diff --git a/modules/nixos/sites/cache/default.nix b/modules/nixos/sites/cache/default.nix
new file mode 100644
index 0000000..8665f53
--- /dev/null
+++ b/modules/nixos/sites/cache/default.nix
@@ -0,0 +1,37 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.custom; let
+  cfg = config.sites.cache;
+
+  sec = config.age.secrets;
+in {
+  options.sites.hydra = with types; {
+    enable = mkBoolOpt false "Enable Hydra";
+  };
+
+  config = mkIf cfg.enable {
+    age.secrets = {
+      cache_key = {
+        file = ./sec/cache_key.age;
+      };
+    };
+
+    services.nix-serve = {
+      enable = true;
+      secretKeyFile = sec.cache_key.path;
+    };
+
+    services.nginx.virtualHosts."cache.zoeys.computer" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/sites/hydra/sec/hydra_key.age b/modules/nixos/sites/cache/sec/cache_key.age
similarity index 100%
rename from modules/nixos/sites/hydra/sec/hydra_key.age
rename to modules/nixos/sites/cache/sec/cache_key.age
diff --git a/modules/nixos/sites/hydra/default.nix b/modules/nixos/sites/hydra/default.nix
index 79dc704..1d0ff49 100644
--- a/modules/nixos/sites/hydra/default.nix
+++ b/modules/nixos/sites/hydra/default.nix
@@ -15,23 +15,11 @@ in {
   };
 
   config = mkIf cfg.enable {
-    age.secrets = {
-      hydra_key = {
-        owner = "hydra";
-        group = "hydra";
-        file = ./sec/hydra_key.age;
-      };
-    };
-
     services.hydra = {
       enable = true;
       hydraURL = "https://hydra.zoeys.computer";
       useSubstitutes = true;
       notificationSender = "hydra@localhost"; # e-mail of hydra service
-
-      extraConfig = ''
-        binary_cache_secret_key_file = ${sec.hydra_key.path}
-      '';
     };
 
     services.nginx.virtualHosts."hydra.zoeys.computer" = {