diff --git a/devices/vps6/default.nix b/devices/vps6/default.nix
index aae63be4..c7fd0907 100644
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -53,7 +53,7 @@ inputs:
             (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
             [
               "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-              "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog"
+              "send" "kkmeeting" "api" "git" "grafana" "vikunja" "write" "blog" "peertube"
             ]));
           applications =
           {
diff --git a/devices/vps7/default.nix b/devices/vps7/default.nix
index 1597bf53..97ed5ece 100644
--- a/devices/vps7/default.nix
+++ b/devices/vps7/default.nix
@@ -71,6 +71,7 @@ inputs:
         xray.server = { serverName = "xserver.vps7.chn.moe"; userNumber = 4; };
         writefreely = {};
         docker = {};
+        peertube = {};
       };
     };
     specialisation.generic.configuration =
diff --git a/devices/vps7/secrets.yaml b/devices/vps7/secrets.yaml
index 54d2c9e9..127296d4 100644
--- a/devices/vps7/secrets.yaml
+++ b/devices/vps7/secrets.yaml
@@ -16,6 +16,7 @@ redis:
     mastodon: ENC[AES256_GCM,data:E5aMRzqd1dqcw66uZwWoT+LDH30mg1vZjk3lhKIXKPd36MANE6z04aBPcAHyHT71jEYsect9JXagC4MUJBuSSQ==,iv:4IjTTNSTraL33fInlTkB2ZylcEaaKi5pgvugZIk24e0=,tag:32JSTNpF2cxYh/NEAS6jZQ==,type:str]
     synapse-synapse: ENC[AES256_GCM,data:8CVbcN2FG4mRT4PnlOGsS7tDfS+6ojIJFvq2EwItxn1gg2Ghd/Bmx+5tS/Do2FrYp/Xiv1EqucomM50r5bXnmg==,iv:TT7zBKQ4M10XYVCn5aeSu9IqjrIEHHazPUCOTmgRAU0=,tag:0+Q9hZMBVDj1TnHj3xoTBA==,type:str]
     synapse-matrix: ENC[AES256_GCM,data:eJ9GXDVLPg1C+Zjpj3NnWUyZxDbOZ61f+gs/bkZgdWjeu61MEMtU/Hh+p/ceAn3y0aPi0ZTcd+zSgIPIkcj+qg==,iv:uTdS4uguNJErc+DDW4H6dsRFkqlkHtaCfR8LR/d9nvY=,tag:UhY9xbe1r7FUpyid2nSt5Q==,type:str]
+    peertube: ENC[AES256_GCM,data:cN+cClNV1JD+Z1Wlp07MY7BmLr/EZYZZt04mxKKKN8RG1ZSMGykbc3hd00E14ubhCittJXSPbIWyO63lCGGEPg==,iv:3z1BR0j26LGfXwDDPYU/i8Qx/7529KKoar+xGZanirI=,tag:g/NSGDE1iEYJ1MStrV3rpg==,type:str]
 postgresql:
     wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
     misskey_misskey: ENC[AES256_GCM,data:lRbSz7bbiWEdK/cRD41fLvFJF4WYsclKHVykFcU3LIz9vnKlR3VdczzznVqpT7JvG6OUi+TmipJii+0KzXHtdA==,iv:8sBKgVwuDJdThup0KQ6cnAV5O2liwVra1yIpDHVfpMI=,tag:DyUpaHai8ZUyllvZBUm8sg==,type:str]
@@ -29,6 +30,7 @@ postgresql:
     akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
     synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
     vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
+    peertube: ENC[AES256_GCM,data:dLzOez3dTy0NqHED1Oc43Ox2AFuH196kxwOSuR6RejUw3iJuzEQCdmA/i+70zHoveAYBdPCGpM8cz0y2M+usjw==,iv:KxDqmbNBkJ6Nw0M3060L9ESDf2qAur7umlejcDyRmwA=,tag:RScP7Cny8b1Z1/REpk+daA==,type:str]
 rsshub:
     pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
     youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
@@ -122,6 +124,9 @@ xray-server:
     private-key: ENC[AES256_GCM,data:TarrinCFzWkB5zCc7i7f3B3tFfxrF+cGnrg4bw9CAGKWBazSJHCviY8Imw==,iv:azHdrc6AlgS9RPwGVsYRb8bBeC/askCdut1rnv9TA3I=,tag:AT2lLraKVgbp9GmlLJiI+w==,type:str]
 writefreely:
     chn: ENC[AES256_GCM,data:YvhPa69sVdiljm9Ix6yQh6YCEpFvC9iw5Yx72MBcGr7+swdbvWDAfMmGFY066mAPvhpwZX/IEivKvrS0t/OSnw==,iv:7s2yEb30YaCAtNeevbur0HL28nXHVIqmCx6Bngh+HWk=,tag:yx0JK8RNQMVcYLBSxNj+uw==,type:str]
+peertube:
+    secrets: ENC[AES256_GCM,data:DAlig4wYCridlfS00YOqH++/4Rkssq2bkJ1bhERrsgeqdccwwnk6ADKpN2UBGANNYiTj2VUHsHT6mIWxPRcJvQ==,iv:kOedA1gAD7el6JbP8MujSCSfkkHM6CDDMSs2LwPmsGU=,tag:ZDS+LGX2hNXHw15Js2sBkQ==,type:str]
+    password: ENC[AES256_GCM,data:jmKmQlFqHSmImfym2M3/+ItbPxx1GwgrLRZwk7KxqXGHFvqZ1ybCnfZCN8jmA1gVJLuPLTrYA9ggHwdKgVrknw==,iv:cBSb5PJsjHBAMgrxlZaVtw1aP39AXMtdk5pnnCyyZbQ=,tag:6TLoDRY6305lm4HVapT4yQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -146,8 +151,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-02T23:57:33Z"
-    mac: ENC[AES256_GCM,data:Tp7uSF3G1WALzv7jPSXGyIJbwYLHz4sF73NUoAI6KPboLs3juhDiZjJfkBkIIv4BawWNTvvAQfBL6hbpPbn3bLpkTvU8TiHyP9yiY5kJkid37I2s8KOHHaxKSu4CXlkAeXdZX0I1iujAOsKYUd2GnN19V07K0qwCtZOVvZXvjsk=,iv:fcsE7qXrcoaRdTv0C4nmfNvIDXtTXiKyF7TCfnkvRPg=,tag:Dgdq4gT2lzhkXZ10uUCwwQ==,type:str]
+    lastmodified: "2024-09-28T12:28:35Z"
+    mac: ENC[AES256_GCM,data:gDrWd/AMuHzTBu809FOInNtakqABMcbVMYn6FxqSsD4l+GCGoteQKzUVYhM327mxqV9dM2TfklCnSQ2tYOiY0ea7EBjqsCGL7eKexY7wmPY2gPHLNQEzoeagQKl1k1wU45JgUriit6t2iajUCPoEK1yHJg4qPHy/EoE9NMwf0IM=,iv:haPKxQ/YQ0vq0UFub7YVPqqSoiV0NiLsuOUUV+ZDk3U=,tag:pxsNkKHjciJ/GwBhQiSqXA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0
diff --git a/modules/services/peertube.nix b/modules/services/peertube.nix
new file mode 100644
index 00000000..98094534
--- /dev/null
+++ b/modules/services/peertube.nix
@@ -0,0 +1,65 @@
+inputs:
+{
+  options.nixos.services.peertube = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule { options =
+    {
+      hostname = mkOption { type = types.nonEmptyStr; default = "peertube.chn.moe"; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) peertube; in inputs.lib.mkIf (peertube != null)
+  {
+    services.peertube =
+    {
+      enable = true;
+      localDomain = peertube.hostname;
+      listenHttp = 5046;
+      listenWeb = 443;
+      enableWebHttps = true;
+      serviceEnvironmentFile = inputs.config.sops.templates."peertube/env".path;
+      secrets.secretsFile = inputs.config.sops.secrets."peertube/secrets".path;
+      configureNginx = true;
+      database =
+      {
+        createLocally = true;
+        host = "127.0.0.1";
+        passwordFile = inputs.config.sops.secrets."peertube/postgresql".path;
+      };
+      redis =
+      {
+        host = "127.0.0.1";
+        port = 7599;
+        passwordFile = inputs.config.sops.secrets."redis/peertube".path;
+      };
+      smtp.passwordFile = inputs.config.sops.secrets."peertube/smtp".path;
+      settings.smtp =
+      {
+        host = "mail.chn.moe";
+        username = "bot@chn.moe";
+        from_address = "bot@chn.moe";
+      };
+    };
+    sops =
+    {
+      templates."peertube/env".content =
+      ''
+        PT_INITIAL_ROOT_PASSWORD=${inputs.config.sops.placeholder."peertube/password"}
+      '';
+      secrets =
+      {
+        "peertube/postgresql" = { owner = inputs.config.services.peertube.user; key = "postgresql/peertube"; };
+        "peertube/password" = {};
+        "peertube/secrets".owner = inputs.config.services.peertube.user;
+        "peertube/smtp" = { owner = inputs.config.services.peertube.user; key = "mail/bot"; };
+      };
+    };
+    nixos.services =
+    {
+      nginx = { enable = true; https.${peertube.hostname}.global.configName = peertube.hostname; };
+      postgresql.instances.peertube = {};
+      redis.instances.peertube.port = 7599;
+    };
+    systemd.services.peertube.after = [ "redis-peertube.service" ];
+  };
+}