diff --git a/modules/pleroma.nix b/modules/pleroma.nix
new file mode 100644
index 0000000..71c9e55
--- /dev/null
+++ b/modules/pleroma.nix
@@ -0,0 +1,100 @@
+{ config, options, lib, pkgs, stdenv, ... }:
+let
+  cfg = config.services.pleroma;
+in {
+  options = {
+    services.pleroma = with lib; {
+      enable = mkEnableOption "pleroma";
+
+      package = mkOption {
+        type = types.package;
+        default = import ../default.nix { inherit pkgs; };
+        description = "Pleroma package to use.";
+      };
+
+      runMigrationOnStartup = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Run the database migrations on the Pleroma service startup.";
+      };
+
+      dataDir = mkOption {
+        type = types.str;
+        default = "/var/lib/pleroma";
+        description = "Directory storing Pleroma's data.";
+      };
+
+      configuration = mkOption {
+        type = types.str;
+        description = "Pleroma configuration. Will be stored at /etc/pleroma/config.exs.";
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "pleroma";
+        description = "User account under which pleroma runs.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "pleroma";
+        description = "Group account under which pleroma runs.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users = {
+      users."${cfg.user}" = {
+        description = "Pleroma user";
+        createHome = true;
+        home = cfg.dataDir;
+        extraGroups = [ cfg.group ];
+      };
+      groups = {
+        pleroma = {};
+      };
+    };
+
+    environment.systemPackages = [ cfg.package ];
+
+    environment.etc."pleroma/config.exs" = cfg.configuration;
+
+    systemd.services.pleroma = {
+      description = "Pleroma social network";
+      after = [ "network-online.target" "postgresql.service" ];
+      wantedBy = [ "multi-user.target" ];
+      environment = {
+        MIX_ENV = "prod";
+      };
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        Type = "forking";
+        WorkingDirectory = cfg.dataDir;
+
+        # Running the database migration before each service start,
+        # just in case there are some pending ones.
+        #
+        # It's sub-optimal as we'll always run this, even if pleroma
+        # has not been updated. But the no-op process is pretty fast.
+        # Better be safe than sorry migration-wise.
+        ExecStartPre = "${cfg.package}/bin/pleroma_ctl migrate";
+        ExecStart = "${cfg.package}/bin/pleroma daemon";
+        ExecStop = "${cfg.package}/bin/pleroma stop";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
+        # Systemd sandboxing directives.
+        # Taken from the upstream contrib systemd service at
+        # pleroma/installation/pleroma.service
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectSystem = "full";
+        PrivateDevices = false;
+        NoNewPrivileges = true;
+        CapabilityBoundingSet = "~CAP_SYS_ADMIN";
+      };
+    };
+
+  };
+}
diff --git a/readme.md b/readme.md
index 883d001..086d13e 100644
--- a/readme.md
+++ b/readme.md
@@ -26,7 +26,7 @@ run!
 
 ## TODO
 
-- Add NixOS module.
+- Add nginx config in NixOS module.
 
 
 ## Minor Annoyances