diff --git a/configuration.nix b/configuration.nix
index d472c2d7..dfc71331 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -11,6 +11,7 @@
       ./hardware-configuration.nix
       ./net-configuration.nix
       ./services-conf/gitea-configuration.nix
+      ./services-conf/jackett-configuration.nix
       ./services-conf/jellyfin-configuration.nix
       ./services-conf/matrix-configuration.nix
       ./services-conf/nginx-configuration.nix
@@ -24,6 +25,7 @@
   nixpkgs.overlays = [
     (self: super: {
       pleroma = super.callPackage ./pkgs/pleroma { };
+      jackett = self.callPackage ./pkgs/jackett { pkgs = super; };
     })
   ];
 
diff --git a/pkgs/jackett/01-fix-bind-host.patch b/pkgs/jackett/01-fix-bind-host.patch
new file mode 100644
index 00000000..d05acbfa
--- /dev/null
+++ b/pkgs/jackett/01-fix-bind-host.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Jackett.Common/Models/Config/ServerConfig.cs b/src/Jackett.Common/Models/Config/ServerConfig.cs
+index 4bd02c42e..49c2d91ff 100644
+--- a/src/Jackett.Common/Models/Config/ServerConfig.cs
++++ b/src/Jackett.Common/Models/Config/ServerConfig.cs
+@@ -102,6 +102,7 @@ namespace Jackett.Common.Models.Config
+ 
+         public string[] GetListenAddresses(bool? external = null)
+         {
++            return new string[] { "http://0.0.0.0:" + Port + "/" };
+             if (external == null)
+             {
+                 external = AllowExternal;
+
diff --git a/pkgs/jackett/default.nix b/pkgs/jackett/default.nix
new file mode 100644
index 00000000..8b6ca01c
--- /dev/null
+++ b/pkgs/jackett/default.nix
@@ -0,0 +1,9 @@
+{ pkgs }:
+
+(pkgs.jackett.overrideAttrs (upstream: {
+  patches = [
+    # bind to an IP address which is usable behind a netns
+    ./01-fix-bind-host.patch
+  ];
+}))
+
diff --git a/services-conf/jackett-configuration.nix b/services-conf/jackett-configuration.nix
new file mode 100644
index 00000000..dace3bdf
--- /dev/null
+++ b/services-conf/jackett-configuration.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.jackett.enable = true;
+
+  systemd.services.jackett.after = ["wireguard-wg0.service"];
+  systemd.services.jackett.serviceConfig = {
+    # run this behind the OVPN static VPN
+    NetworkNamespacePath = "/run/netns/ovpns";
+    # patch jackett to listen on the public interfaces
+    # ExecStart = lib.mkForce "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder /var/lib/jackett/.config/Jackett --ListenPublic";
+  };
+}
+
diff --git a/services-conf/nginx-configuration.nix b/services-conf/nginx-configuration.nix
index 64af67f8..9c6f8b90 100644
--- a/services-conf/nginx-configuration.nix
+++ b/services-conf/nginx-configuration.nix
@@ -98,6 +98,14 @@
     };
   };
 
+  services.nginx.virtualHosts."jackett.uninsane.org" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://ovpns.uninsane.org:9117";
+    };
+  };
+
   services.nginx.virtualHosts."matrix.uninsane.org" = {
     addSSL = true;
     enableACME = true;