diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index 28c9faa..c1a4d1b 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -34,6 +34,7 @@
     ./containers/kanidm
     ./containers/siyuan
     ./containers/memos
+    ./containers/wakapi
     ./containers/teisu.nix
     ./containers/bots/pcre-sub-bot.nix
     ./containers/bots/channel-logger-bot.nix
@@ -99,6 +100,7 @@
   }];
 
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  boot.kernelParams = [ "efi_pstore.pstore_disable=0" ];
 
   services.desu-deploy = {
     enable = true;
diff --git a/hosts/koi/containers/wakapi/default.nix b/hosts/koi/containers/wakapi/default.nix
new file mode 100644
index 0000000..21a5e2f
--- /dev/null
+++ b/hosts/koi/containers/wakapi/default.nix
@@ -0,0 +1,77 @@
+{ abs, pkgs, config, ... }@inputs:
+
+let 
+  secrets = import (abs "lib/secrets.nix");
+
+  UID = 1115;
+in {
+  imports = [
+    (secrets.declare [
+      {
+        name = "wakapi-env";
+        owner = "wakapi";
+      }
+    ])
+  ];
+
+  users.users.wakapi = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "wakapi"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "wakapi" ];
+  desu.postgresql.ensurePasswords.wakapi = "wakapi";
+
+  systemd.services.docker-wakapi.after = [ "postgresql.service" ];
+  virtualisation.oci-containers.containers.wakapi = {
+    image = "ghcr.io/muety/wakapi:2.12.2";
+    volumes = [
+      "/srv/wakapi:/data"
+    ];
+
+    environment = {
+      WAKAPI_DB_TYPE = "postgres";
+      WAKAPI_DB_HOST = "172.17.0.1";
+      WAKAPI_DB_PORT = "5432";
+      WAKAPI_DB_NAME = "wakapi";
+      WAKAPI_DB_USER = "wakapi";
+      WAKAPI_DB_PASSWORD = "wakapi";
+      WAKAPI_DB_SSL = "false";
+
+      WAKAPI_PUBLIC_URL = "https://waka.stupid.fish";
+      WAKAPI_LISTEN_IPV4 = "0.0.0.0";
+      WAKAPI_LISTEN_IPV6 = "-";
+      WAKAPI_ALLOW_SIGNUP = "false";
+      WAKAPI_DISABLE_FRONTPAGE = "false";
+      WAKAPI_MAIL_SENDER = "waka.stupid.fish <alina@tei.su>";
+      WAKAPI_MAIL_SMTP_HOST = "smtp.mail.me.com";
+      WAKAPI_MAIL_SMTP_PORT = "587";
+      WAKAPI_MAIL_SMTP_USERNAME = "teidesu@icloud.com";
+      WAKAPI_MAIL_SMTP_TLS = "false";
+      WAKAPI_AVATAR_URL_TEMPLATE = "https://t.me/i/userpic/320/{username}.jpg";
+    };
+
+    environmentFiles = [
+      (secrets.file config "wakapi-env")
+    ];
+
+    user = "${builtins.toString UID}";
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /srv/wakapi 0700 ${builtins.toString UID} ${builtins.toString UID} -"
+  ];
+
+  services.nginx.virtualHosts."waka.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+
+    locations."/" = {
+      proxyPass = "http://wakapi.docker:3000$request_uri";
+      proxyWebsockets = true;
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/koi/services/coredns.nix b/hosts/koi/services/coredns.nix
index 58dd3eb..4339b30 100644
--- a/hosts/koi/services/coredns.nix
+++ b/hosts/koi/services/coredns.nix
@@ -15,6 +15,7 @@ let
     10.42.0.2 lore.stupid.fish
     10.42.0.2 id.stupid.fish
     10.42.0.2 pds.stupid.fish
+    10.42.0.2 waka.stupid.fish
     10.42.0.2 siyuan.tei.su
   '';