diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix
index 30ee16c..a5bd41f 100644
--- a/hosts/nixos/HandlerOne/default.nix
+++ b/hosts/nixos/HandlerOne/default.nix
@@ -42,6 +42,7 @@
 
       # Hosted services
       "modules/services/the-nest"
+      "modules/services/mealie"
       "modules/services/actualbudget"
       "modules/services/frigate"
       "modules/services/homebox"
diff --git a/modules/services/mealie/default.nix b/modules/services/mealie/default.nix
new file mode 100644
index 0000000..e82655c
--- /dev/null
+++ b/modules/services/mealie/default.nix
@@ -0,0 +1,41 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+let
+  sopsFolder = inputs.nix-secrets + "/sops";
+in
+{
+
+  services.caddy.virtualHosts."mealie.wanderingcrow.net".extraConfig = ''
+    reverse_proxy http://localhost:9000
+  '';
+  sops.secrets = {
+    "mealie/oidc/client" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+    "mealie/oidc/secret" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+  };
+  sops.templates."mealie-env".content = ''
+    OIDC_CONFIGURATION_URL=https://auth.wanderingcrow.net/.well-known/openid-configuration
+    OIDC_CLIENT_ID=${config.sops.placeholder."mealie/oidc/client"}
+    OIDC_CLIENT_SECRET=${config.sops.placeholder."mealie/oidc/secret"}
+    OIDC_ADMIN_GROUP=admins
+  '';
+  services.mealie = {
+    enable = true;
+    settings = {
+      BASE_URL = "https://mealie.wanderingcrow.net";
+      ALLOW_SIGNUP = false;
+      ALLOW_PASSWORD_LOGIN = false;
+      DB_ENGINE = "sqlite";
+      OIDC_AUTH_ENABLED = true;
+      OIDC_SIGNUP_ENABLED = true;
+      OIDC_PROVIDER_NAME = "Pocket ID";
+    };
+  };
+}