diff --git a/dns.tf b/dns.tf
index b0b9a9e..3e1c8e8 100644
--- a/dns.tf
+++ b/dns.tf
@@ -39,6 +39,14 @@ resource "hetznerdns_record" "jellyfin_a" {
   ttl     = 600
 }
 
+resource "hetznerdns_record" "monero_a" {
+  zone_id = data.hetznerdns_zone.banditlair_zone.id
+  name    = "monero"
+  value   = local.storage1_ip
+  type    = "A"
+  ttl     = 600
+}
+
 resource "hetznerdns_record" "anderia_a" {
   zone_id = data.hetznerdns_zone.banditlair_zone.id
   name    = "anderia"
diff --git a/modules/monero.nix b/modules/monero.nix
new file mode 100644
index 0000000..0bf0d65
--- /dev/null
+++ b/modules/monero.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+{
+
+  services.monero = {
+    enable = true;
+    rpc.restricted = true;
+  };
+
+  services.nginx.virtualHosts."monero.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:18081";
+      extraConfig = ''
+        proxy_http_version 1.1;
+      '';
+    };
+  };
+
+}
diff --git a/profiles/storage.nix b/profiles/storage.nix
index 3d1ac22..a4422c9 100644
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@@ -8,7 +8,8 @@
     ../modules/nginx.nix
     ../modules/jellyfin.nix
     ../modules/stb.nix
+    ../modules/monero.nix
   ];
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 18080 ];
 }