_verify on;
+
+            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+            ssl_prefer_server_ciphers on;
+            #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384.
+            ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+
+            # Forward real ip and host to Plex
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header Host $server_addr;
+            proxy_set_header Referer $server_addr;
+            proxy_set_header Origin $server_addr;
+
+            # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off.
+            gzip on;
+            gzip_vary on;
+            gzip_min_length 1000;
+            gzip_proxied any;
+            gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
+            gzip_disable "MSIE [1-6]\.";
+
+            # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
+            # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
+            client_max_body_size 100M;
+
+            # Plex headers
+            proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+            proxy_set_header X-Plex-Device $http_x_plex_device;
+            proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+            proxy_set_header X-Plex-Platform $http_x_plex_platform;
+            proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+            proxy_set_header X-Plex-Product $http_x_plex_product;
+            proxy_set_header X-Plex-Token $http_x_plex_token;
+            proxy_set_header X-Plex-Version $http_x_plex_version;
+            proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+            proxy_set_header X-Plex-Provides $http_x_plex_provides;
+            proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+            proxy_set_header X-Plex-Model $http_x_plex_model;
+
+            # Websockets
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            # Buffering off send to the client as soon as the data is received from Plex.
+            proxy_redirect off;
+            proxy_buffering off;
+          '';
+          locations."/" = {
+            proxyPass = cfg.local;
+          };
+        };
+      };
+    };
+  };
+}