diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index cdc1854..9c5fe21 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -71,15 +71,6 @@ in
     ];
   };
 
-  services.miniflux = {
-    enable = true;
-    config = {
-      CLEANUP_FREQUENCY = "48";
-      LISTEN_ADDR = "localhost:8080";
-    };
-    adminCredentialsFile = "/var/lib/miniflux/admin-credentials";
-  };
-
   environment.systemPackages = with pkgs; [
     chromium
     ghostscript
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 3928d3a..834470e 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -10,6 +10,7 @@
   headphones = import ./headphones.nix;
   homepage = import ./homepage.nix;
   kanboard = import ./kanboard;
+  miniflux = import ./miniflux.nix;
   networking = import ./networking.nix;
   nix = import ./nix.nix;
   nixpkgs = import ./nixpkgs.nix;
diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix
new file mode 100644
index 0000000..6afc735
--- /dev/null
+++ b/nixos/modules/miniflux.nix
@@ -0,0 +1,39 @@
+{ config, lib, ... }:
+let
+  cfg = config.dadada.miniflux;
+  domain = "miniflux.${config.networking.domain}";
+  adminCredentialsFile = "miniflux-admin-credentials";
+in
+{
+
+  options.dadada.miniflux = {
+    enable = lib.mkEnableOption "Enable miniflux RSS aggregator";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.miniflux = {
+      enable = true;
+      config = {
+        CLEANUP_FREQUENCY = "48";
+        LISTEN_ADDR = "localhost:8080";
+      };
+      adminCredentialsFile = config.age.secrets.${adminCredentialsFile}.path;
+    };
+
+    services.nginx.virtualHosts.${domain} = {
+      enableACME = true;
+      forceSSL = true;
+
+      locations."/".extraConfig = ''
+        proxy_pass http://localhost:8080/;
+      '';
+    };
+
+    age.secrets.${adminCredentialsFile} = {
+      file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age";
+      owner = config.systemd.services.miniflux.serviceConfig.User;
+      group = "root";
+      mode = "0700";
+    };
+  };
+}
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
new file mode 100644
index 0000000..146c443
--- /dev/null
+++ b/nixos/modules/profiles/base.nix
@@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  security.acme = {
+    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+}
diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix
index 8713a41..ad8a84c 100644
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@@ -6,6 +6,7 @@
 with lib; {
   imports = [
     ./backup.nix
+    ./base.nix
   ];
 
   networking.domain = mkDefault "dadada.li";
diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix
index 2f34704..42740d0 100644
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@@ -6,6 +6,7 @@
 with lib; {
   imports = [
     ./backup.nix
+    ./base.nix
   ];
 
   networking.domain = mkDefault "dadada.li";
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index b0a4d6b..f80b215 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -41,6 +41,7 @@ in
 
   dadada.element.enable = true;
   dadada.gitea.enable = true;
+  dadada.miniflux.enable = true;
   dadada.weechat.enable = true;
   dadada.homePage.enable = true;
   dadada.share.enable = true;
@@ -65,11 +66,6 @@ in
     ];
   };
 
-  security.acme = {
-    defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
-    acceptTerms = true;
-  };
-
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age
index 0ce1af6..c4e6b96 100644
Binary files a/secrets/agares-backup-passphrase.age and b/secrets/agares-backup-passphrase.age differ
diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age
index 796ea32..99b3652 100644
Binary files a/secrets/agares-backup-ssh-key.age and b/secrets/agares-backup-ssh-key.age differ
diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age
index 1d64081..eebc180 100644
--- a/secrets/gorgon-backup-passphrase.age
+++ b/secrets/gorgon-backup-passphrase.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 0aOabg MxtQYFyYyErJW0Uaelu02iRAoksaVDsZD+55ADoNphE
-pA0OKXbqXrNWwbc52exj22cbMsFVCjk6hwp7KeWYyyA
--> ssh-ed25519 Otklkw c/v7Ux1D4FtdIa0fzoEkGJSH+/bexN1nJUfLg1Ym7lA
-Bi1cIh9wjppaBSpTLh7HdpJX+ZcGOLDjxaDUJXbJ6+I
--> s2,Qn0%_-grease pZM*A 1(
-4W6WjHNho1bIzpd+IFh6fHQgo+3d5FK+RO5TOZw+T6A211bvOCoHG0LBZfpohqKy
-Q6zFhrMxOtWTne8uvX5hm9yXV2+cd6EbxOuk
---- ZFD001UDd7ZmLNT8tG8ecnVIF0UgW0YQhh15dgUjVJI
-XéËÝÁã©-KÕA—üsß¿Î,u-KYo¨ëÚHóÍV$Ba¨¢…à·ú^…À]Kã:UMfwß;+7.#ÑJ^'æ W–GÅFø
\ No newline at end of file
+-> ssh-ed25519 0aOabg 9925sO5KCINg9I0lFyD7I83Q/inYVtVvtzskAo0UnW4
+7WrwhYtGh4tGV1MOMN5Ok/1xqOy0mek2SOjC3gQvPOI
+-> ssh-ed25519 Otklkw l+H64LT7yh+tXhBqxkI+C+U6/6boKV41YVay2cGLNX8
+nCsvh1IIFiQDeNjdkurHwxT0VEZt8yBkvQoYKacZB7g
+-> SZr0-grease
+AVV51s2iYes+DKhlYlNDzaXs7BPXaqwzjJLzMapEK31iuOs7mRKK
+--- NlKhbaqBp78g2+PLSHhm4RE2CT40JFxEIpQCrNwAtsI
+ôCÞŽø ðè‚urY—#Êç(ËþC  Ä{$q2{0;<kà×R¹(ïùÃ”“{ÖŒÜRÒ³›OŸ¥Hç}%G·}
+áZ„d‘=…=Ú»
\ No newline at end of file
diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age
index 87fbe17..de60b08 100644
Binary files a/secrets/gorgon-backup-ssh-key.age and b/secrets/gorgon-backup-ssh-key.age differ
diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age
index ceeadef..8245d99 100644
Binary files a/secrets/hydra-github-authorization.age and b/secrets/hydra-github-authorization.age differ
diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age
index 9caba1a..1ab7e0e 100644
Binary files a/secrets/ifrit-backup-passphrase.age and b/secrets/ifrit-backup-passphrase.age differ
diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age
index 8d5aba8..2f26c38 100644
Binary files a/secrets/ifrit-backup-ssh-key.age and b/secrets/ifrit-backup-ssh-key.age differ
diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age
new file mode 100644
index 0000000..7efca8c
--- /dev/null
+++ b/secrets/miniflux-admin-credentials.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 jUOjpw HIvtQ2CaS+Ptl06tKVCwMzoi4UZm0GcNO+dJJjGZm3g
+JZ68fxpbY55B2xMG+QG3yNYMMQgBxtTVMtHoXOqUlrQ
+-> ssh-ed25519 Otklkw kUySbDgMFgWVEwL7rXs15FDISicEMH06qXIxudO/2jY
+VbVX2/4wYojcWm/GKnZAP3uxQygcm6BcNO+iphqIos8
+-> o>]-grease d%oS;Ov l
+
+--- /LWxjPTlr/au9B1Kn6+apBZnTROxCqs8WKmtPINbDko
+t/0‡Ðc®ì—Ü#Nþãß¦äé@Íù¶±\ß3åi,5²á3Avæ¶mrœw*ÒµÒ;þ«$•¥áŸtƒaåä¤î£‰îMg®éñÆµaæÉô
\ No newline at end of file
diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age
index 482c190..8762e91 100644
--- a/secrets/pruflas-backup-passphrase.age
+++ b/secrets/pruflas-backup-passphrase.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 IXCPDQ VpRlsUErxZEZErq6I00VT68UmldZxwvNUNThtyHk018
-P73fCgVg9K9ZFdvl3Zrmm1GGcTlDLi5mfsEcHxCbcJk
--> ssh-ed25519 Otklkw p06KPkqvFXvB07/yXkZmSzmzZASA2IJpNCY3hKqnUVo
-e6O2NH4KVtqPQfew4++pprbcHANsvemybeqB9SEhEYI
--> q%f1-grease dRH3(# Y)tQV [: \xNgmi4+
-QKbFPHhDVSUTqidH0FrlhCMqoKT/ySgPXSAMVEQYVl3aQbBvX6/4nUac
---- 8bt7MoQ9fprGESqngxXUiOdQvCdssgoiF4rUKj6BeS4
-ó‹ƒ‚q·ivý‹Šûµ•ø½UuÉÏ5û–Ë°®Ñ¢+û„nú¹lj¤Ç2x•49žïÆ!0ÎO~%t
\ No newline at end of file
+-> ssh-ed25519 IXCPDQ VbUG0IRip4izfPy6N+F2pqf6x4I+1sNCHBoXIFkeDgc
+6GpwDE1gyZ0ZY1xwxXevfaKbBgxf3ejl5u7tAQy1po8
+-> ssh-ed25519 Otklkw Z5ijymE5Hxf5swuOk3ZMDnnCY58AJDW72Xvtm6PNSRQ
+WfNQD1CQFjddq2HVFzVucYMggZpMFLFrIGhL5iVHFFU
+-> 81Dzfax-grease zDYB
+O0b1HCDGNbuzc8FB0dmmWCGsKn+XaJ0Evs6Fk/fUqnznZ3q0X5ROyNNvMaLhuW3c
+V/q2AhaXNAnTpTr8/v+e
+--- kkf90OQdUMEyJPyQNOVoQauX3RceUvD6eawbr4rYrow
+àîQ|¡®wW¯VØ G¹+*X¶['ÁD‘ñ ææÀóP¡W¡3RX¦€=°Sò£IE©ø	ªÂò¾ÓPU
\ No newline at end of file
diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age
index d8326b0..0d48b91 100644
Binary files a/secrets/pruflas-backup-ssh-key.age and b/secrets/pruflas-backup-ssh-key.age differ
diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age
index bd05039..48f69c7 100644
--- a/secrets/pruflas-wg-hydra-key.age
+++ b/secrets/pruflas-wg-hydra-key.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 IXCPDQ FRY6uw3eRrqUYZcnick1yxcSyEHuWkM6TMkOWPFuq0I
-GLZMQFHoi4eJfbxz8kqECoj7ju0+scyNgWyILwGuJGw
--> ssh-ed25519 Otklkw nznkiropYOdg3MMMEXmRn7GKkb4GycoNtKqsWwhGF3Q
-77AEvdNpqQrppOm4ZQJAM4WPXtE+ekAufBSAMBO9oYY
--> 26-grease Z Sz rY0V d\j0aR[
-f+yb
---- fluVV/qz+D6+MaIbIvzWCDWEhWHjC1TmgsD4FweilGQ
-³µ"ƒSá-‚àÑp&‚àY“HfS»HêU9(Áï}æd°n‡øcU$/Éy&œU0v±Ð##!Æ=ñ©­ÿ·üIÍaád°	l¶
\ No newline at end of file
+-> ssh-ed25519 IXCPDQ uawIdwF9OtTw/T+fxwxkqdCRq64HL1UeMQnWK0u+Z3g
+zEKpu/bdSapYM0piNoqiLNuUit1exx6ZIiXmsEDX8CE
+-> ssh-ed25519 Otklkw ilkLObEIp+/4VfZM8Xt927xh6ZF/dBF+PInbyi6RZC4
+9t65163vGEnbApN4OQ639JNLrwEQHDH0nikou3jHlnc
+-> 0FJN$-grease X!M kI~E|gX
+mGoZVxbAOLq5LXGj9hPjMNLJxUZK4jpYa/wsyiVgkxTm09AUN3tmlYFjhDClpRfT
+Id1zRQ1+
+--- slPVZ1Tqz9Vr2drSyuTarmm0Et9FvjAjsXvR2DSGRPk
+ÏEŠµÖÂ–¶„¡;1ä„Óøà–È‰†­³ûVãJ¾Þ „lj@jò®šAÔ6æv9Ü·0ì•¯×u’Y¬Whžú\yjØü}Ö`#
\ No newline at end of file
diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age
index fdefc94..09d3f43 100644
--- a/secrets/pruflas-wg0-key.age
+++ b/secrets/pruflas-wg0-key.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 IXCPDQ yZsU7q89HVxP6Ldup2noEaGy5+SzFzuMtA4/+4mQfUU
-w1cM4NXL+M9RjRjuYswEWYhtiWPgjlJEdwm9wQ9GF5Q
--> ssh-ed25519 Otklkw O8jQnBDmaBnKLHU4nAIeRwkXE3ovdw7Y6vmZcmwqpUc
-rM5wbfCSQhA0wxfRPVLB7dVl8L8aiB9eWhTX/ARV1YE
--> pJ-grease ~4C{og l_
-pXTBa1xB/KJU5w
---- +w4Zc/+fVRky0Nzu0R9cc1MKAOgig1swtCLDrb6M4WM
-³_Í LJ´îŽîÕïú²pÆB„´ûÓ$Ÿ£fÓ’xw}îAÕÎ6Þ¤6°P²Æ-{+öE±þÜ[FßÖaýWœ,ØÂ…Žl¶­Ž&
\ No newline at end of file
+-> ssh-ed25519 IXCPDQ Qg6xQfJx/eBP+UkFRGoH/GJf4z8/DN4YVVZm58woLH4
+0VRw46oFMdPXyZZfuWSfWAwcprKKUj/O+8pURvrRdYg
+-> ssh-ed25519 Otklkw y0cWlk4UO1NmKfTOVJF4z6QcKO96sLnw3NuuCNEZzC4
+3bvuqHug5Rsi69tM1kUnEDIZjJLsbqKt9UsEsQ36Xg4
+-> /-grease 5B 9m!v/n_
+Ye655SZ1lLXBsz3ST95H7SqG3+CYNpiF/X5jm8BoTkATh25f6011oYyzfja8DI9V
+bDPP/4qtq1IaNtOarW4
+--- SF8+5srzcd3gzC0/pCC90QFIAyfX98B33/Vu6xAFVok
+8HÞŠ3Ú˜:Žƒ?¹ßŽ"6Ì”hg‰ôhû‹-½Ðm¢§–4ÄŽÿXKÇ`"Ã™3‡šmNY¿ ²õ'ÄlçÛ\µH¶‘«$¹E
\ No newline at end of file
diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age
index 2756e64..37749a7 100644
--- a/secrets/pruflas-wg0-preshared-key.age
+++ b/secrets/pruflas-wg0-preshared-key.age
@@ -1,10 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 IXCPDQ Q0ETN6DFshfo+YouSf/YWX7u8otnnAqZr/Y7qxCRiTI
-5LVB4bzpysObZJkmJJw2kgE57lZKs2XA8BVSwS7y/VM
--> ssh-ed25519 Otklkw Lgo+x/ODCP6e3SHg2rZVNNLZkHCCT7YMC7MT0Fa4dHc
-bX+Bja0SeGBzNQS3vUGj+GVDAYVTgyGQtPw5I0DWPdU
--> 7&'U\;\-grease ot 7f'PU3CA
-O2UHtKXSTN5TrfVh7ROQ8x9YLynOFvrxK+1kSW42hGbTstOdhBAlNfKMdiIM4Itn
-k7Jshx6UTqa8dF8QIw2cme0jFkF8JUioj7uQuusGBG/WZg
---- Wau438nNnP4srJ16gRGC/9jUdCB6TjBgxc2kZVRsvn0
-´fÛð¯m7¬ºöÛã\ûÐVÚÚhðê¥ëMeöm¾^õ?EkfPû7ÔÄh¥ôäu]ÝnÅ+n.>†É<dOñ¡|Çn_k&»ÄÊo
\ No newline at end of file
+-> ssh-ed25519 IXCPDQ 26Tx0J994O7tNFH/Du/0+aXIm2Piv/E3XR+3S6zi53E
+/gQsKKxvXxGZ3Ij2SDlDwVQ7l+dP49OSXjGksd4jxs4
+-> ssh-ed25519 Otklkw TDSrNWf7714IaGoiCWVeUkzRvlL5GY6jPXdRFTEVkQY
+IXWZf+V/3l1Z96pkepS7e26YAGxA5tXczBT19Ate0Qc
+-> B2G_Mqi-grease C(c0D U|eF%E NI[cL Hcv>G;E;
+tn4gxjXc36nwxhH/+27mr75yL/bEMtrzycrNseEDBa/spBI0zKX6Kaqvo002kJ0O
+ZoBuqZtD0C7aSFuJnThgvEdoezY4+poRGc7qs9eM
+--- 5nN5k3/r28YT65sq5yG32gU/l9C0Edq1LeBt+DTWvOY
+–¬h0uò&bÇÃýÝ…’ÃÝâ®4™iâpé¹q¦&A(ü¤Y†ËQ~L»ŽÜ»ÄÊ'•EÎ’#)
+O³å[}­ÑIÜ O@Ü
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index d10ec43..b236900 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,6 +17,7 @@ in
   "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
   "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ];
   "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ];
+  "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
 } //
 backupSecrets "gorgon" //
 backupSecrets "ifrit" //
diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age
index b2ce621..420726b 100644
--- a/secrets/surgat-backup-passphrase.age
+++ b/secrets/surgat-backup-passphrase.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 jUOjpw ikxbgvfWvYiUFTLNy5xUrKC8s1kgan3QIrETluUkmGU
-Y5LQz7aPC4g88U0MkVAoir5CKWpekwJEVZJwdDfW4wk
--> ssh-ed25519 Otklkw QBxsdqftDsU5+DEPH0zj3WSidosaoA6IepyNK+zw/mc
-fbf7lsPi+AIcRBWwe82ZUlmXHsEbN58iV6/jjk7XIcQ
--> qY<-grease A zw lCw
-FJORgHmIMl1Lz71zMvlrCcSTfGb5QEwl6gv0Z3tMurt6gIGiXIs
---- DmTEAWa//clLZyqQlAF9mi7ypBdmhsNC/h9ptJc8m2I
-Žùß|1Ã ëÍ˜âáú%ûHÿµòÄÃ†óqyÅ¦"P€õZãÄ¶[-ê¹„·œ_]‰yÏ æ(Yª¾ËÉí
\ No newline at end of file
+-> ssh-ed25519 jUOjpw u4ifSfdgxQsYbHtedN+O6YYvTAcOfNgUdI9k6GwJ424
+iFE/eNTbfRhDvAZhfbEcqE8HwgWaaymw4SvoMDdjoCo
+-> ssh-ed25519 Otklkw NSp+/vP+bTKUBhuqOO8+0fSpVZWybLCj55BXcKXcsCo
+4nsPRCiW7jsPxdONrfYc+2Nn7IshzIanAJx8z7hGCCU
+-> %)-grease ER#$<QL4 !~[9 l4,_m }h=MMO)
+6JuxshAlOYFuEaXuj/ZA7A
+--- M/x38c2rkmqMXlrA6/9yB1quYVKI/2nqCNGf7hR0Mlw
+àáN|#¶*ƒàÆWÏKM1?fÖ8 :Ví8]*îñÎÓ_—b{´%Å4ï)½ìY#„…%?Q_
\ No newline at end of file
diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age
index 2f99581..b6b4098 100644
Binary files a/secrets/surgat-backup-ssh-key.age and b/secrets/surgat-backup-ssh-key.age differ