diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index 1a26a8f9e24..7ddb11cf6ca 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -50,6 +50,8 @@ in
     polkituser = 28;
     uptimed = 29;
     ddclient = 30;
+    davfs2 = 31;
+    privoxy = 32;
     # When adding a uid, make sure it doesn't match an existing gid.
 
     nixbld = 30000; # start of range of uids
@@ -85,6 +87,8 @@ in
     video = 26;
     dialout = 27;
     polkituser = 28;
+    davfs2 = 31;
+    privoxy = 32;
     # When adding a gid, make sure it doesn't match an existing uid.
 
     users = 100;
diff --git a/modules/module-list.nix b/modules/module-list.nix
index e644a9bb77d..f152c2382f5 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -73,6 +73,7 @@
   ./services/networking/openfire.nix
   ./services/networking/openvpn.nix
   ./services/networking/portmap.nix
+  ./services/networking/privoxy.nix
   ./services/networking/ssh/lshd.nix
   ./services/networking/ssh/sshd.nix
   ./services/networking/tftpd.nix
diff --git a/modules/services/networking/privoxy.nix b/modules/services/networking/privoxy.nix
new file mode 100644
index 00000000000..4e2585aba81
--- /dev/null
+++ b/modules/services/networking/privoxy.nix
@@ -0,0 +1,103 @@
+{pkgs, config, ...}:
+
+let
+
+  inherit (pkgs.lib) mkOption mkIf singleton;
+
+  inherit (pkgs) privoxy;
+
+  stateDir = "/var/spool/privoxy";
+
+  privoxyUser = "privoxy";
+
+  modprobe = config.system.sbin.modprobe;
+
+  privoxyFlags = "--no-daemon ${privoxyCfg}";
+
+  privoxyCfg = pkgs.writeText "privoxy.conf" ''
+    listen-address  ${config.services.privoxy.listenAddress}
+    logdir          ${config.services.privoxy.logDir}
+    confdir         ${privoxy}/etc
+    filterfile      default.filter
+
+    ${config.services.privoxy.extraConfig}
+  '';
+
+in
+
+{
+
+  ###### interface
+  
+  options = {
+  
+    services.privoxy = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the machine as a HTTP proxy server.
+        '';
+      };
+
+      listenAddress = mkOption {
+        default = "127.0.0.1:8118";
+        description = ''
+          Address the proxy server is listening to.
+        '';
+      };
+
+      logDir = mkOption {
+        default = "/var/log/privoxy" ;
+        description = ''
+          Location for privoxy log files.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "" ;
+        description = ''
+          Extra configuration. Contents will be added verbatim to the configuration file.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.privoxy.enable {
+    environment.systemPackages = [ privoxy ];
+  
+    users.extraUsers = singleton
+      { name = privoxyUser;
+        uid = config.ids.uids.privoxy;
+        description = "privoxy daemon user";
+        home = stateDir;
+      };
+
+    jobs = singleton {
+
+      name = "privoxy";
+
+      startOn = "startup";
+      stopOn = "shutdown"; 
+
+      preStart = ''
+         mkdir -m 0755 -p ${stateDir}
+         chown ${privoxyUser} ${stateDir}
+
+         # Needed to run privoxy as an unprivileged user.
+         ${modprobe}/sbin/modprobe capability || true
+      '';
+
+      script = ''
+        ${privoxy}/sbin/privoxy ${privoxyFlags}
+      '';
+
+    };
+    
+  };
+  
+}