diff --git a/exprs/modules.nix b/exprs/modules.nix
new file mode 100644
index 0000000..20c329e
--- /dev/null
+++ b/exprs/modules.nix
@@ -0,0 +1,5 @@
+{self, ...}: {
+  flake.nixosModules = {
+    reposilite = import ./reposilite/module.nix self;
+  };
+}
diff --git a/exprs/overlay.nix b/exprs/overlay.nix
index 6e3d212..2df517e 100644
--- a/exprs/overlay.nix
+++ b/exprs/overlay.nix
@@ -7,4 +7,6 @@ final: prev: {
   wine-discord-ipc-bridge = prev.callPackage ./wine-discord-ipc-bridge.nix {
     inherit (prev.pkgsCross.mingw32) stdenv;
   };
+
+  reposilite = prev.callPackage ./reposilite/derivation.nix {};
 }
diff --git a/exprs/reposilite/derivation.nix b/exprs/reposilite/derivation.nix
new file mode 100644
index 0000000..1b89226
--- /dev/null
+++ b/exprs/reposilite/derivation.nix
@@ -0,0 +1,38 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  makeWrapper,
+  jdk21,
+}:
+stdenv.mkDerivation rec {
+  name = "reposilite";
+  version = "3.5.3";
+
+  src = fetchurl {
+    url = "https://maven.reposilite.com/releases/com/reposilite/reposilite/${version}/reposilite-${version}-all.jar";
+    hash = "sha256-ZqewhOWb49ykmzvIebolXkxtNKA46bCgM7L7yvkVgfE=";
+  };
+
+  nativeBuildInputs = [makeWrapper];
+
+  phases = ["installPhase"];
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin $out/share/${name}
+    cp ${src} $out/share/${name}/${name}.jar
+    makeWrapper ${jdk21}/bin/java $out/bin/${name} --add-flags "-jar $out/share/${name}/${name}.jar"
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Lightweight and easy-to-use repository management software dedicated for the Maven based artifacts in the JVM ecosystem";
+    homepage = "https://reposilite.com/";
+    license = licenses.asl20;
+    platforms = platforms.unix;
+    mainProgram = "reposilite";
+  };
+}
diff --git a/exprs/reposilite/module.nix b/exprs/reposilite/module.nix
new file mode 100644
index 0000000..7dab9ea
--- /dev/null
+++ b/exprs/reposilite/module.nix
@@ -0,0 +1,79 @@
+self: {
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  cfg = config.services.reposilite;
+
+  inherit (pkgs.stdenv.hostPlatform) system;
+
+  inherit
+    (lib)
+    getExe
+    literalExpression
+    mdDoc
+    mkDefault
+    mkEnableOption
+    mkIf
+    mkOption
+    mkPackageOption
+    types
+    ;
+in {
+  options.services.reposilite = {
+    enable = mkEnableOption "reposilite";
+    package = mkPackageOption self.packages.${system} "reposilite" {};
+    environmentFile = mkOption {
+      description = mdDoc ''
+        Environment file as defined in {manpage}`systemd.exec(5)`
+      '';
+      type = types.nullOr types.path;
+      default = null;
+      example = literalExpression ''
+        "/run/agenix.d/1/reposilite"
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users = {
+      users.reposilite = {
+        isSystemUser = true;
+        group = "reposilite";
+      };
+
+      groups.reposilite = {};
+    };
+
+    systemd.services."reposilite" = {
+      enable = true;
+      wantedBy = mkDefault ["multi-user.target"];
+      after = mkDefault ["network.target"];
+      script = ''
+        ${getExe cfg.package}
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+
+        EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
+
+        StateDirectory = "reposilite";
+        StateDirectoryMode = "0700";
+        WorkingDirectory = "/var/lib/reposilite";
+
+        User = "reposilite";
+        Group = "reposilite";
+
+        LimitNOFILE = "1048576";
+        PrivateTmp = true;
+        PrivateDevices = true;
+        ProtectHome = true;
+        ProtectSystem = "strict";
+        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      };
+    };
+  };
+}
diff --git a/flake.nix b/flake.nix
index d5762e0..b0c8984 100644
--- a/flake.nix
+++ b/flake.nix
@@ -70,6 +70,7 @@
       imports = [
         ./parts
         ./systems
+        ./exprs/modules.nix
       ];
     };
 }