diff --git a/hosts/faunus-ater.nix b/hosts/faunus-ater.nix
index 9803a3b..1fe8a8c 100644
--- a/hosts/faunus-ater.nix
+++ b/hosts/faunus-ater.nix
@@ -117,6 +117,33 @@ in {
       };
     };
 
+    virtualisation.oci-containers.containers."mealie" = {
+      image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2";
+      ports = let port = builtins.toString config.state.services.eat.port; in ["${port}:${port}"];
+      environment = {
+        PUID = builtins.toString config.users.users.mealie.uid;
+        PGID = builtins.toString config.users.groups.mealie.gid;
+        ALLOW_SIGNUP = "false";
+        TZ = "Europe/Berlin";
+        BASE_URL = "https://eat.tammena.me";
+        TOKEN_TIME = "8760";
+      };
+      volumes = [
+        "/data/dirty/mealie:/app/data"
+      ];
+    };
+    users.users.mealie = {
+      isSystemUser = true;
+      group = "mealie";
+    };
+    users.groups.mealie = {};
+    services.nginx.virtualHosts."eat.home" = mkVirtHost "eat-home" {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString config.state.services.eat.port}";
+        proxyWebsockets = true;
+      };
+    };
+
     services.nginx.virtualHosts."todo.home" = mkVirtHost "todo-home" {
       locations."/" = {
         proxyPass = "http://127.0.0.1:7372";
@@ -370,6 +397,7 @@ in {
       "certificate-key-foto-home" = nginxSecret;
       "certificate-key-listen-home" = nginxSecret;
       "certificate-key-git-home" = nginxSecret;
+      "certificate-key-eat-home" = nginxSecret;
       "paperless-admin-password" = {};
       "photoprism-admin-password" = {};
       "nginx-cert-key" = nginxSecret;
diff --git a/hosts/granodomus-lima.nix b/hosts/granodomus-lima.nix
index 3dd184a..2677fd4 100644
--- a/hosts/granodomus-lima.nix
+++ b/hosts/granodomus-lima.nix
@@ -52,7 +52,7 @@ in {
         name = "${name}.tammena.me";
         value = mkVirtHost {
           locations."/" = {
-            proxyPass = "http://${config.host}.taila034c.ts.net:${builtins.toString config.port}";
+            proxyPass = let ip = state.vpn.${config.host}.v4; in "http://${ip}:${builtins.toString config.port}";
             proxyWebsockets = true;
           };
           extraConfig =
@@ -123,6 +123,7 @@ in {
           ${point "todo" faunus-ater}
           ${point "config" faunus-ater}
           ${point "listen" faunus-ater}
+          ${point "eat" faunus-ater}
         '';
       };
     };
diff --git a/secrets/hosts/faunus-ater/secrets.yaml b/secrets/hosts/faunus-ater/secrets.yaml
index 8a8432b..f0aaacd 100644
--- a/secrets/hosts/faunus-ater/secrets.yaml
+++ b/secrets/hosts/faunus-ater/secrets.yaml
@@ -19,6 +19,7 @@ certificate-key-note-home: ENC[AES256_GCM,data:yuJwbgO/i6GzAawc9s6CAhwd/59vurhtb
 certificate-key-foto-home: ENC[AES256_GCM,data:0qAB2o30aHbpUQQ89YXWjMK2FBf1vtCHcGm/4Z6VcuhwdUV0wRa0Wb+WKuuNoT4Bbp6tZZqbjzlU68lv/rHqnKReZ6sr5u5HZwgbWpxnVORrfF7JEgkaP1F8NRsyodqIblwMP9bir6uQWRxof0OTXgnJhZU84QJItDBfsD0pfExmDQW5WlAAyrAVL13z/TBfddVPn3vU+CQIRnYt5RKtDNvaOa7XmXu8V7DuZJYYxUhnJfejFSpihoBo/Oxe/TwXzvxfTVYgbFYa/SZiBm6eGQbhO5ST3WJ0JDP3kT8mSmfqzXBLdBPJ2R+A8fF9ayLlRq4aEdFjUJQi1ojIuR6F1eSoxrIdSrDbz4+gZM4fJc2LAxjhdfg4j50Xwf6xOcdpAcz/GVGP93R1jWwo46I=,iv:SV0gXtwKTpVo3FtD7W0NpvZfaS0eFoNVP/F6k6zm+vw=,tag:NrDCn8QDudEIIbWQwPxI3Q==,type:str]
 certificate-key-listen-home: ENC[AES256_GCM,data:QhQnk7LYQqfel7aX16mZW0b7SEH7/BacwZVPSnLVqtnTQu3/05cu78K4svzE3p0Gw4alV1w54SMds83ly6orUKP5I+4yqNUlxyXW+U6e6biQy5cznZxbdRtjygb6TKkDB7uYq+f4VSGZuzXHK0YTSzrwcIRjztEkvNVZgqlAt5dlz+tnkSa8Gn+lN2zoC2HTS4OhYJIk/d7YCE47QChC/+2joTeyrogSbq56uIvv5eb8G98iDiUcrTYr91MyNH21S0BVGD0X2C3lu1iwdmOs5t5D9nl7KBdvj82/paK78U00fzIwlKgZMLQK0Qm2/O2JFyVNy6I/vFbQ2ORWGIUyHqK61IXgq/4ugOeQ5oINpNF64B9Z5Jv3TXYXMYivBwko6LUmsaBhW6vBc1rRmh8=,iv:JxeP7NEPKErmKu0+q6IxaxLoUTc6wsDUPWxwdrprEoM=,tag:nEcOYrZwCIv6Sx1Y0MirLA==,type:str]
 certificate-key-git-home: ENC[AES256_GCM,data:w9Cs0pepymB5P9SxF7eA2LdmnZO7jYUX355oQgJm94UsbNaleFE7QRs64qmv15jjMGNdie+Ux9LUSmqare3QCSS24JwErBHy1RSnwYwCKhdw8MtOBXT9qq07oO9lakd47SCb7rZLlxymwGPbvryOyPOKzb/bXyRc+c+3mYzac0CoG25WQjSbs8Qe18BLdgPCMe6o1i8qJeqBn74b4PDPgphNY3sbaQolKCyMYRk1aI72hARnXd7yJ2i8aQzSk2wsK0t71EMqaYo8k9uoOfMppcdrswHiNsc6TytZJNhSeqVCgrXIhqqeIvrXh706QmP9lgHA6K+exmkx7tL12tcNzz0BFJf8ayV5UPG58HgRqThvns17EJlbQN+e6pPFTI2Nxlfm7+53hD53TIxkYK0=,iv:LOGPPpteywTk1xa0Uhpl+W0WyAm08EqPFKbnsh1gBL8=,tag:ogMS5FZCdT3+ndOVMq/1wA==,type:str]
+certificate-key-eat-home: ENC[AES256_GCM,data:UdXwY5wuF/o6ybUfZjKQpN8BcMr9dR63aWjzEgEh+WEazoFw+utzXODxGx88f2Bldyc6aQD3YptPiQZUd/2t2cY5BDa5rX8QsSkMVPlKkT91+XqilFDM3nK8rEQR9W5XS0hoSXdzmO9+IJ39yEm1riyf8QIqKzRjXQ4FW5M+AfbBWBk3Y80QUHZqu2FQfrhikJ7qz5ZvnZ+yOYF0rhjlr/sIVBMycyPVbdak73vGhpfsBIBKkq1q+4xsDGkx+vfrMLi80en7HFAdOg7TLL1MtxzrsNgiSRbokJUMhnryv6FBX0WdKsoK1aG1P1vtzqT3+jYwOt4Tf9PQcEd66hzUpnBk3m4MVB1hM53gpmNEaYEmDQ7cLGEc1BNyT0Z4m8TAAHPVnkESqZrXUirpfXM=,iv:RiuPEkidAy4pmvgAhv+kTi46DLpKy0xqAKSRL4RonvY=,tag:mbV6h1U2wWvMiGfIid/u4Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -34,8 +35,8 @@ sops:
             ZzFxdmlXaTRCY2tUZndBSDlNeUVROVUKH1CxbcdwHR3ELn9YlGvO6YbGGg++wGZv
             97ez/ErXEOq/6IF6HzV3I9BsVV4WCJI2VTP8Lbiwt59qg5riH7CGJQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-14T10:44:01Z"
-    mac: ENC[AES256_GCM,data:CvPvHKS9oIeVW4Y3FDvvYkyopjBAnYL5xUOjfNNfNFxHKSM/ubAs53FKKVThxT9XOHqiCvq8ECMMvlM10/Z1jfukE/cGcj9sX/sczmxTrQq++HwnoRbg7scaIRYg6GKNelmC6pvXHe83RQUBDVCvgAnhEbQJ2PYC4MsGp+gPEX4=,iv:FEVkequY7RG3+wJq1yU7p4+45fxgSwFCiirhAICrO1g=,tag:T0S7KLux3Uh9B0oERok2FA==,type:str]
+    lastmodified: "2024-01-08T07:11:51Z"
+    mac: ENC[AES256_GCM,data:reqpsliDo+9wAkc6+SAwKrbyZH5oDI2O2qrJ3IfSJt/dGdFh/VupAdRIgaOMPmfdf+QREVfhIrQ2vHlEf7QrHUBcseTusuojgItrBw7r9xrwD0q9uPLxFFNhV7Oeo9iCrH/+uNZIhqGqJqeMglWROPx9mLQm0ZYp92skgWRJ06E=,iv:seRleBnn8hZvO8wfK/jPOw8Ts+DNOJny2XeZGU00W5U=,tag:pa08lf1CCDC4DOxc12p+zA==,type:str]
     pgp:
         - created_at: "2023-11-06T16:58:30Z"
           enc: |
diff --git a/secrets/pub/eat-home.crt b/secrets/pub/eat-home.crt
new file mode 100644
index 0000000..8f6c6b2
--- /dev/null
+++ b/secrets/pub/eat-home.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoTCCAUegAwIBAgIUXX7hG5icEqtRroxsclad4zGeRHMwCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDAxMDgwNzExNTBaFw0yNTAxMDcw
+NzExNTBaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABAEQY2ndpQJA2uAWFj6UYuW+LBqE5UWSEBcOc/AWZke1htTWRJXSxtpxSWvS
+AAGka2IIcVhDEQl4dwrfBlRZcjajeTB3MAsGA1UdDwQEAwIF4DATBgNVHSUEDDAK
+BggrBgEFBQcDATATBgNVHREEDDAKgghlYXQuaG9tZTAdBgNVHQ4EFgQUMS5TV1f1
+K1YW7kOwDqr7ify+cbUwHwYDVR0jBBgwFoAUAPrcD9smsvgt1yQ7GbIirWWZT6sw
+CgYIKoZIzj0EAwIDSAAwRQIgGqLC30CZIXw5yjKXfK2kanwr9t2C+iv1APZixiVR
+Rw8CIQCLy+lN8DXyl3hVau8LSoYT3Rb1QqiUownWc7pOl8YZwQ==
+-----END CERTIFICATE-----
diff --git a/state.nix b/state.nix
index dd3457e..cff9cbf 100644
--- a/state.nix
+++ b/state.nix
@@ -35,7 +35,7 @@
   };
   #### SERVICES ####
   # Information about which services run where
-  # Type: attrsOf { host: str, port: number }
+  # Type: attrsOf { host: str, port: number, external: bool }
   services = {
     git = {
       host = "faunus-ater";
@@ -52,5 +52,10 @@
       port = 2342;
       external = true;
     };
+    eat = {
+      host = "faunus-ater";
+      port = 9000;
+      external = true;
+    };
   };
 }