diff --git a/.sops.yaml b/.sops.yaml
index ccc0c69..c94db3e 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,7 +2,7 @@ keys:
   - &host_burnham age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
   - &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
   - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
-  - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
+  - &host_morn age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
   - &user_felixalb_sisko age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
   - &user_felixalb_worf age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
 
@@ -35,3 +35,10 @@ creation_rules:
       - *host_defiant
       - *user_felixalb_sisko
       - *user_felixalb_worf
+
+  - path_regex: secrets/morn/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_morn
+      - *user_felixalb_sisko
+      - *user_felixalb_worf
diff --git a/hosts/morn/configuration.nix b/hosts/morn/configuration.nix
index c9f996d..cb23457 100644
--- a/hosts/morn/configuration.nix
+++ b/hosts/morn/configuration.nix
@@ -8,8 +8,9 @@
       ../../common/auto-upgrade.nix
       ./hardware-configuration.nix
 
-      ./services/nginx.nix
       ./services/glance
+      ./services/miniflux.nix
+      ./services/nginx.nix
   ];
 
   networking = {
@@ -23,7 +24,7 @@
     hostId = "89b7722d";
   };
 
-  sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
+  sops.defaultSopsFile = ../../secrets/morn/morn.yaml;
 
   environment.variables = { EDITOR = "vim"; };
 
diff --git a/hosts/morn/services/miniflux.nix b/hosts/morn/services/miniflux.nix
new file mode 100644
index 0000000..3886975
--- /dev/null
+++ b/hosts/morn/services/miniflux.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "rss.home.feal.no";
+  listen_addr = "127.0.1.2:5051";
+in {
+  sops.secrets."miniflux/env" = { };
+
+  services.miniflux = {
+    enable = true;
+    adminCredentialsFile = config.sops.secrets."miniflux/env".path;
+    config = {
+      CREATE_ADMIN = "1";
+
+      LISTEN_ADDR = listen_addr;
+      BASE_URL = "http://${domain}";
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    locations."/".proxyPass = "http://${listen_addr}";
+  };
+}
+
diff --git a/secrets/morn/morn.yaml b/secrets/morn/morn.yaml
new file mode 100644
index 0000000..eb1335a
--- /dev/null
+++ b/secrets/morn/morn.yaml
@@ -0,0 +1,35 @@
+miniflux:
+    env: ENC[AES256_GCM,data:JnpUwtRDT92u+GZFsBu3Igw13GXYu1NhfWyEDacP7LshfgP9zxclYipCbdzbMDdSf7Ml715b7jRUoKpnSCQcdW9H/c4t,iv:KxfehvNVq1UFp7v6gE95m0bKT2+0dde6wdyNtGiH7UE=,tag:NFbqJlz+wFd+R2EBG8BWKg==,type:str]
+sops:
+    age:
+        - recipient: age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMzBkNUlHM1NENVA1aDcz
+            MnVvbWZWNnB2SVVUeElJNGdFYjNycmRGd2lvCldvL1pwcjZqQklSZ2pINC9Hd1RJ
+            RnJHcHUrRVpBeHhER1hhQUsyZTRmaHcKLS0tIHB1ZzlvdE9CMFI5ZGl1cVA3Q3d2
+            dm9WS1hkV1VidFFUdUxKMkpFZ050d2sKySDZkjDii9zc2Im3uT0kaTILvB6Ya6/B
+            DC7NMt1E0UFz8HYNdJ+Go2icNWSyJeilBisTPaLQkMxfgHfNVwdAZw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZjdVcmFIUDdLTjhqVnV4
+            UHRUUTg0Ni9JTUx6bnh5emltTHhDSlozdFRZCllhZTVjZWRjVzhLanRuYzVpWWw5
+            SEtiNlBhRmVRK1FYaHg2SW9MNWNpczQKLS0tIEVGeTM5TGI2SGttdEhPOXgxRXNU
+            dWxKOXN4d2VUNG9YZGNPZW9jc1l2T1UKxeEn1BTTkxNK5gmyg/AkN0XUIA5+7bsh
+            G4mbFMw8Ypaiyq+Gc5qP+GgMbTX7lu/UXyFSeW6DToIVjaxk94uyAA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneDQ0SGcrbDUwK211WVBs
+            QXZneEVkK0drQkNMOHAxR1k4cVIzUHhaZmt3Cm5CaHdubFFSbjNNRnhBYmQ3b01s
+            ODRoNHdBQ1dmTzBaWFJZS0pxNnRCTzAKLS0tIDE4c2xtQk1PRGg0NkFKT3Z5ZHJ2
+            Sy94cTA1d280YUZpUy8xd2F4RG56elkK90ZHB/0UlmwnzJTv9R01xx+MRTsJMIqJ
+            1wc8f8sng/g8kKbmUv0z9hXkOyrShfI4ZRiwoi2JXvwdDTArgz00Hg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-06T21:55:46Z"
+    mac: ENC[AES256_GCM,data:GQ6c/T5eEXmN/exfzi7YJx8GIpN9hAPL1obJ/RSs2UEOhPKhzp5wrsUYAVMmowMDMswjJ995GhonWcMoBfw2tXymBeZ4lcutqtu3i8awTRAV3VrdXmk2Hvi2Kv6bNYh+rZtKKU5a9rAmZAENBomjOM8C/u7ykWG2Iqk46bc/UuM=,iv:hoaYUguhuECsDjYQQ9tHugoIiBvjP8PlQV4+IjgnfSQ=,tag:u+W7P8MzYOx8/OD7K/Lh7w==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
diff --git a/shell.nix b/shell.nix
index ccc31db..e7b4ed0 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,8 +1,9 @@
 { pkgs ? import <nixpkgs> {} }:
 pkgs.mkShell {
   nativeBuildInputs = with pkgs; [
-    sops
     gnupg
+    sops
+    ssh-to-age
   ];
 }