diff --git a/TODO.md b/TODO.md
index 550d0ee..2d63732 100644
--- a/TODO.md
+++ b/TODO.md
@@ -14,6 +14,7 @@
 - Cleanup the line between hardware-configuration.nix and configuration.nix in machine config
 - CI https://gvolpe.com/blog/nixos-binary-cache-ci/
 - remove `options.currentSystem`
+- allow `hostname` option for webservices to be null to disable configuring nginx
 
 ### NAS
 - helios64 extra led lights
diff --git a/common/server/default.nix b/common/server/default.nix
index 1a9ab4a..9bfc809 100644
--- a/common/server/default.nix
+++ b/common/server/default.nix
@@ -14,5 +14,6 @@
     ./radio.nix
     ./samba.nix
     ./cloudflared.nix
+    ./owncast.nix
   ];
 }
\ No newline at end of file
diff --git a/common/server/owncast.nix b/common/server/owncast.nix
new file mode 100644
index 0000000..24a403c
--- /dev/null
+++ b/common/server/owncast.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+
+with lib;
+
+let
+  cfg = config.services.owncast;
+in {
+  options.services.owncast = {
+    hostname = lib.mkOption {
+      type = types.str;
+      example = "example.com";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.owncast.listen = "127.0.0.1";
+    services.owncast.port = 62419; # random port
+
+    networking.firewall.allowedTCPPorts = [ cfg.rtmp-port ];
+
+    services.nginx.enable = true;
+    services.nginx.virtualHosts.${cfg.hostname} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString cfg.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
\ No newline at end of file
diff --git a/machines/ponyo/configuration.nix b/machines/ponyo/configuration.nix
index b2e4fbf..1a12b50 100644
--- a/machines/ponyo/configuration.nix
+++ b/machines/ponyo/configuration.nix
@@ -166,4 +166,7 @@
       rewrite ^/(.*)$ https://github.com/GoogleBot42 redirect;
     '';
   };
+
+  services.owncast.enable = true;
+  services.owncast.hostname = "live.neet.dev";
 }
\ No newline at end of file