diff --git a/configs/secrets/secrets.yaml b/configs/secrets/secrets.yaml
index bb36b27..5fd2ee9 100644
--- a/configs/secrets/secrets.yaml
+++ b/configs/secrets/secrets.yaml
@@ -4,6 +4,8 @@ cwp_jira_pat: ENC[AES256_GCM,data:+4VnPikwuSPHdPj9xihuFeht1FPYdZHcHxYNjKMwU2MU7V
 gemini_api_key: ENC[AES256_GCM,data:Kh1Kya8O6lqN0MMK1OMn/BHw51XDOAroSrOL3h4K8r6VorAwHTZw,iv:Gxg13mHBID7Gv4du+484IF1q7LFOCvtyzWMHG+IBUVM=,tag:jcjmKveybkET4RFOV4F8PQ==,type:str]
 rafiq:
     password: ENC[AES256_GCM,data:jzCXis5eIJpbWjsPMDVNZvMCbqp7QCUd7Drya0Al3QO0ExsoE6CNVzrbw4AyvKEgiUd0y9a5rKiwUBwGUoYVwxK0tkrOnB37+g==,iv:SsQIUB8OxgnxvjAyrfZzgEdGbaGGrL7zVwO5Of9D/Xw=,tag:iHNY8+nI9RnuM58SmGrV6Q==,type:str]
+services:
+    wakapi_password_salt: ENC[AES256_GCM,data:HwyQhdxFvzMgoZNGjyockh6bXnh/lvV6sZHiqAdJTas=,iv:hwgpLtntjphf0OnVO+TBElYRvZpsoQdp37nuYKRRo8c=,tag:l+7M2RqoB68IvBi3LXlw9g==,type:str]
 sops:
     age:
         - recipient: age12l33pas8eptwjc7ewux3d8snyzfzwz0tn9qg5kw8le79fswmjgjqdjgyy6
@@ -42,7 +44,7 @@ sops:
             TktUSFpxTXdKMUhFQ1BOMmR1VVFWNVkKwy3T9QCsg6gXZilufMtbls0HB5of38Pr
             YPzVeadsYlglg3/gBtDP4WyKBwYOQks2BbMTijqlMXBIl5JP7odVuw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-06T08:16:09Z"
-    mac: ENC[AES256_GCM,data:yQKGknVO8HEfYqmbINBro7gXePyjInx7jGhLTbsAoXLyxJuUQHAbieswAeLkTLgBqyfeAQHjYHro+s9eDPDitEi+/5fP/uLHK1HqyqZC9cAH35+8Th70hKxP7GAie9FQGkgcHYZYGe9nqFKHWwqu//l3UmdIdsnnxgC5dxnX2PI=,iv:E2a4GHVfXI6aGEsmkU9p7LRktPPJRUnYBgM9Qd3VayE=,tag:ot1AgSR+wzSD1orOnhROQQ==,type:str]
+    lastmodified: "2025-04-10T08:40:12Z"
+    mac: ENC[AES256_GCM,data:VW73D6gTk+baPMlrZ8xkQ56VeuNPfxgzHr4T82SWXBS/Wn99a1SxWucATjhAeh6rHW9i25+v0S+aTCDHlJmcUxSC3cDLqbp2yXLfZHqvXl+H/4xh9KPSfDgq5K42N5OfTbaFH/o4xa7pw3komYmxalIsodZBmkhkEP8t5fevIwo=,iv:xE5MNTkpaGjYaG7RkzH14VDrA/b7dYuyTfYreOm20zQ=,tag:UKu+ejycVRjhaZpLaOLP+w==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.1
diff --git a/configs/security.nix b/configs/security.nix
index 94b22c2..7bb03a8 100644
--- a/configs/security.nix
+++ b/configs/security.nix
@@ -9,6 +9,7 @@
     age.sshKeyPaths = [ "/home/rafiq/.ssh/id_ed25519" ];
     secrets = {
       "rafiq/password".neededForUsers = true;
+      "services/wakapi_password_salt" = { };
       ts_auth_key = { };
       cwp_jira_link = { };
       cwp_jira_pat = { };
diff --git a/configs/services.nix b/configs/services.nix
index ea313c2..026a7df 100644
--- a/configs/services.nix
+++ b/configs/services.nix
@@ -1,5 +1,6 @@
 {
   imports = [
     ./services/glance.nix
+    ./services/wakapi.nix
   ];
 }
diff --git a/configs/services/wakapi.nix b/configs/services/wakapi.nix
new file mode 100644
index 0000000..6900371
--- /dev/null
+++ b/configs/services/wakapi.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  services.wakapi = {
+    enable = true;
+    passwordSaltFile = config.sops.secrets."services/wakapi_password_salt".path;
+    settings = {
+      server = {
+        listen_ipv4 = "0.0.0.0";
+        listen_ipv6 = "-";
+        port = 3000;
+      };
+    };
+  };
+}