diff --git a/configuration.nix b/configuration.nix
index 5062c44..8928c49 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@ in
     ./resources/limits.nix
     ./videomeet/jitsi.nix
     ./git/gitea.nix
+    ./local/services/wiki-js.nix
   ];
 
   nixpkgs.overlays = [ (nix-overlay) ];
diff --git a/local/services/wiki-js.nix b/local/services/wiki-js.nix
new file mode 100644
index 0000000..168fd55
--- /dev/null
+++ b/local/services/wiki-js.nix
@@ -0,0 +1,30 @@
+{ lib, ... }:
+{
+  systemd.services.wiki-js = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };
+
+  services.postgresql = {
+    enable = lib.mkOverride 1100 true;
+    ensureDatabases = [ "wiki" ];
+    ensureUsers = [
+      { name = "wiki-js";
+        ensurePermissions."DATABASE wiki" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  services.wiki-js = {
+    enable = true;
+    settings = {
+      bindIP = "127.0.0.1";
+      port = 3010;
+      db = {
+        host = "/run/postgresql";
+        user = "wiki-js";
+      };
+    };
+    stateDirectoryName = "wiki-js";
+  };
+}
diff --git a/webserver/nginx.nix b/webserver/nginx.nix
index cdd6936..418142b 100644
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@@ -150,6 +150,41 @@ in
           };
         };
       };
+      "wiki.${domain}" = {
+        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
+        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+        root = "/var/empty";
+        forceSSL = true;
+        extraConfig = ''
+          add_header Strict-Transport-Security $hsts_header;
+          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+          add_header 'Referrer-Policy' 'origin-when-cross-origin';
+          add_header X-Frame-Options DENY;
+          add_header X-Content-Type-Options nosniff;
+          add_header X-XSS-Protection "1; mode=block";
+          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+          expires 10m;
+        '';
+        locations = {
+          "/_assets/" = {
+            extraConfig = ''
+              alias ${pkgs.wiki-js}/assets/;
+              try_files $uri =404;
+              expires 7d;
+              access_log off;
+              log_not_found off;
+            '';
+          };
+          "/" = {
+            proxyPass = "http://127.0.0.1:3010";
+            extraConfig = ''
+              proxy_http_version 1.1;
+              proxy_set_header   Upgrade $http_upgrade;
+              proxy_set_header   Connection "upgrade";
+            '';
+          };
+        };
+      };
     };
   };
 }