diff --git a/services/default.nix b/services/default.nix
index 1498830..51e37bf 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -9,6 +9,7 @@
     ./jellyfin.nix
     ./lohr.nix
     ./matrix.nix
+    ./mealie.nix
     ./media.nix
     ./microbin.nix
     ./miniflux.nix
diff --git a/services/mealie.nix b/services/mealie.nix
new file mode 100644
index 0000000..26f3c6e
--- /dev/null
+++ b/services/mealie.nix
@@ -0,0 +1,55 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit
+    (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    ;
+
+  cfg = config.my.services.mealie;
+  my = config.my;
+
+  domain = config.networking.domain;
+  hostname = config.networking.hostName;
+  fqdn = "${hostname}.${domain}";
+in {
+  options.my.services.mealie = let
+    inherit (lib) types;
+  in {
+    enable = mkEnableOption "Mealie";
+    port = mkOption {
+      type = types.port;
+      example = 8080;
+      description = "Internal port for Mealie webapp";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.mealie = {
+      enable = true;
+      listenAddress = "127.0.0.1";
+      port = cfg.port;
+    };
+
+    services.nginx.virtualHosts."mealie.${domain}" = {
+      forceSSL = true;
+      useACMEHost = fqdn;
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}/";
+        proxyWebsockets = true;
+      };
+    };
+
+    security.acme.certs.${fqdn}.extraDomainNames = ["mealie.${domain}"];
+
+    my.services.restic-backup = {
+      paths = ["/var/lib/mealie"];
+    };
+  };
+}