diff --git a/common/server/nextcloud.nix b/common/server/nextcloud.nix
index 32c9f7a..124bdaf 100644
--- a/common/server/nextcloud.nix
+++ b/common/server/nextcloud.nix
@@ -6,6 +6,8 @@ let
 
   nextcloudHostname = "runyan.org";
   collaboraOnlineHostname = "collabora.runyan.org";
+  whiteboardHostname = "whiteboard.runyan.org";
+  whiteboardPort = 3002; # Seems impossible to change
 
   # Hardcoded public ip of ponyo... I wish I didn't need this...
   public_ip_address = "147.135.114.130";
@@ -28,7 +30,7 @@ in
         inherit end_to_end_encryption mail spreed;
 
         # For file and document editing (collabora online and excalidraw)
-        inherit richdocuments;
+        inherit richdocuments whiteboard;
 
         # Might use
         inherit calendar qownnotesapi;
@@ -117,5 +119,37 @@ in
           Type = "oneshot";
         };
       };
+
+    # Whiteboard
+    services.nextcloud-whiteboard-server = {
+      enable = true;
+      settings.NEXTCLOUD_URL = "https://${nextcloudHostname}";
+      secrets = [ "/run/agenix/whiteboard-server-jwt-secret" ];
+    };
+    systemd.services.nextcloud-config-whiteboard = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "nextcloud-setup.service" ];
+      requires = [ "coolwsd.service" ];
+      path = [
+        config.services.nextcloud.occ
+      ];
+      script = ''
+        nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
+        nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        EnvironmentFile = [ "/run/agenix/whiteboard-server-jwt-secret" ];
+      };
+    };
+    age.secrets.whiteboard-server-jwt-secret.file = ../../secrets/whiteboard-server-jwt-secret.age;
+    services.nginx.virtualHosts.${whiteboardHostname} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString whiteboardPort}";
+        proxyWebsockets = true;
+      };
+    };
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index edc06be..bdbc2b9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -31,6 +31,7 @@ with roles;
 
   # cloud
   "nextcloud-pw.age".publicKeys = nextcloud;
+  "whiteboard-server-jwt-secret.age".publicKeys = nextcloud;
   "smb-secrets.age".publicKeys = personal ++ media-center;
   "oauth2-proxy-env.age".publicKeys = server;
 
diff --git a/secrets/whiteboard-server-jwt-secret.age b/secrets/whiteboard-server-jwt-secret.age
new file mode 100644
index 0000000..f34c543
--- /dev/null
+++ b/secrets/whiteboard-server-jwt-secret.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 6AT2/g IKBONbSLcU2+HkuAsOv2Hehpx42Euw1arhM4BjNALUQ
+lGKw2+U27LHEDGBrQV9wvcF/uACjyYukFA0Mjbgvfrs
+-> ssh-ed25519 w3nu8g dYRX57rbE8OEZiK1cDJdBhUGyA/9OrhO8RMejU/nh3s
+F0Y+adJD+L+OCVCJ78o1XiS0HkVLceOadqWcKEYxOlk
+--- P3KkdM78M9DiqUOnkgnxd+JwOmFpMTYWDS3FuJZKG3M
+˜§«]Læ=r)†ä#ó™ýšEŽ~_*¥m*Ñò‡RöD`âÐ„VI/—³™¬ÎÝ‚Àâû.]3r{^<5–YZÈX¸‘²¬å¢,,}Úñá|ªzé¸Á
\ No newline at end of file