diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 62a0f91..4cf0bdb 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -4,6 +4,9 @@
 
 { pkgs, ... }:
 
+let
+  sourcehut-fqdn = "sourcehut.nixos.local";
+in
 {
   imports =
     [ # Include the results of the hardware scan.
@@ -15,6 +18,12 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.hostName = "nixos"; # Define your hostname.
+  networking.extraHosts = ''
+    127.0.0.1 sourcehut.nixos.local
+    127.0.0.1 meta.sourcehut.nixos.local
+    127.0.0.1 man.sourcehut.nixos.local
+    127.0.0.1 git.sourcehut.nixos.local
+  '';
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
   # Configure network proxy if necessary
@@ -214,6 +223,97 @@
     wantedBy = [ "graphical-session.target" ];
   };
 
+  # enable selfhosted sourcehut instance
+  services.sourcehut = {
+    enable = true;
+    git.enable = true;
+    man.enable = true;
+    meta = {
+      enable = true;
+      gunicorn.extraArgs = [
+        "--timeout 120"
+        "--workers 1"
+        "--log-level=info"
+        "--bind [::1]:5000"
+      ];
+    };
+    nginx.enable = true;
+    postgresql.enable = true;
+    redis.enable = true;
+    settings = {
+      "sr.ht" = {
+        environment = "production";
+        global-domain = "${sourcehut-fqdn}";
+        origin = "https://${sourcehut-fqdn}";
+        network-key = "/etc/nixos/secrets/sourcehut/network.key";
+        service-key = "/etc/nixos/secrets/sourcehut/service.key";
+      };
+      "git.sr.ht" = {
+        oauth-client-id = "78d7e221ea540f10";
+        oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
+      };
+      "man.sr.ht" = {
+        oauth-client-id = "man.sr.ht";
+        oauth-client-secret = "/etc/nixos/secrets/sourcehut/man.oauth";
+      };
+      mail = {
+        pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
+        pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
+        pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
+        smtp-from = "mail@${sourcehut-fqdn}";
+      };
+      webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
+    };
+  };
+
+  # security.acme = {
+  #   certs."${sourcehut-fqdn}".extraDomainNames = [
+  #     "meta.${sourcehut-fqdn}"
+  #     "man.${sourcehut-fqdn}"
+  #     "git.${sourcehut-fqdn}"
+  #   ];
+  #   acceptTerms = true;
+  #   defaults.email = "khais.colin+letsencrypt@gmail.com";
+  # };
+
+  security.pki.certificateFiles = [
+    /etc/nixos/secrets/myCA.pem
+  ];
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "${sourcehut-fqdn}" = {
+        default = true;
+        sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
+        sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
+      };
+      "meta.${sourcehut-fqdn}" = {
+        sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
+        sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
+      };
+      "man.${sourcehut-fqdn}" = {
+        sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
+        sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
+      };
+      "git.${sourcehut-fqdn}" = {
+        sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
+        sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
+      };
+    };
+  };
+
+  services.postgresql.enable = true;
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;