diff --git a/flake.nix b/flake.nix
index 0de19bf..665c733 100644
--- a/flake.nix
+++ b/flake.nix
@@ -101,7 +101,10 @@
 
     zen-browser.url = "github:MarceColl/zen-browser-flake";
 
-    zoeycomputer.url = "git+https://git.zoeys.computer/zoey/zoeys.computer";
+    zoeycomputer = {
+      url = "git+https://git.zoeys.computer/zoey/zoeys.computer";
+      # inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     systems.url = "github:nix-systems/default";
     spicetify-nix = {
diff --git a/homes/x86_64-linux/zoey@earth/default.nix b/homes/x86_64-linux/zoey@earth/default.nix
index dc5255f..66cc5d8 100644
--- a/homes/x86_64-linux/zoey@earth/default.nix
+++ b/homes/x86_64-linux/zoey@earth/default.nix
@@ -41,6 +41,7 @@
   services.lock.enable = true;
   services.music.enable = true;
   services.pm-bridge.enable = true;
+  services.pm-bridge.nonInteractive = true;
   services.udiskie.enable = true;
 
   xdg.enable = true;
diff --git a/modules/nixos/sites/minio/default.nix b/modules/nixos/sites/minio/default.nix
new file mode 100644
index 0000000..40685c4
--- /dev/null
+++ b/modules/nixos/sites/minio/default.nix
@@ -0,0 +1,85 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.custom; let
+  cfg = config.sites.minio;
+in {
+  options.sites.minio = with types; {
+    enable = mkBoolOpt false "Enable Hydra";
+  };
+
+  config = mkIf cfg.enable {
+    age.secrets = {
+      minio = {
+        owner = "minio";
+        group = "minio";
+        file = ./sec/minio.age;
+      };
+    };
+
+    services.minio = {
+      enable = true;
+      consoleAddress = ":4242";
+      rootCredentialsFile = config.age.secrets.minio.path;
+    };
+
+    services.nginx.virtualHosts."s3.zoeys.computer" = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        # Allow special characters in headers
+        ignore_invalid_headers off;
+        # Allow any size file to be uploaded.
+        # Set to a value such as 1000m; to restrict file size to a specific value
+        client_max_body_size 0;
+        # Disable buffering
+        proxy_buffering off;
+        proxy_request_buffering off;
+      '';
+      locations."/" = {
+        proxyPass = "http://localhost${config.services.minio.listenAddress}";
+        extraConfig = ''
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          proxy_connect_timeout 300;
+          # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+          proxy_http_version 1.1;
+          proxy_set_header Connection "";
+          chunked_transfer_encoding off;
+        '';
+      };
+      locations."/minio/ui" = {
+        proxyPass = "http://localhost${config.services.minio.consoleAddress}";
+        extraConfig = ''
+          rewrite ^/minio/ui/(.*) /$1 break;
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_set_header X-NginX-Proxy true;
+
+          # This is necessary to pass the correct IP to be hashed
+          real_ip_header X-Real-IP;
+
+          proxy_connect_timeout 300;
+
+          # To support websockets in MinIO versions released after January 2023
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+          # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
+          # Uncomment the following line to set the Origin request to an empty string
+          # proxy_set_header Origin \'\';
+          chunked_transfer_encoding off;
+        '';
+      };
+    };
+  };
+}
diff --git a/modules/nixos/sites/minio/sec/minio.age b/modules/nixos/sites/minio/sec/minio.age
new file mode 100644
index 0000000..72afbe3
Binary files /dev/null and b/modules/nixos/sites/minio/sec/minio.age differ
diff --git a/systems/x86_64-linux/pluto/default.nix b/systems/x86_64-linux/pluto/default.nix
index 258b5aa..f4caaf0 100644
--- a/systems/x86_64-linux/pluto/default.nix
+++ b/systems/x86_64-linux/pluto/default.nix
@@ -4,6 +4,7 @@
 {
   pkgs,
   inputs,
+  config,
   ...
 }: {
   imports = [
@@ -38,6 +39,19 @@
   services.gh.enable = true;
   services.fail2ban.enable = true;
 
+  age.secrets = {
+    zc_key = {
+      owner = "zoeyscomputer-phx";
+      group = "zoeyscomputer-phx";
+      file = ./sec/zc_key.age;
+    };
+    zc_db_pass = {
+      owner = "zoeyscomputer-phx";
+      group = "zoeyscomputer-phx";
+      file = ./sec/zc_db_pass.age;
+    };
+  };
+
   sites = {
     cv.enable = true;
     gitlab.enable = true;
@@ -48,7 +62,20 @@
     map.enable = true;
     hydra.enable = true;
     cache.enable = true;
-    zoeycomputer.enable = true;
+    minio.enable = true;
+    zoeycomputer = {
+      enable = true;
+      domain = "zoeys.computer";
+      phx = {
+        database = {
+          name = "zoeyscomputer";
+          user = "zoeyscomputer";
+          passwordFile = config.age.secrets.zc_db_pass.path; # Optional
+          host = "localhost"; # Optional, defaults to localhost
+        };
+        secret_key_file = config.age.secrets.zc_key.path;
+      };
+    };
   };
 
   zmio.blog.enable = true;
diff --git a/systems/x86_64-linux/pluto/sec/zc_db_pass.age b/systems/x86_64-linux/pluto/sec/zc_db_pass.age
new file mode 100644
index 0000000..8ddae49
Binary files /dev/null and b/systems/x86_64-linux/pluto/sec/zc_db_pass.age differ
diff --git a/systems/x86_64-linux/pluto/sec/zc_key.age b/systems/x86_64-linux/pluto/sec/zc_key.age
new file mode 100644
index 0000000..e8ace9b
Binary files /dev/null and b/systems/x86_64-linux/pluto/sec/zc_key.age differ