diff --git a/common/common.nix b/common/common.nix
index a7f5e5e..540644d 100644
--- a/common/common.nix
+++ b/common/common.nix
@@ -13,6 +13,7 @@
     ./server/icecast.nix
     ./server/nginx-stream.nix
     ./server/matrix.nix
+    ./server/zerobin.nix
     ./pc/de.nix
   ];
 
diff --git a/common/server/zerobin.nix b/common/server/zerobin.nix
index 0723664..34d9d1a 100644
--- a/common/server/zerobin.nix
+++ b/common/server/zerobin.nix
@@ -1,55 +1,29 @@
 { config, pkgs, ... }:
 
 let
-  zerobin_config = pkgs.writeText "zerobin-config.py" ''
-    PASTE_FILES_ROOT = "/var/lib/zerobin"
-  '';
+  cfg = config.services.zerobin;
 in {
-#  services.zerobin = {
-#    enable = true;
-#    listenAddress = "0.0.0.0";
-#    listenPort = 9002;
-#  };
-
-  nixpkgs.config.packageOverrides = pkgs:
-    with pkgs;
-  {
-    python38Packages.cherrypy = python38Packages.cherrypy.overrideAttrs (attrs: rec {
-      src = fetchPypi {
-        pname = "CherryPy";
-        version = "8.9.1";
-        sha256 = "";
-      };
-    });
-  };
-
-  services.nginx.virtualHosts."paste.neet.cloud" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:9002";
+  options.services.zerobin = {
+    host = lib.mkOption {
+      type = lib.types.str;
+      example = "example.com";
+    };
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 33422;
     };
   };
+  config = lib.mkIf cfg.enable {
+    services.zerobin.listenPort = cfg.port;
+    services.zerobin.listenAddress = "localhost";
 
-  users.users.zerobin = {
-    isSystemUser = true;
-    group = "zerobin";
-    home = "/var/lib/zerobin";
-    createHome = true;
-  };
-  users.groups.zerobin = {};
-
-  systemd.services.zerobin = {
-    enable = true;
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig.ExecStart = "${pkgs.python38Packages.zerobin}/bin/zerobin 0.0.0.0 9002 false zerobin zerobin ${zerobin_config}";
-    serviceConfig.PrivateTmp="yes";
-    serviceConfig.User = "zerobin";
-    serviceConfig.Group = "zerobin";
-    preStart = ''
-      mkdir -p "/var/lib/zerobin"
-      chown zerobin "/var/lib/zerobin"
-    '';
+    services.nginx.virtualHosts.${cfg.host} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString cfg.port}";
+        proxyWebsockets = true;
+      };
+    };
   };
 }
diff --git a/machines/mitty/configuration.nix b/machines/mitty/configuration.nix
index 74d9909..b9f47be 100644
--- a/machines/mitty/configuration.nix
+++ b/machines/mitty/configuration.nix
@@ -39,6 +39,11 @@
     hostname = "mitty.neet.dev";
   };
 
+  services.zerobin = {
+    enable = true;
+    host = "paste.neet.cloud";
+  };
+
   security.acme.acceptTerms = true;
   security.acme.email = "letsencrypt+5@tar.ninja";
 }