diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix
index 669f78e..0e0f13d 100644
--- a/modules/nixos/bundles/server.nix
+++ b/modules/nixos/bundles/server.nix
@@ -28,6 +28,7 @@
     "readarr"
     "sonarr"
     "syncthing"
+    "upbank2firefly"
     "vaultwarden"
     # keep-sorted end
   ];
diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix
new file mode 100644
index 0000000..fbf18f4
--- /dev/null
+++ b/modules/nixos/features/upbank2firefly.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  port = 5021;
+in
+{
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers.upbank2firefly = {
+      extraOptions = [
+        "--network=host"
+      ];
+      image = "compose2nix/upbank2firefly";
+      environment = {
+        FIREFLY_BASEURL = "https://firefly.fi33.buzz";
+        TZ = "Australia/Melbourne";
+      };
+      environmentFiles = [ config.age.secrets.upbank2firefly.path ];
+      volumes = [
+        "/srv/upbank2firefly/app:/app:rw"
+      ];
+      ports = [
+        "${toString port}:80/tcp"
+      ];
+    };
+  };
+
+  systemd = {
+    services = {
+      "docker-build-upbank2firefly" = {
+        path = with pkgs; [
+          docker
+          git
+        ];
+        serviceConfig = {
+          Type = "oneshot";
+          TimeoutSec = 300;
+        };
+        script = ''
+          cd /srv/upbank2firefly
+          git pull
+          docker build -t compose2nix/upbank2firefly .
+        '';
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."upbank2firefly.fi33.buzz" = {
+    forceSSL = true;
+    useACMEHost = "fi33.buzz";
+    locations."/".proxyPass = "http://localhost:${toString port}";
+  };
+
+  age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age;
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index de24194..5dc6b1d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -39,6 +39,7 @@ in
   "radicale.age".publicKeys = users;
   "readarr.age".publicKeys = users;
   "sonarr.age".publicKeys = users;
+  "upbank2firefly.age".publicKeys = users;
   "vaultwarden-admin.age".publicKeys = users;
   # keep-sorted end
 }
diff --git a/secrets/upbank2firefly.age b/secrets/upbank2firefly.age
new file mode 100644
index 0000000..56d99d4
Binary files /dev/null and b/secrets/upbank2firefly.age differ