diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index f6f6f9c6c47..0072ac862e1 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6680,6 +6680,12 @@
     githubId = 178444;
     name = "Thomas Bereknyei";
   };
+  tomfitzhenry = {
+    email = "tom@tom-fitzhenry.me.uk";
+    github = "tomfitzhenry";
+    githubId = 61303;
+    name = "Tom Fitzhenry";
+  };
   tomsmeets = {
     email = "tom.tsmeets@gmail.com";
     github = "tomsmeets";
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 13a7867b772..247039b848d 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -321,6 +321,7 @@
   ./services/games/factorio.nix
   ./services/games/minecraft-server.nix
   ./services/games/minetest-server.nix
+  ./services/games/openarena.nix
   ./services/games/terraria.nix
   ./services/hardware/acpid.nix
   ./services/hardware/actkbd.nix
diff --git a/nixos/modules/services/games/openarena.nix b/nixos/modules/services/games/openarena.nix
new file mode 100644
index 00000000000..b7d1aea6b8d
--- /dev/null
+++ b/nixos/modules/services/games/openarena.nix
@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.openarena;
+in
+{
+  options = {
+    services.openarena = {
+      enable = mkEnableOption "OpenArena";
+
+      openPorts = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to open firewall ports for OpenArena";
+      };
+
+      extraFlags = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''Extra flags to pass to <command>oa_ded</command>'';
+        example = [
+          "+set dedicated 2"
+          "+set sv_hostname 'My NixOS OpenArena Server'"
+          # Load a map. Mandatory for clients to be able to connect.
+          "+map oa_dm1"
+        ];
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall = mkIf cfg.openPorts {
+      allowedUDPPorts = [ 27960 ];
+    };
+
+    systemd.services.openarena = {
+      description = "OpenArena";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        DynamicUser = true;
+        StateDirectory = "openarena";
+        ExecStart = "${pkgs.openarena}/bin/openarena-server +set fs_basepath ${pkgs.openarena}/openarena-0.8.8 +set fs_homepath /var/lib/openarena ${concatStringsSep " " cfg.extraFlags}";
+        Restart = "on-failure";
+
+        # Hardening
+        CapabilityBoundingSet = "";
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+      };
+    };
+  };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 694376b9d36..ea1490ad13a 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -202,6 +202,7 @@ in
   novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
   nsd = handleTest ./nsd.nix {};
   nzbget = handleTest ./nzbget.nix {};
+  openarena = handleTest ./openarena.nix {};
   openldap = handleTest ./openldap.nix {};
   opensmtpd = handleTest ./opensmtpd.nix {};
   openssh = handleTest ./openssh.nix {};
diff --git a/nixos/tests/openarena.nix b/nixos/tests/openarena.nix
new file mode 100644
index 00000000000..4cc4db22963
--- /dev/null
+++ b/nixos/tests/openarena.nix
@@ -0,0 +1,36 @@
+import ./make-test.nix ({ pkgs, ...} : {
+  name = "openarena";
+  meta = with pkgs.stdenv.lib.maintainers; {
+    maintainers = [ tomfitzhenry ];
+  };
+
+  machine =
+    { pkgs, ... }:
+
+    { imports = [];
+      environment.systemPackages = with pkgs; [
+        socat
+      ];
+      services.openarena = {
+        enable = true;
+        extraFlags = [
+          "+set dedicated 2"
+          "+set sv_hostname 'My NixOS server'"
+          "+map oa_dm1"
+        ];
+      };
+    };
+
+  testScript =
+    ''
+      $machine->waitForUnit("openarena.service");
+      $machine->waitUntilSucceeds("ss --numeric --udp --listening | grep -q 27960");
+
+      # The log line containing 'resolve address' is last and only message that occurs after
+      # the server starts accepting clients.
+      $machine->waitUntilSucceeds("journalctl -u openarena.service | grep 'resolve address: dpmaster.deathmask.net'");
+
+      # Check it's possible to join the server.
+      $machine->succeed("echo -n -e '\\xff\\xff\\xff\\xffgetchallenge' | socat - UDP4-DATAGRAM:127.0.0.1:27960 | grep -q challengeResponse");
+    '';
+})
diff --git a/pkgs/games/openarena/default.nix b/pkgs/games/openarena/default.nix
index 141e0151cfb..63abc5d609c 100644
--- a/pkgs/games/openarena/default.nix
+++ b/pkgs/games/openarena/default.nix
@@ -25,10 +25,16 @@ stdenv.mkDerivation {
       patchelf --set-interpreter "${interpreter}" "${gameDir}/openarena.x86_64"
       makeWrapper "${gameDir}/openarena.x86_64" "$out/bin/openarena" \
         --prefix LD_LIBRARY_PATH : "${libPath}"
+      patchelf --set-interpreter "${interpreter}" "${gameDir}/oa_ded.x86_64"
+      makeWrapper "${gameDir}/oa_ded.x86_64" "$out/bin/openarena-server" \
+        --prefix LD_LIBRARY_PATH : "${libPath}"
     '' else ''
       patchelf --set-interpreter "${interpreter}" "${gameDir}/openarena.i386"
       makeWrapper "${gameDir}/openarena.i386" "$out/bin/openarena" \
         --prefix LD_LIBRARY_PATH : "${libPath}"
+      patchelf --set-interpreter "${interpreter}" "${gameDir}/oa_ded.i386"
+      makeWrapper "${gameDir}/oa_ded.i386" "$out/bin/openarena-server" \
+        --prefix LD_LIBRARY_PATH : "${libPath}"
     ''}
   '';