diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index ead812f..561a158 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -22,6 +22,7 @@
     ./services/redlib.nix
     ./services/jellyfin.nix
     ./services/qbittorrent.nix
+    ./services/microbin.nix
     # ./services/ddclient.nix
     ./filesystems
     ./hardware
diff --git a/hosts/nixos/lapetus/secrets.example.yaml b/hosts/nixos/lapetus/secrets.example.yaml
index cafa2d1..de61ef7 100644
--- a/hosts/nixos/lapetus/secrets.example.yaml
+++ b/hosts/nixos/lapetus/secrets.example.yaml
@@ -8,6 +8,6 @@ invidious_hmac_key: ...
 # contents of `credentials.json` file generated by `cloudflared tunnel create`
 cloudflare_tunnel_credentials: |
     ...
-microbin_end: |
+microbin_env: |
     MICROBIN_ADMIN_PASSWORD=...
     MICROBIN_UPLOAD_PASSWORD=...
diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml
index 430b82c..6bfc40a 100644
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@@ -4,7 +4,7 @@ grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQ
 grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str]
 invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
 cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
-microbin_end: ENC[AES256_GCM,data:BKpNrLJD9uwm5ci6iWLReLNfcPMaeNMxgR3qi7biMdwXyiJJ3DgwY5fQKmkJtvwDgZtDWAf9kc5Qrq2BBb+UiRKHSXZRRm38xBYbT8bVmQ==,iv:dezdvAkohS9skUCiVYweCgiUpcdWl4poG+0XLOcO0nA=,tag:Q6qhlWwBelNI5qNDy53vOw==,type:str]
+microbin_env: ENC[AES256_GCM,data:lyJMsYPjhuvSM/QsfVrFuHw2Q8A7JwRtsP5Vk5hTc8wSKNr9JfVPC/GTyfyg5qd2jV2KV4MXqYo1QrJTJIds6K4nfRrv59ezzw5mSERQMw==,iv:m/ewkJhWeMa6/wfDv2oLhFKnGzyt6byZQM5cV2347gI=,tag:7egHnwVFoazMH5ymGJQVfw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -29,8 +29,8 @@ sops:
             RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
             lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-09T12:59:03Z"
-    mac: ENC[AES256_GCM,data:w9N/RksullxikCGYjQU5cPS8cHmFrOAIALSt0gDRpAjfEs9uDmUwIvhnUEYj9aY3w/u7ypFxgmWxauf6R4vzyPLfVFWeFD5c8NVsZgaLNbDIajh6Ppm6WxylatqD8/oQOFNrY97QbXtgbEHMnh0Ie0P1cgxd2S6pTjdQ057EYUY=,iv:+dRKQleou8Uq+JqfGrxpf5Y5OWARjdWw5VXJTT0PY5c=,tag:ADpXbfZgNIZn2sDpTI7Vmw==,type:str]
+    lastmodified: "2024-05-09T13:04:55Z"
+    mac: ENC[AES256_GCM,data:B1M5tO66pBIVlT76oKZF6wWMzug4+gyTwNMLHmrTRicKcCq1kV57+57VdfCLy1Q1/BTWTLD9FBoWsRkbKE/Mg3vpDvPlGImVMVvH7izyoTAmmXZbWf/1aiMUpE1U2ZyunCM5R2CnfjyBVi9m6x2yPgcGqniBlaB8N28xiTntYbU=,iv:tUQ8w/bZ3AFWIrac+Xy29UZwd70Au79W4BafPkjhppI=,tag:Ndv5ZeY5GlOg5PBFEO0qiw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/nixos/lapetus/services/cloudflared.nix b/hosts/nixos/lapetus/services/cloudflared.nix
new file mode 100644
index 0000000..a513a11
--- /dev/null
+++ b/hosts/nixos/lapetus/services/cloudflared.nix
@@ -0,0 +1,16 @@
+{ config, ... }: {
+  sops.secrets.cloudflare_tunnel_credentials = {
+    sopsFile = ../secrets.yaml;
+    owner = config.services.cloudflared.user;
+    group = config.services.cloudflared.group;
+  };
+
+  satellite.cloudflared.tunnel = "347d9ead-a523-4f8b-bca7-3066e31e2952";
+  services.cloudflared = {
+    enable = true;
+    tunnels.${config.satellite.cloudflared.tunnel} = {
+      credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
+      default = "http_status:404";
+    };
+  };
+}
diff --git a/hosts/nixos/lapetus/services/diptime.nix b/hosts/nixos/lapetus/services/diptime.nix
index 698bda9..9a345d5 100644
--- a/hosts/nixos/lapetus/services/diptime.nix
+++ b/hosts/nixos/lapetus/services/diptime.nix
@@ -9,19 +9,4 @@
       rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464";
       sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk";
     });
-
-  sops.secrets.cloudflare_tunnel_credentials = {
-    sopsFile = ../secrets.yaml;
-    owner = config.services.cloudflared.user;
-    group = config.services.cloudflared.group;
-  };
-
-  services.cloudflared = {
-    enable = true;
-    tunnels."347d9ead-a523-4f8b-bca7-3066e31e2952" = {
-      credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
-      default = "http_status:404";
-      ingress."diptime.moonythm.dev" = "http://localhost:8416";
-    };
-  };
 }
diff --git a/hosts/nixos/lapetus/services/microbin.nix b/hosts/nixos/lapetus/services/microbin.nix
new file mode 100644
index 0000000..629432a
--- /dev/null
+++ b/hosts/nixos/lapetus/services/microbin.nix
@@ -0,0 +1,31 @@
+{ config, ... }:
+let port = 8418;
+in
+{
+  imports = [ ./cloudflared.nix ];
+
+  sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
+  services.cloudflared.tunnels =
+    config.satellite.cloudflared.proxy "bin.moonythm.dev" port;
+
+  services.microbin = {
+    enable = true;
+    dataDir = "/persist/state/var/lib/microbin";
+    settings = {
+      # High level settings
+      MICROBIN_ADMIN_USERNAME = "prescientmoon";
+      MICROBIN_PORT = toString port;
+      MICROBIN_DISABLE_TELEMETRY = "true";
+
+      # Toggle certain features
+      MICROBIN_READONLY = "true"; # Requires a password to upload
+      MICROBIN_QR = "true"; # Allows generating qr codes
+      MICROBIN_ETERNAL_PASTA = "true"; # Allows marking pastas to never be deleted
+
+      # Make UI more minimal
+      MICROBIN_HIDE_FOOTER = "true";
+      MICROBIN_HIDE_HEADER = "true";
+      MICROBIN_HIDE_LOGO = "true";
+    };
+  };
+}
diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix
new file mode 100644
index 0000000..5a266dc
--- /dev/null
+++ b/modules/nixos/cloudflared.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let cfg = config.satellite.cloudflared;
+in
+{
+  options.satellite.cloudflared = {
+    tunnel = lib.mkOption {
+      type = lib.types.string;
+      description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper";
+    };
+
+    proxy = lib.mkOption {
+      type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
+      description = "Helper function for generating a quick proxy config";
+    };
+  };
+
+  config.satellite.proxy = from: port: {
+    ${cfg.tunnel} = {
+      ingress.${from} = "http://localhost${toString port}";
+    };
+  };
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index e67c8cb..8470070 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -2,6 +2,7 @@
 
 {
   # example = import ./example.nix;
+  cloudflaredd = import ./cloudflared.nix;
   nginx = import ./nginx.nix;
   pounce = import ./pounce.nix;
 }