diff --git a/flake.lock b/flake.lock
index 9550776..30f9def 100644
--- a/flake.lock
+++ b/flake.lock
@@ -198,11 +198,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1652168810,
-        "narHash": "sha256-84F11nA1dixXi2wKXYNQxJuDjirXZxoz9LnWzh72Jw4=",
+        "lastModified": 1652405436,
+        "narHash": "sha256-+B05vhYU64vIs2r0h+43qnI19eA20J48I3qv/bisIWY=",
         "owner": "jyooru",
         "repo": "nix-minecraft-servers",
-        "rev": "346324ed142697c44cbb0f3fcfadf6e84be9281e",
+        "rev": "9f8da33e00fbf9f0d9e28d8d87c792ff6980dc11",
         "type": "github"
       },
       "original": {
@@ -281,16 +281,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1652302275,
-        "narHash": "sha256-OFhH+klAOesP+nhEM5icPOxfwv6MD4RB4hikewIS3yE=",
-        "owner": "nixos",
+        "lastModified": 1652543897,
+        "narHash": "sha256-KOXHQQKEw20XuBqOk0m06T44m7PhgxyBdxdy5A8Zq/4=",
+        "owner": "NULLx76",
         "repo": "nixpkgs",
-        "rev": "2b6405afa8a67dc12eb0f6989e85b5d80c7d25e4",
+        "rev": "d14aae0cf608a325a717bb4d617d69bac934dfae",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
-        "ref": "master",
+        "owner": "NULLx76",
+        "ref": "fix-hedgedoc",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 893eac1..154e1c6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,7 +7,8 @@
 
   inputs = {
     deploy-rs.url = "github:serokell/deploy-rs";
-    nixpkgs.url = "github:nixos/nixpkgs/master";
+    # nixpkgs.url = "github:nixos/nixpkgs/master";
+    nixpkgs.url ="github:NULLx76/nixpkgs/fix-hedgedoc";
     serokell-nix.url = "github:serokell/serokell.nix";
     vault-secrets.url = "github:serokell/vault-secrets";
     minecraft-servers.url = "github:jyooru/nix-minecraft-servers";
diff --git a/hosts.nix b/hosts.nix
index f88bd49..1fba214 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -107,11 +107,11 @@
     ip = "10.42.42.22";
     mac = "DE:5F:B0:83:6F:34";
   }
-  # {
-  #   hostname = "TBD";
-  #   ip = "10.42.42.23";
-  #   mac = "AA:AA:AA:AA:AA:AA";
-  # }
+  {
+    hostname = "hedgedoc";
+    ip = "10.42.42.23";
+    mac = "86:BC:0C:18:BC:9B";
+  }
   {
     hostname = "zmeura";
     ip = "10.42.42.24";
diff --git a/nixos/hosts/hedgedoc/configuration.nix b/nixos/hosts/hedgedoc/configuration.nix
new file mode 100644
index 0000000..82f398a
--- /dev/null
+++ b/nixos/hosts/hedgedoc/configuration.nix
@@ -0,0 +1,78 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ lib, config, pkgs, inputs, ... }:
+let
+  db_name = "hedgedoc";
+  db_user = "hedgedoc";
+  vs = config.vault-secrets.secrets;
+in
+{
+  imports = [ ];
+
+  networking.hostName = "hedgedoc";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  environment.noXlibs = lib.mkForce false;
+
+  networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.configuration.port ];
+
+  vault-secrets.secrets.hedgedoc = { };
+
+  services.postgresql =
+    {
+      enable = true;
+      package = pkgs.postgresql_13;
+      ensureDatabases = [ db_name ];
+      # authentication = "host ${db_name} ${db_user} 127.0.0.1/32 trust";
+      ensureUsers = [
+        {
+          name = db_user;
+          ensurePermissions = { "DATABASE ${db_name}" = "ALL PRIVILEGES"; };
+        }
+      ];
+    };
+
+  services.hedgedoc = {
+    enable = true;
+    environmentFile = "${vs.hedgedoc}/environment";
+    configuration = {
+      host = "0.0.0.0";
+      port = 3000;
+      sessionSecret = "$SESSION_SECRET";
+      domain = "md.0x76.dev";
+      protocolUseSSL = true;
+      hsts.enable = true;
+      allowOrigin = [
+        config.services.hedgedoc.configuration.domain
+        "hedgedoc"
+      ];
+      allowEmailRegister = false;
+      imageUploadType = "minio";
+      db = {
+        dialect = "postgres";
+        username = db_user;
+        database = db_name;
+        host = "/run/postgresql";
+      };
+      s3bucket = "hedgedoc";
+      minio = {
+        secure = false;
+        endPoint = "minio.olympus";
+        accessKey = "$MINIO_ACCESS_KEY";
+        secretKey = "$MINIO_SECRET_KEY";
+      };
+    };
+  };
+}
diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix
index 4cfe86c..f96fa16 100644
--- a/nixos/hosts/nginx/configuration.nix
+++ b/nixos/hosts/nginx/configuration.nix
@@ -38,7 +38,7 @@ in
     # Reverse Proxies
     virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
     virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
-    # virtualHosts."analytics.0x76.dev" = proxy "http://plausible.olympus:8000/";
+    virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
     virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
 
     # Kubernetes endpoints