diff --git a/dns.tf b/dns.tf
index 2641d97..8f07ec8 100644
--- a/dns.tf
+++ b/dns.tf
@@ -96,6 +96,14 @@ resource "hetznerdns_record" "elefan-test_a" {
   ttl     = 600
 }
 
+resource "hetznerdns_record" "wikijs-test_a" {
+  zone_id = data.hetznerdns_zone.froidmont_zone.id
+  name    = "wikijs-test"
+  value   = data.hcloud_floating_ip.main_ip.ip_address
+  type    = "A"
+  ttl     = 600
+}
+
 resource "hetznerdns_record" "transmission_a" {
   zone_id = data.hetznerdns_zone.banditlair_zone.id
   name    = "transmission"
diff --git a/modules/postgresql.nix b/modules/postgresql.nix
index 95a8659..0752fb6 100644
--- a/modules/postgresql.nix
+++ b/modules/postgresql.nix
@@ -4,17 +4,13 @@
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_12;
-    initialScript = pkgs.writeText "postgres-init.sql" ''
-      CREATE ROLE "synapse";
-      CREATE ROLE "nextcloud";
-      CREATE ROLE "roundcube";
-    '';
     enableTCPIP = true;
     identMap = ''
       root_as_others         root                  postgres
       root_as_others         root                  synapse
       root_as_others         root                  nextcloud
       root_as_others         root                  roundcube
+      root_as_others         root                  wikijs-test
     '';
     authentication = ''
       local  all     postgres               peer
@@ -39,6 +35,11 @@
       key = "roundcube/db_password";
       restartUnits = [ "postgresql-setup.service" ];
     };
+    wikiJsTestDbPassword = {
+      owner = config.services.postgresql.superUser;
+      key = "wikijs-test/db_password";
+      restartUnits = [ "postgresql-setup.service" ];
+    };
   };
 
   systemd.services.postgresql-setup = let pgsql = config.services.postgresql; in
@@ -51,13 +52,25 @@
         pkgs.util-linux
       ];
       script = ''
-        set -eu
+        set -u
         PSQL() {
             psql --port=${toString pgsql.port} "$@"
         }
+
+        PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
+        PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
+        PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
+        PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "wikijs-test"'
+        
         PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
         PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
         PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
+        PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "wikijs-test" OWNER "wikijs-test"'
+
+        PSQL -tAc  "ALTER ROLE synapse LOGIN"
+        PSQL -tAc  "ALTER ROLE nextcloud LOGIN"
+        PSQL -tAc  "ALTER ROLE roundcube LOGIN"
+        PSQL -tAc  "ALTER ROLE \"wikijs-test\" LOGIN"
 
         synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
         PSQL -tAc  "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
@@ -65,6 +78,8 @@
         PSQL -tAc  "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
         roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
         PSQL -tAc  "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
+        wikijstest_password="$(<'${config.sops.secrets.wikiJsTestDbPassword.path}')"
+        PSQL -tAc  "ALTER ROLE \"wikijs-test\" WITH PASSWORD '$wikijstest_password'"
       '';
 
       serviceConfig = {
diff --git a/profiles/backend.nix b/profiles/backend.nix
index 81bce59..c0aa5d7 100644
--- a/profiles/backend.nix
+++ b/profiles/backend.nix
@@ -18,6 +18,10 @@
       owner = config.services.borgbackup.jobs.data.user;
       key = "borg/client_keys/backend1/private";
     };
+    wikiJsEnvFile = {
+      key = "wikijs-test/service_env_file";
+      restartUnits = [ "wiki-js.service" ];
+    };
   };
 
   custom = {
@@ -63,7 +67,26 @@
     services.murmur.enable = true;
   };
 
+  services.wiki-js = {
+    enable = true;
+    settings = {
+      db.type = "postgres";
+      db.host = "10.0.1.11";
+      db.db = "wikijs-test";
+      db.user = "wikijs-test";
+      db.pass = "$(DB_PASS)";
+    };
+    environmentFile = config.sops.secrets.wikiJsEnvFile.path;
+  };
 
+  services.nginx.virtualHosts."wikijs-test.froidmont.org" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.wiki-js.settings.port}";
+    };
+  };
 
   networking.interfaces.enp1s0 = {
     useDHCP = true;
diff --git a/secrets.enc.yml b/secrets.enc.yml
index 7eea564..4c14306 100644
--- a/secrets.enc.yml
+++ b/secrets.enc.yml
@@ -14,6 +14,9 @@ nextcloud:
 roundcube:
     db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str]
     pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str]
+wikijs-test:
+    db_password: ENC[AES256_GCM,data:lhVNTxKokGqlIssD6YMoso6KKdwxqRETg1M9DYwyGBRdq+/R4gnfUoeTiycpvyqQ9Auc8qKv00NdrhDv,iv:XyT5/0hihwEQRpDwc9OwtdrkiVQ1HlWMZgf+stHOdDs=,tag:dc76QhT//EkQw8+N8Hgmdw==,type:str]
+    service_env_file: ENC[AES256_GCM,data:W2SvBQFvPHIXvGQ9YY06IZDisstfTk31C71fPSsuOe3PNs0wt27079WwU4dQRcoaGvQBJs9nvI7k7OhClq/OZL2cwDU=,iv:z4sISj2G6WMenRn6/7SVKKmtmU+OweMT4MSNxaWT4+c=,tag:kngFN+KZ/M9qMJjmfgGbjA==,type:str]
 murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str]
 transmission:
     rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str]
@@ -54,8 +57,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-09-15T05:50:09Z"
-    mac: ENC[AES256_GCM,data:mmKdFdYWID4oTFCsRrq3idCr+2m/VA22sPOB8V1IVTQISrAQ8j9zwO5JymgXq3+X/1ghNoaFsqmFamzN+uZQ4bd7K2lG2LXzLlzDV4NanPRJGq0szHQ3/DF/hPJij85GREs9OKoPu5zrHVub3B/kymtotc+xUs9x/MdnR+IA9qY=,iv:LdBCUee6YNSMjNtDktsV8LVQIbQVv0ABQgoOSYyu0mg=,tag:WtvpYnxwNRveA+pYd0IGcA==,type:str]
+    lastmodified: "2022-10-19T04:39:50Z"
+    mac: ENC[AES256_GCM,data:EVAuXn/AK8ntHymfA9gOgo7d0MZUdGJvt7nrm4nt4IlKQCigBjaF5JRslcbGrzOnw5/hRHC1iVj9YqzkOC1iV00y/k7mNK5wxR1c0+NcFFm/HmJRnxH2Dncs2faJ25q6tmZBLG2iSlesXoiR0CAlMywIJDkpYh/bBRHJoc1NqC0=,iv:px8sFUbAu5KjLe3H8mfKxSSlkxLm1xuWAyTLwDkI/v0=,tag:/3KnzWNtNuIPV5ZjHu4fxA==,type:str]
     pgp:
         - created_at: "2021-11-29T00:57:34Z"
           enc: |