diff --git a/common/fragments/hedgedoc.nix b/common/fragments/hedgedoc.nix
new file mode 100644
index 0000000..21c3483
--- /dev/null
+++ b/common/fragments/hedgedoc.nix
@@ -0,0 +1,11 @@
+{
+  services.hedgedoc = {
+    enable = true;
+    settings = {
+      domain = "hedgedoc.technogothic.net";
+      protocolUseSSL = true;
+      allowOrigin = [ "localhost" "hedgedoc.technogothic.net" ];
+      allowEmailRegister = false;
+    };
+  };
+}
diff --git a/hosts/bloodletting/configuration.nix b/hosts/bloodletting/configuration.nix
index 84bef03..0ef1c36 100644
--- a/hosts/bloodletting/configuration.nix
+++ b/hosts/bloodletting/configuration.nix
@@ -6,6 +6,7 @@
     ../../common/fragments/fail2ban.nix
     ../../common/fragments/frq-friend.nix
     ../../common/fragments/grafana.nix
+    ../../common/fragments/hedgedoc.nix
     ../../common/fragments/mastodon-ebooks.nix
     ../../common/fragments/mastodon.nix
     ../../common/fragments/matrix-ril100.nix
@@ -212,6 +213,18 @@
 
       extraConfig = "client_max_body_size 64M;";
     };
+
+    virtualHosts."hedgedoc.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/".proxyPass = "http://localhost:3000";
+      locations."/socket.io/" = {
+        proxyPass = "http://localhost:3000";
+        proxyWebsockets = true;
+        extraConfig = "proxy_ssl_server_name on;";
+      };
+    };
   };
 
   # This value determines the NixOS release from which the default