diff --git a/flake.nix b/flake.nix
index c962e63..a6720a8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -185,7 +185,7 @@
               ./instances/freya/hardware-configuration.nix
               ./instances/freya/configuration.nix
 
-              ./modules/nixos/garage.nix
+              # ./modules/nixos/garage.nix
               # ./modules/nixos/minio.nix
             ] ++ homeManagerModules ++ [
               { home-manager.users.bertof = import ./instances/freya/hm.nix; }
@@ -225,7 +225,7 @@
               ./instances/loki/hardware-configuration.nix
               ./instances/loki/configuration.nix
 
-              ./modules/nixos/garage.nix
+              # ./modules/nixos/garage.nix
               # ./modules/nixos/minio.nix
               ./modules/nixos/users/tiziano.nix
             ] ++ homeManagerModules ++ [{
diff --git a/modules/nixos/kavita.nix b/modules/nixos/kavita.nix
new file mode 100644
index 0000000..9e7d41b
--- /dev/null
+++ b/modules/nixos/kavita.nix
@@ -0,0 +1,10 @@
+{ lib, config, ... }: {
+
+  age.secrets.kavita_token = { file = ../../secrets/kavita_token.age; owner = "kavita"; };
+
+  services.kavita = { enable = true; tokenKeyFile = config.age.secrets.kavita_token.path; };
+
+  networking.firewall.allowedTCPPorts = lib.optionals config.services.kavita.enable [
+    config.services.kavita.port
+  ];
+}
diff --git a/secrets/kavita_token.age b/secrets/kavita_token.age
new file mode 100644
index 0000000..5eddf3a
--- /dev/null
+++ b/secrets/kavita_token.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 13iwjQ voJFYj0SO8ilhWm8720Rsi39sxDwxlAb/EAiwfruMSg
+/Fkd9vf7/ALIxuphcQ2VTsO/ffw5yM8rWK4pA2WtnmU
+-> ssh-ed25519 7MB20A +tgobVDw/HcQb+QPJR9OOnLroMj20NKz86mpKbGFRCE
+u/14dPWiNXCLb8H78gN5wfL3REOm9PFxxmIHcpFf424
+-> ssh-ed25519 XgC3XA 4fzuWDQCo3xxSlTEXs9y2dSrLK6EcfxcJhc1uEunaxw
+79H0PXW22aAgxiEQk8+BIaSiIA2NcFkNcSFKUoXi5i8
+-> 5C>C1-grease @ H5^>:J
+exGmP1BpYVo/JvbffgL+2HE1VYFwPW/YwV277J1d3AJcfznB88Qq2z3Aw9Ahg1VS
+z+3q0En7xFOewNIYvAG+DpDUDLoc/PzQriMi7ec
+--- cm9uPi5kqv9RhWFvuDtSFghjx297uFrOEUuDmFKBI+k
+uÊ×a	¾©Ê&æ›˜b¨ÖþXUÜ"Û\=õ¢^=
+Ón
+Ÿ|/ÃÍÊœuå@æú~
+má!”÷'R}ü´ç`t²X €[ —
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c19fb26..ee0a680 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -28,4 +28,5 @@ in
   "oppo_wg_priv.age".publicKeys = devUsers ++ systems;
   "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
   "wg_psk.age".publicKeys = devUsers ++ systems;
+  "kavita_token.age".publicKeys = devUsers ++ [ loki ];
 }