diff --git a/host/configuration.nix b/host/configuration.nix
index 0b8f8c0..70f4ceb 100644
--- a/host/configuration.nix
+++ b/host/configuration.nix
@@ -11,6 +11,7 @@
     ./../nixosModules/syncthing.nix
     ./../nixosModules/nextcloud.nix
     ./../nixosModules/wakapi.nix
+    ./../nixosModules/eko.nix
   ];
 
   boot.loader.grub = {
@@ -43,6 +44,7 @@
   syncthing.enable = true;
   nextcloud.enable = false;
   wakapi.enable = true;
+  eko.enable = true;
 
   # Automatically pull this config from git
   autoUpdate.enable = true;
diff --git a/nixosModules/eko.nix b/nixosModules/eko.nix
new file mode 100644
index 0000000..c76774d
--- /dev/null
+++ b/nixosModules/eko.nix
@@ -0,0 +1,67 @@
+{ pkgs, lib, config, ... }: {
+
+  options = {
+    eko.enable = lib.mkEnableOption "enables eko";
+  };
+
+  config = lib.mkIf config.eko.enable {
+    users.groups.eko = { };
+    users.users.eko = {
+      createHome = false;
+      isNormalUser = true;
+      group = "eko";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7P9K9D5RkBk+JCRRS6AtHuTAc6cRpXfRfRMg/Kyren"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbntLELS9l2auPVZtCtQ6KYQNka72qDbTdkDtX9rkyJ"
+      ];
+    };
+
+    # Make sure the "eko" user has access to /srv/eko
+    systemd.tmpfiles.rules = [
+      "d /srv/website 0750 eko eko"
+    ];
+
+    # Open port for the server to listen on
+    networking.firewall.allowedTCPPorts = [ 7223 ];
+
+    sops.secrets.eko-server-cert-key = { owner = "eko"; };
+
+    systemd.services.eko = {
+      description = "Eko (a secure terminal-based social media)";
+
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      script = ''
+        cd /srv/eko
+        SERVER_CERT_KEY_FILE=${config.sops.secrets.eko-server-cert-key.path} ./eko-server
+      '';
+
+      serviceConfig = {
+        User = "eko";
+        Group = "eko";
+
+        # Hardening
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+          "AF_UNIX"
+        ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+
+        Restart = "always";
+        RestartSec = "10s";
+      };
+    };
+
+  };
+}
diff --git a/nixosModules/secrets.yaml b/nixosModules/secrets.yaml
index 9da74c2..fcc93d6 100644
--- a/nixosModules/secrets.yaml
+++ b/nixosModules/secrets.yaml
@@ -4,6 +4,7 @@ gitea-db-password: ENC[AES256_GCM,data:LHru7hpuT9dmEsfEfcsejfcyoNo2JHITmDzxcqHsj
 syncthing-gui-password: ENC[AES256_GCM,data:CSQuswlhnCX1ChRTffWvIFodQ3vU4PmlDj8H7MjtQ7aWEok330V2Cqs/4EV0PnVtFd3uBCQ=,iv:TqNYonoB7ygN3PT67MFjythf8a+gNPEwDNdtNadMHQk=,tag:hnGs0Z59EGOUKtit9wGD+A==,type:str]
 nextcloud-admin-password: ENC[AES256_GCM,data:qLpqlcZtXt5q1U0okGplawLP/9xK0M8rM7uMdu6j1ld8G4rT8QhM8dyBTJWQPdopoCbjaOE=,iv:iMZqEOq/zDbCXwAr838SNAi0OyLOaN6RXC6XM4ttNF8=,tag:m7I2Lj0ykm5U9mWr4f/tXA==,type:str]
 nextcloud-kyren-password: ENC[AES256_GCM,data:2pAnsX1HHPbA4+3jAtZqQBW0oXX5OtqHQXBxLDlmHs5oT0jxHWY52Wpxh89eW7VOECGI/ro=,iv:mwPgmaAAnRwfy5tl6G+jOQHB4usV3dr86rksL69Ai0Y=,tag:g50tkVft/RatU4BQ6aRpLA==,type:str]
+eko-server-cert-key: ENC[AES256_GCM,data:rfz5M5fhpheObzhmzx1nABXVXwwOeWqmZbmO5yvavIAg/hQrJAW7efdmKNhbhyvribMCqNPBzWvdK69XEDL4+gdEcwp92w03t2XbdFqPTo4cFbU/a2akA1/+YXg13nNbJbeKGTd744f/lRlKrDdn3M303fjDasqwJYINg2JIxg36gB/aKYHGITWPWF+pdqeLdud63W6Zgbf9Sj3A38uxdJvphTYQU+Xy0sEOIbvhmN8/hDcVTtuxnU6YukVuN0Tt4hw/nrVsEVxHrXOb9zKBmbrR0E3N0s1xhzRDH2dvR1BKvLfnr6Nn39acrMjA08FL7qB6EprgkMeWIYv3r4X5AYCkDGJcynTuQo4KtcZxoEUGD0nPklD4haY25Xl+XKshRqdGw1ntqyc2O/FCzqILv1lEDW1pOWWVRwa0BWtz0jZXM4b2OABsXSmxrg0s1ABUh4SvcATHzGUmydJeIcJFxtsZlSCAy5OPLFlTO9o9tyKbzqyLRFri0Ood1kLTa0SuDIWxptS2MdENszcgBps6sR7wYr4flRQnn4myR0nEUkeFsRUaj0ej8re+6eBCDYmds9yGLwsOpUjsAuoRcm0s//04utf4897e2sknGJPbFGzr+vtUfIX/weZ+VlrOSvtwJcnTMnCOZFQEhuCzoa5CFei+p2mmjybv803HMgQSd49QHRWGU1cKXdG6guzEiOZbSBkWKWQp/iqXjgDb+IndYukMaxreTT3gimuon5XsrQRxK1k8q93YV7Td9jVe8ANq5nOCV71g5yVUMDruMXhMkrVm/Nnkf1n9IbDOdVZv2OQSRK5Bt/1q6n42cu1ez0nMb6MbzfMyTuKGaYr5oFt6zrEYpMzRtNv2SHnPG5IfHtmkuMHUdWXOCv2odMEThuVN9tMX5LWxaIKf67SSPIkYFRU+oBEFki2OuiMiYQhucxolq5i3nTklnfME+6QDg7YgrSaZMD+rURiu0TQtEYN05Z+qx1gmChDiFm2jZ9yfG3IIi6DWiboPIDbuxDpDYfwOaclBht90+Nv9MyF2y/lONHiY4G9r/xeCZIMVD75CMswjM+bUUHdbKXgRl3FKpI5gajgBDbO534iin/OpKrp565yGvfp6yd5ekZEl+PJALe9YDsS52UnyQZMqtswY7zy01HQTPBEZWwk6IksBb/Qr9e8CbfNlzCzZt3SfwWA2tG9FlwdVomj1BcJ+qxKgY4rjl8CxaVqnHAkidtODebW20K/0Jw51M/b6fkkWeNC/4eQycu9fBiGQ1btuNs70LvlLOOp4bNe+JtZ0G1HSI/3oCL6c3qIalyfnje/0PkTgUhZwZRsrPMCUuC9Xxosx8hI5kjpNxpUW5/vkXQzrqjl9VOzqadwAFH8UYTuLtYvNlTHZPICS7ziOXOt3n9iG0OtEw20iRmmukD1FYQQauGwFIhRxnhVPIucAFTc+vrqkwWsVbaBkIZGsUp4wUYsTnb5r0yXKBL06y/vDuQETQf2cYPMNGMgrM0lnQ688T+CSiOpqGpi4YYly/ww8s1525Yj9gzmo6jhPLRYo507ryDnq/zeZOKaoBD+3hESti4o5wIH1F7lZAhivm43PA+rW+930OoC6H9KaTwIYVZggTJrvPk24ewHSjR8JE6IvQgv30U/4/N75bMQMyyKgwr2DQhIofWpsaQodxbQVt+OQ0yL8ZUVD/sTf4Tf3T6bNw2myEt2pocFES3ZlU+dmG+S7SxMp84WbqXZB0Tt+r78VW+4pdl3GfXPGJnnm/wuYrpwgeAA9ovngN3acUlDKZxVuHjwO7pcTRcKxvNVxpa+H+guzVMvg673xVZa53ccURIfgB4gOCAZQyzOxRRnX8iWQuQRD7A3VRl0auHw3V15Kv8IkC5qvMI4gOr3bZ6kCrFTHu17ZU1y8ebJ719XeFJzXYPC+abk9g/7ZmQGMZPoWC91uzmFzwCBySacYDHBPDUgVbOdTWOoQBypA4JdlZXa8d/tTXSdsC3g8vtBxhbB/PbplK9aeNQ79xkkyKU+xUVf+sO5NWHKWboaVf7l4QhiFIIM9YCyT0yONWVjN4bnUbKMWDKns0HE5Zt63ixPa1dL5VMSWjMLM4VoyNcAOG5vK/hOryFv05xLDzbRDgAdV9YLUs/PDaR8ZC3VbosxjAW6C5mNldFf5/GuZfGGCLedrMjoI0cq7xCmh3OzO2MS2dLnnVby+j2OrW9VYm3P0rw0BP+2hBC9WhGB+Fbdw4N8H6eRWHHi7Av7UmdRSE77CDsNti7vdWZdhRKI3,iv:pTjCk5oIJbsu1mWRFN5jdYgPVeX7E2GV7I9Y5ZmXkDg=,tag:9HY0Q3afcguJfKx3D7Ffww==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -19,8 +20,8 @@ sops:
             b254YjZLRm9odks2Y1Erdk1NSU1CVncKnhMnBLjSLfMO3A7gTUI9vIRQvaK07I7k
             mQdtsGZM+1FqlbxsFIoqji+xrqAvcBQENott5+tuFM+ePT5EjQUYGg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-31T20:31:45Z"
-    mac: ENC[AES256_GCM,data:4zIYkvldOKty7VFXB8GlCwqcJ1PMVGjXHlnlGAnmXK+o+EMgx4SPLrCR9UB9RTDPBxecjWMlLK+m4vookZGOEot5wDDzbMvcoabLmLZG8wCKkN/ZjVcQnHUZ4Efkd8djZ1DNRukGAwoSdu9QJFKMgCxXRfMJRCnU5JLThe3hlrQ=,iv:SmhjSUh7cPuTNHS9Y8k4zol7misiej+qZDTxl0AeUAE=,tag:kpdk7QDyTioLsgnuxZ6aPA==,type:str]
+    lastmodified: "2025-01-08T19:32:27Z"
+    mac: ENC[AES256_GCM,data:S9lMzFE5WQgSrs6j1oUSt4bWCnzGEikky2qHjNT/MMBnnGouws+NnOw6Aak+9BcazYvweQKT1iNMzB4zLRDryU71JNXAu6XmO4tbThmcSzjLIensTFX40r7e5QivljMOUT+de7X/Q6kknQ2TS7rrQi4rYRT3vylU/FaGlhYDPqw=,iv:FsalgaN/g9DHteawRT3klC/Ji8YIGHizr3vJPhZ4SCQ=,tag:O7dj3Zt4hwmMYC7W5SQ3Ew==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1