diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 5640eed..3575043 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -156,6 +156,27 @@ in {
       openFirewall = true;
     };
     lldpd.enable = true;
+    mealie = {
+      enable = true;
+      credentialsFile = config.sops.secrets.mealie.path;
+      listenAddress = "0.0.0.0";
+      port = 9000;
+      settings = {
+        ALLOW_SIGNUP = "false";
+        BASE_URL = "https://mealie.${home_domain}";
+        DATA_DIR = "/var/lib/mealie";
+        DB_ENGINE = "postgres";
+        POSTGRES_USER = "mealie";
+        POSTGRES_DB = "mealie";
+        POSTGRES_SERVER = "localhost";
+        POSTGRES_PORT = config.services.postgresql.settings.port;
+        SMTP_HOST = "localhost";
+        SMTP_PORT = 25;
+        SMTP_FROM_NAME = "Mealie";
+        SMTP_FROM_EMAIL = "mealie@${home_domain}";
+        SMTP_AUTH_STRATEGY = "NONE";
+      };
+    };
     nextcloud = {
       enable = true;
       hostName = "nextcloud.home.technicalissues.us";
@@ -297,6 +318,16 @@ in {
             send_timeout       600s;
           '';
         };
+        "mealie.${home_domain}" = {
+          listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+          locations."/".proxyPass = "http://${backend_ip}:9000";
+          extraConfig = ''
+            client_max_body_size 10M;
+          '';
+        };
         "nc.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;
@@ -358,6 +389,7 @@ in {
     };
     resolved.enable = true;
     restic.backups.daily.paths = [
+      config.services.mealie.settings.DATA_DIR
       config.services.nextcloud.home
       "${config.users.users.${username}.home}/compose-files/tandoor"
       "${config.users.users.${username}.home}/compose-files/wallabag"
@@ -407,6 +439,7 @@ in {
         owner = "${username}";
         path = "/home/${username}/.private-env";
       };
+      mealie.mode = "0444";
       nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
       tandoor_db_pass.mode = "0444";
       tandoor_db_pass.path = "/orico/tandoor-recipes/.dbpass";
@@ -416,6 +449,10 @@ in {
   };
 
   systemd.services = {
+    "mealie" = {
+      requires = ["postgresql.service"];
+      after = ["postgresql.service"];
+    };
     "nextcloud-setup" = {
       requires = ["postgresql.service"];
       after = ["postgresql.service"];
diff --git a/modules/hosts/nixos/nixnuc/secrets.yaml b/modules/hosts/nixos/nixnuc/secrets.yaml
index 174ffef..f42306c 100644
--- a/modules/hosts/nixos/nixnuc/secrets.yaml
+++ b/modules/hosts/nixos/nixnuc/secrets.yaml
@@ -1,6 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
 local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+mealie: ENC[AES256_GCM,data:HuO2c5na5r271x98GLqYBP/ME+phH58e2scelEH7F3R+2liLRGK9xCA0ciHLJCo8,iv:bo6hTIsWfnWueRCiLcpxYoiol8oGOoPTHDgPQ7FnYqM=,tag:rHRfIv4vnIjO/eotxYmI/Q==,type:str]
 nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str]
 psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
 tandoor_db_pass: ENC[AES256_GCM,data:X0unx5jquLsUXadbF6xLjjeGY+f8Ec4kdc15JQ==,iv:XptlJHfAkF+3jbgJTqxhVReYjuVVdk3NzfPepP78DRI=,tag:3RG5P9QGCJ/fjdxWpY1xWA==,type:str]
@@ -20,8 +21,8 @@ sops:
             bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
             PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-04T21:34:21Z"
-    mac: ENC[AES256_GCM,data:gL7TbCjZNu3yF8oyEcFr367XymzSYRvltGJPG5jK/nbztKFV72Fl2gpdprch+P67dDxDFoJL1NvDDmHt6yM0WfdDPJS/ivMlgi9Sg5ZG2S5OyBBUxDbkp/6BXwJQ9eY72ee3SmufE+cTjUNF0ANxueznHpFhXLp/1Fj9TixgHM4=,iv:s2cE9lrjNvuYT96WXOJZaAomt3VWIzHFQqPncZyydhk=,tag:MGI4OmNfEDSB8jE7wxDamQ==,type:str]
+    lastmodified: "2024-07-14T20:03:31Z"
+    mac: ENC[AES256_GCM,data:HBQLqcgvYQMgI9gsaWHeO/aaU1BAB94S/Amo2eNiFwbF4Fv75Leb+7tA/Us4WrsVpjAPCNL8rz6bB8eqqhB3z6WRZPsBaTSNcw0zD+CMevviMrTvXI2LDrQKbuKBXbUQrr++Yfwasw47XstdpeqlBsr7vwqTXN9uBiGAEN6pMyw=,iv:StSyeRw528BlMGVxDHFqth7DSWp2p2PGJv8/Ud8rKVc=,tag:TIPiIkmwzi3GpqWnSfI40A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1