diff --git a/configurations/nos/modules/default.nix b/configurations/nos/modules/default.nix
index c5071451..613d5215 100644
--- a/configurations/nos/modules/default.nix
+++ b/configurations/nos/modules/default.nix
@@ -3,11 +3,13 @@
     ./docker
     ./homepage
     ./jellyfin
-    ./qbittorrent
-    # FIXME: I need to actually do this properly before unleashing it on my library
-    # ./subtitles
     ./llm
     ./mergerfs
+    ./obsidian-livesync
+    ./qbittorrent
     ./snapraid
+
+    # FIXME: I need to actually do this properly before unleashing it on my library
+    # ./subtitles
   ];
 }
diff --git a/configurations/nos/modules/obsidian-livesync/default.nix b/configurations/nos/modules/obsidian-livesync/default.nix
new file mode 100644
index 00000000..81937104
--- /dev/null
+++ b/configurations/nos/modules/obsidian-livesync/default.nix
@@ -0,0 +1,57 @@
+{config, ...}: {
+  # The secret that is placed here must take the following form in the
+  # unencrypted yaml for this to work as it's appended directly to the couchdb.ini
+  # configuration via systemd Env statements. The username and password are the
+  # user/pass in your livesync config in obsidian
+
+  # obsidian: |
+  #   [admins]
+  #   yourusernamehere = yourpasswordhere
+
+  sops.secrets.obsidian-livesync = {
+    owner = config.services.couchdb.user;
+    group = config.services.couchdb.group;
+    mode = "440";
+  };
+
+  services.couchdb = {
+    enable = true;
+
+    bindAddress = "0.0.0.0";
+    port = 5984;
+
+    configFile = config.sops.secrets.obsidian-livesync.path;
+
+    # https://github.com/vrtmrz/obsidian-livesync/blob/main/docs/setup_own_server.md#configure
+    extraConfig = {
+      chttpd = {
+        enable_cors = true;
+        max_http_request_size = "4294967296";
+        require_valid_user = true;
+      };
+
+      chttpd_auth = {
+        authentication_redirect = "/_utils/session.html";
+        require_valid_user = true;
+      };
+
+      cors = {
+        credentials = true;
+        headers = "accept, authorization, content-type, origin, referer";
+        max_age = "3600";
+        methods = "GET,PUT,POST,HEAD,DELETE";
+        origins = "app://obsidian.md, capacitor://localhost, http://localhost";
+      };
+
+      couchdb = {
+        max_document_size = "50000000";
+        single_node = true;
+      };
+
+      httpd = {
+        WWW-Authenticate = "Basic realm=\"couchdb\"";
+        enable_cors = true;
+      };
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index 7d824811..bc2fa8bc 100644
Binary files a/flake.lock and b/flake.lock differ