diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix
new file mode 100644
index 0000000..d33fd11
--- /dev/null
+++ b/machines/proxy/configuration.nix
@@ -0,0 +1,46 @@
+{ self, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../users/root
+    ../../users/erwin
+  ];
+
+  eboskma = {
+    docker.enable = true;
+    nix-common.enable = true;
+    nginx-proxy-manager.enable = true;
+  };
+
+  boot.isContainer = true;
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "proxy";
+    useDHCP = false;
+
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [{
+          address = "10.0.0.251";
+          prefixLength = 24;
+        }];
+      };
+    };
+
+    defaultGateway = "10.0.0.1";
+    nameservers = [ "10.0.0.254" ];
+  };
+
+  environment.noXlibs = true;
+
+  services.openssh.enable = true;
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = { };
+
+  system.stateVersion = "21.11";
+}
diff --git a/machines/proxy/hardware-configuration.nix b/machines/proxy/hardware-configuration.nix
new file mode 100644
index 0000000..cea2ee0
--- /dev/null
+++ b/machines/proxy/hardware-configuration.nix
@@ -0,0 +1,6 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+  ];
+}
diff --git a/modules/nginx-proxy-manager/default.nix b/modules/nginx-proxy-manager/default.nix
new file mode 100644
index 0000000..9f120f7
--- /dev/null
+++ b/modules/nginx-proxy-manager/default.nix
@@ -0,0 +1,28 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.eboskma.nginx-proxy-manager;
+in
+{
+  options.eboskma.nginx-proxy-manager = { enable = mkEnableOption "Nginx Proxy Manager"; };
+
+  config = mkIf (cfg.enable) {
+    eboskma.docker.enable = true;
+
+    virtualisation.oci-containers.containers = {
+      nginx-proxy-manager = {
+        autoStart = true;
+        image = "jc21/nginx-proxy-manager:latest";
+        ports = [
+          "80:80"
+          "81:81"
+          "443:443"
+        ];
+        volumes = [
+          "/var/lib/npm/data:/data"
+          "letsencrypt:/etc/letsencrypt"
+        ];
+      };
+    };
+  };
+}