diff --git a/.gitignore b/.gitignore
index d2a3d9e..90d9e6f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 borg-backup-repo
+miniflux-admin-credentials
diff --git a/configuration.nix b/configuration.nix
index d5e6cd0..27a5f71 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -80,13 +80,20 @@
       ];
       exclude = [];
     };
+
+    miniflux = {
+      enable = true;
+      adminCredentialsFile = "${./miniflux-admin-credentials}";
+      privatePort = 8080;
+    };
+
+    matrix.enable = true;
+
     monitoring = {
       enable = true;
       useACME = true;
       domain = "monitoring.${config.networking.domain}";
     };
-
-    matrix.enable = true;
   };
 
   security.acme.acceptTerms = true;
diff --git a/miniflux-admin-credentials.example b/miniflux-admin-credentials.example
new file mode 100644
index 0000000..38b670f
--- /dev/null
+++ b/miniflux-admin-credentials.example
@@ -0,0 +1,2 @@
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD=password
diff --git a/services/default.nix b/services/default.nix
index 357b49b..c1006e1 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./borg-backup.nix
     ./matrix.nix
+    ./miniflux.nix
     ./monitoring.nix
   ];
 }
diff --git a/services/miniflux.nix b/services/miniflux.nix
new file mode 100644
index 0000000..ab65fe5
--- /dev/null
+++ b/services/miniflux.nix
@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.my.services.miniflux;
+
+  domain = config.networking.domain;
+in {
+  options.my.services.miniflux = {
+    enable = mkEnableOption "Serve a Miniflux instance";
+
+    adminCredentialsFile = mkOption {
+      type = types.str;
+      default = null;
+      example = "./secrets/miniflux-admin-credentials";
+      description = "File containing ADMIN_USERNAME= and ADMIN_PASSWORD=";
+    };
+
+    privatePort = mkOption {
+      type = types.int;
+      default = 8080;
+      example = 8080;
+      description = "Port to serve the app";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # services.postgresql is automatically enabled by services.miniflux, let's
+    # back it up
+    services.postgresqlBackup = {
+      databases = [ "miniflux" ];
+    };
+
+    services.miniflux = {
+      enable = true;
+      adminCredentialsFile = cfg.adminCredentialsFile;
+      # TODO: setup metrics collection
+      config = {
+        LISTEN_ADDR = "127.0.0.1:${toString cfg.privatePort}";
+        BASE_URL = "https://reader.${domain}/";
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+
+      virtualHosts = {
+        "reader.${domain}" = {
+          forceSSL = true;
+          enableACME = true;
+
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
+          };
+        };
+      };
+    };
+  };
+}