diff --git a/flake.lock b/flake.lock
index 908e356..585cf9e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -121,6 +121,27 @@
         "type": "github"
       }
     },
+    "copyparty": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754348197,
+        "narHash": "sha256-sVl/KDJR7X0bmRc/ccmuAy9HgcQXnnIaiOCWbSGvRPA=",
+        "owner": "9001",
+        "repo": "copyparty",
+        "rev": "b664ebb01f28094749e233ac70795ccd11fed253",
+        "type": "github"
+      },
+      "original": {
+        "owner": "9001",
+        "repo": "copyparty",
+        "type": "github"
+      }
+    },
     "crane": {
       "locked": {
         "lastModified": 1731098351,
@@ -475,6 +496,21 @@
       }
     },
     "flake-utils": {
+      "locked": {
+        "lastModified": 1678901627,
+        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
       "inputs": {
         "systems": "systems_2"
       },
@@ -1008,7 +1044,7 @@
     "nvf_2": {
       "inputs": {
         "flake-parts": "flake-parts_4",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "mnw": "mnw",
         "nixpkgs": "nixpkgs_3",
         "systems": "systems_3"
@@ -1114,6 +1150,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "copyparty": "copyparty",
         "devour-flake": "devour-flake",
         "disko": "disko",
         "firefox-addons": "firefox-addons",
diff --git a/flake.nix b/flake.nix
index a076c9f..eab8f66 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,7 +9,7 @@
   } @ inputs: let
     mods = import ./modules;
     cLib = import ./lib {inherit (nixpkgs) lib;};
-    mkLinuxSystem = mod:
+    mkLinuxSystem = mod: ovl:
       nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs cLib;};
         modules =
@@ -19,7 +19,7 @@
             inputs.agenix.nixosModules.default
             {
               nixpkgs.config.allowUnfree = true;
-              nixpkgs.overlays = [self.overlays.default];
+              nixpkgs.overlays = [self.overlays.default] ++ ovl;
             }
           ]
           ++ mod
@@ -39,8 +39,8 @@
         inherit (mods) homeManagerModules nixosModules;
         # TODO: use ./hosts/
         nixosConfigurations = {
-          artemis = mkLinuxSystem [./hosts/artemis inputs.lanzaboote.nixosModules.lanzaboote];
-          hermes = mkLinuxSystem [./hosts/hermes];
+          artemis = mkLinuxSystem [./hosts/artemis inputs.lanzaboote.nixosModules.lanzaboote] [];
+          hermes = mkLinuxSystem [./hosts/hermes inputs.copyparty.nixosModules.default] [inputs.copyparty.overlays.default];
         };
         diskoConfigurations = {}; # maybe?
         om.health.default = {nix-version.min-required = "2.18.5";};
@@ -178,5 +178,9 @@
         systems.follows = "systems";
       };
     };
+    copyparty = {
+      url = "github:9001/copyparty";
+      inputs.nixpkgs.follows = "unstable";
+    };
   };
 }
diff --git a/hosts/hermes/copyparty.nix b/hosts/hermes/copyparty.nix
new file mode 100644
index 0000000..8fc9923
--- /dev/null
+++ b/hosts/hermes/copyparty.nix
@@ -0,0 +1,34 @@
+{config, ...}: let
+  domain = "files.cleslie.uk";
+in {
+  services = {
+    cloudflare-dyndns.domains = [domain];
+    copyparty = {
+      enable = true;
+      settings = {
+        i = "127.0.0.1";
+        p = [3210];
+      };
+      accounts = {
+        c.passwordFile = config.age.secrets.copyparty-c.path;
+      };
+      volumes = {
+        "/media" = {
+          path = "/var/lib/media/library";
+          access = {
+            r = "*";
+            rw = ["c"];
+          };
+        };
+      };
+    };
+    caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy http://127.0.0.1:3210
+    '';
+  };
+  age.secrets."copyparty-c" = {
+    file = ../../secrets/copyparty-c.age;
+    mode = "400";
+    owner = "copyparty";
+  };
+}
diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix
index d6978bd..6487805 100644
--- a/hosts/hermes/default.nix
+++ b/hosts/hermes/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./hardware-configuration.nix
     ./configuration.nix
+    ./copyparty.nix
     ./ddns.nix
     ./quassel.nix
     ./fail2ban.nix
diff --git a/secrets/copyparty-c.age b/secrets/copyparty-c.age
new file mode 100644
index 0000000..514f9dc
--- /dev/null
+++ b/secrets/copyparty-c.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /RyXeg L3snhcjG3XkMDoehtE1UyJ32D8vzLE8+D7ZQp4m+S0w
+FqrvB5ve6xLedf2N982uQB7FBRQinubVFSpJ1wj7fBw
+-> ssh-ed25519 aSaoJQ AHhV+ob0AO5/jkoNy/138Qjpnq6bgQJOS7gu9NxPagg
+5ie/QslRuqJBzOXHWulGIFnZXaPUHBbWhxKJnoCDsXg
+--- vhZK1PYh5jncrrXGGWiE0mvDCN/O/Rvh2WGYBBimC8w
+/NG�Ot�f��m��Ax��}�O�A���}���i�2�t���~�q
�]�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f66bfbb..9d0b2e5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,6 +10,7 @@ in {
   "mesh-conf-infra.age".publicKeys = keys.c ++ allSystems;
   "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems;
   "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes];
+  "copyparty-c.age".publicKeys = keys.c ++ [systems.hermes];
   "cloudflare-api.age".publicKeys = keys.c ++ [systems.hermes];
   "vaultwarden-env.age".publicKeys = keys.c ++ [systems.hermes];
 }