diff --git a/modules/vars.nix b/modules/vars.nix
index 968e893..9af24a0 100644
--- a/modules/vars.nix
+++ b/modules/vars.nix
@@ -82,6 +82,14 @@
     port = "8080";
   };
 
+  vikunja = {
+    db = "vikunja";
+    dbport = "33061";
+    domain = "notes.mc-fucker.cool";
+    apiport = "3456";
+    frontendport = "9123";
+  };
+
   zabbix = {
     domain = "zbx.mc-fucker.cool";
     db = "zabbix";
diff --git a/modules/vikunja.nix b/modules/vikunja.nix
new file mode 100644
index 0000000..6202b3f
--- /dev/null
+++ b/modules/vikunja.nix
@@ -0,0 +1,87 @@
+{ config, lib, ... }:
+let
+  cfg = import ./vars.nix;
+  db = "vikunja";
+  dbport = cfg.vikunja.dbport;
+  db_host = cfg.podman.hostIP;
+  frontendport = cfg.vikunja.frontendport;
+  apiport = cfg.vikunja.apiport;
+  domain = cfg.vikunja.domain;
+in
+{
+  sops.secrets."vikunja/db" = {};
+  sops.secrets."vikunja/secret" = {};
+
+  imports = [
+    ./podman-mariadb.nix    # for the database
+    ./nginx.nix             # for the webserver
+  ];
+
+  services.podman-mariadb."vikunja" = {
+    enable = true;
+    #image = "docker.io/library/postgres:15-alpine";
+    port = (lib.strings.toInt dbport);
+    passwordFile = config.sops.secrets."vikunja/db".path;
+  };
+
+  virtualisation.oci-containers.containers.vikunja-api = {
+    image = "docker.io/vikunja/api";
+    environment = {
+      TZ = "Europe/Berlin";
+      VIKUNJA_SERVICE_TIMEZONE = "Europe/Berlin";
+      VIKUNJA_DATABASE_HOST = "${db_host}:${dbport}";
+      VIKUNJA_DATABASE_DATABASE = db;
+      VIKUNJA_DATABASE_USER = db;
+      VIKUNJA_DATABASE_TYPE = "mysql";
+      VIKUNJA_DATABASE_PASSWORD = builtins.readFile config.sops.secrets."vikunja/db".path;
+      VIKUNJA_SERVICE_JWTSECRET = builtins.readFile config.sops.secrets."vikunja/secret".path;
+      VIKUNJA_SERVICE_FRONTENDURL = "https://${domain}/";
+      VIKUNJA_SERVICE_ENABLEREGISTRATION = "false";
+      VIKUNJA_MAILER_ENABLED = "true";
+      VIKUNJA_MAILER_HOST = cfg.mail.host;
+      VIKUNJA_MAILER_PORT = cfg.mail.port;
+      VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED = "true";
+      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME = "true";
+      VIKUNJA_DEFAULTSETTINGS_WEEK_START = "1";
+      VIKUNJA_DEFAULTSETTINGS_LANGUAGE = "de";
+    };
+    ports = [
+      "${apiport}:${apiport}"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    volumes = [
+      "/var/lib/vikunja/files:/app/vikunja/files"
+      "/var/lib/vikunja/config.yml:/app/vikunja/config.yml:ro"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.vikunja-frontend = {
+    image = "docker.io/vikunja/frontend";
+    environment = {
+      TZ = "Europe/Berlin";
+      #VIKUNJA_API_URL = "http://${cfg.podman.hostIP}:${apiport}/api/v1";
+    };
+    ports = [
+      "${frontendport}:80"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${frontendport}";
+    };
+    locations."~* ^/(api|dav|\.well-known)/" = {
+      proxyPass = "http://localhost:${apiport}";
+      extraConfig = "client_max_body_size 20M;";
+    };
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+    '';
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:
diff --git a/systems/mc6/configuration.nix b/systems/mc6/configuration.nix
index 9ae1a2a..31a41a3 100644
--- a/systems/mc6/configuration.nix
+++ b/systems/mc6/configuration.nix
@@ -14,8 +14,8 @@
     ./modules/gitea.nix
     #./modules/update-postgresql.nix
     #./modules/k3s/server.nix
-    ./modules/orangefs.nix
     ./modules/bookstack.nix
+    ./modules/vikunja.nix
   ];
 
   services.rclone.cacheSize = "100G";