diff --git a/flake.lock b/flake.lock
index 64f5c0f9..b9351016 100644
--- a/flake.lock
+++ b/flake.lock
@@ -164,6 +164,29 @@
         "type": "github"
       }
     },
+    "invoiceplane-template": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1718578450,
+        "narHash": "sha256-Nl6/5AzCg6yoU7OlJrOz8h4w2ENXZyj3AuCFXKxZ/W0=",
+        "ref": "refs/heads/main",
+        "rev": "79b1fdc7af77863a48dd58b22af57f4729660284",
+        "revCount": 29,
+        "type": "git",
+        "url": "https://git.pub.solar/teutat3s/invoiceplane-templates.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.pub.solar/teutat3s/invoiceplane-templates.git"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -282,6 +305,7 @@
         "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",
         "home-manager": "home-manager",
+        "invoiceplane-template": "invoiceplane-template",
         "nix-darwin": "nix-darwin",
         "nixos-22-05": "nixos-22-05",
         "nixos-flake": "nixos-flake",
diff --git a/flake.nix b/flake.nix
index a55a2ac1..1527112f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,10 @@
 
     nixos-hardware.url = "github:nixos/nixos-hardware";
 
+    invoiceplane-template.url = "git+https://git.pub.solar/teutat3s/invoiceplane-templates.git";
+    invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
+    invoiceplane-template.inputs.flake-parts.follows = "flake-parts";
+
     # PubSolarOS additions
     triton-vmtools.url = "git+https://git.pub.solar/pub-solar/infra-vintage?ref=main&dir=vmtools";
     triton-vmtools.inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/default.nix b/hosts/default.nix
index 1fa0d609..399768e2 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -43,6 +43,7 @@
           ./fae
           self.nixosModules.pub-solar
           self.nixosModules.acme
+          self.nixosModules.invoiceplane
         ];
       };
 
diff --git a/hosts/fae/default.nix b/hosts/fae/default.nix
index c10600a3..365767ff 100644
--- a/hosts/fae/default.nix
+++ b/hosts/fae/default.nix
@@ -1,6 +1,7 @@
 {...}: {
   imports = [
     ./paperless.nix
+    ./invoiceplane.nix
     ./fae.nix
   ];
 }
diff --git a/hosts/fae/invoiceplane.nix b/hosts/fae/invoiceplane.nix
new file mode 100644
index 00000000..0664ec58
--- /dev/null
+++ b/hosts/fae/invoiceplane.nix
@@ -0,0 +1,73 @@
+{
+  flake,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  backupDir = "/var/lib/invoiceplane/backup";
+in {
+  security.acme.certs = {
+    "billing.faenix.eu" = {};
+  };
+
+  services.nginx.virtualHosts = {
+    "billing.faenix.eu" = {
+      forceSSL = true;
+      useACMEHost = "billing.faenix.eu";
+    };
+  };
+
+  services.invoiceplane = {
+    webserver = "nginx";
+    sites."billing.faenix.eu" = {
+      enable = true;
+
+      invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];
+
+      settings = {
+        IP_URL = "https://billing.faenix.eu";
+        DISABLE_SETUP = true;
+        SETUP_COMPLETED = true;
+      };
+
+      poolConfig = {
+        "pm" = "dynamic";
+        "pm.max_children" = 32;
+        "pm.max_requests" = 500;
+        "pm.max_spare_servers" = 4;
+        "pm.min_spare_servers" = 2;
+        "pm.start_servers" = 2;
+        "php_admin_value[date.timezone]" = "Europe/Berlin";
+        "php_admin_value[error_log]" = "/var/lib/invoiceplane/billing.faenix.eu/logs/php-error.log";
+        "php_admin_flag[display_errors]" = "off";
+        "php_admin_flag[log_errors]" = "on";
+        "catch_workers_output" = "yes";
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d '${backupDir}' 0700 root root - -"
+  ];
+
+  #services.restic.backups = {
+  #  invoiceplane = {
+  #    paths = [
+  #      backupDir
+  #      "/var/lib/invoiceplane/billing.faenix.eu"
+  #    ];
+  #    initialize = true;
+  #    passwordFile = config.age.secrets."restic-password".path;
+  #    # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
+  #    repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
+  #    backupPrepareCommand = ''
+  #      PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
+  #      ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
+  #    '';
+  #    rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
+  #  };
+  #};
+}
diff --git a/hosts/fae/paperless.nix b/hosts/fae/paperless.nix
index 33bde8fa..3d0594c5 100644
--- a/hosts/fae/paperless.nix
+++ b/hosts/fae/paperless.nix
@@ -57,6 +57,9 @@ in {
 
     virtualHosts = {
       "paperless.faenix.eu" = {
+        #listenAddresses = [
+        #  "192.168.13.35"
+        #];
         forceSSL = true;
         useACMEHost = "paperless.faenix.eu";
         locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";