diff --git a/configurations/nixos/pureintent/default.nix b/configurations/nixos/pureintent/default.nix
index f935bd1..213e415 100644
--- a/configurations/nixos/pureintent/default.nix
+++ b/configurations/nixos/pureintent/default.nix
@@ -12,6 +12,7 @@ in
     ./configuration.nix
     (self + /modules/nixos/linux/eternal-terminal.nix)
     (self + /modules/nixos/shared/github-runner.nix)
+    inputs.nix-serve-cloudflared.nixosModules.default
   ];
 
   home-manager.sharedModules = [
@@ -27,6 +28,28 @@ in
     }
   ];
 
+  # Cache key: cache.srid.ca:EGydqsWFaTZeW6vsXnOHclTXrmJ58gq/bkVYhRpuzQ8=
+  age.secrets."nix-serve-cloudflared/cache-key.pem" = {
+    file = self + /secrets/nix-serve-cloudflared/cache-key.pem.age;
+    mode = "0400";
+  };
+
+  age.secrets."nix-serve-cloudflared/cloudflared-credentials.json" = {
+    file = self + /secrets/nix-serve-cloudflared/cloudflared-credentials.json.age;
+    mode = "0400";
+  };
+
+  services.nix-serve-cloudflared = {
+    enable = true;
+    secretKeyFile = config.age.secrets."nix-serve-cloudflared/cache-key.pem".path;
+    cloudflare = {
+      tunnelId = "55569b77-5482-47c7-bf25-53d93b64d0c8";
+      credentialsFile = config.age.secrets."nix-serve-cloudflared/cloudflared-credentials.json".path;
+      domain = "cache.srid.ca";
+    };
+  };
+
+
   nix.settings.sandbox = "relaxed";
 
   services.openssh.enable = true;
diff --git a/flake.lock b/flake.lock
index 50a49cf..ef3d199 100644
--- a/flake.lock
+++ b/flake.lock
@@ -525,6 +525,22 @@
         "type": "github"
       }
     },
+    "nix-serve-cloudflared": {
+      "locked": {
+        "lastModified": 1759335502,
+        "narHash": "sha256-Dp15B4ou67oV+UiadNdJ5FIC4DBussh18uj0CWoMnd4=",
+        "owner": "srid",
+        "repo": "nix-serve-cloudflared",
+        "rev": "835228fbfeea670691bb738c911bdf24a7d304ea",
+        "type": "github"
+      },
+      "original": {
+        "owner": "srid",
+        "ref": "init",
+        "repo": "nix-serve-cloudflared",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1743167577,
@@ -831,6 +847,7 @@
         "nix-darwin": "nix-darwin",
         "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened",
         "nix-index-database": "nix-index-database",
+        "nix-serve-cloudflared": "nix-serve-cloudflared",
         "nixos-hardware": "nixos-hardware",
         "nixos-unified": "nixos-unified",
         "nixos-vscode-server": "nixos-vscode-server",
diff --git a/flake.nix b/flake.nix
index d3eb282..6186c19 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,13 @@
 {
   description = "Srid's NixOS / nix-darwin configuration";
 
+  nixConfig = {
+    substituters = [ "https://cache.srid.ca" ];
+    trusted-public-keys = [
+      "cache.srid.ca:EGydqsWFaTZeW6vsXnOHclTXrmJ58gq/bkVYhRpuzQ8="
+    ];
+  };
+
   inputs = {
     flake-parts.url = "github:hercules-ci/flake-parts";
 
@@ -33,6 +40,7 @@
     };
     try.url = "github:tobi/try";
     vira.url = "github:juspay/vira/shared-clone";
+    nix-serve-cloudflared.url = "github:srid/nix-serve-cloudflared/init";
 
     # Neovim
     nixvim.url = "github:nix-community/nixvim";
diff --git a/modules/home/all/vira.nix b/modules/home/all/vira.nix
index fef834b..2a7cb31 100644
--- a/modules/home/all/vira.nix
+++ b/modules/home/all/vira.nix
@@ -29,6 +29,7 @@ in
         imako = "https://github.com/srid/imako.git";
         emanote = "https://github.com/srid/emanote.git";
         ny = "https://github.com/nammayatri/nammayatri.git";
+        nix-serve-cloudflared = "https://github.com/srid/nix-serve-cloudflared.git";
       };
     };
   };
diff --git a/secrets/nix-serve-cloudflared/cache-key.pem.age b/secrets/nix-serve-cloudflared/cache-key.pem.age
new file mode 100644
index 0000000..f2be09b
--- /dev/null
+++ b/secrets/nix-serve-cloudflared/cache-key.pem.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 96IXNQ eOTGv7ZtSQllk+esZuxPRMcPb/ih/OPSUu1iWS+Stlc
+2taEhnjDLY5LMoTfKpHvpd8Oi9DPEsrsRxR1wiGAxOQ
+-> ssh-ed25519 Ysxvmg uk3DygJEdt0f0BT3IaZWMV1Y7+HfIAnwRJrGzzHu7Rw
+jOgpde4upZmucuWAFYfwcuwn2KZe7wR5egYSzxcKgqo
+-> ssh-ed25519 HQ+y9w u1SCNgeYWb4bzfP2YaQ4zAVjbLn4DjBmGtS1xMfEJiY
+OuVkqVdmtV2QOjiSGaBQpH0q2GdvopvnCXeAX8T9dU8
+-> ssh-ed25519 p0qplg OSQQqK71R7hqWjuX7CU0gCx4luSsThLRq9hYwBszdWw
+aZMcw0KVsSJw+K8U6h24O7ayjZbGmY+HlvlEZuwrIbs
+--- /pZ7brPYwugM8s4muiCLI0u/mPLNiXWRhiC2gXzhMQc
+rº­Ñ(†QŠyÇcš‹	Ä;—ûìZÕêõÜ**…¾ÃÕòÇîÐü$„!Õô-KŽ&¸Šé|<×Œ³/Ä¼Ìñé¸wçc‰R{Ú P€oYÞG­à~þõ×'ê³ÇÑiŸŸNbCoeÅáœ˜R´7(™aˆì_BçBGFC-5çØ_&Ø‰Ãt
\ No newline at end of file
diff --git a/secrets/nix-serve-cloudflared/cloudflared-credentials.json.age b/secrets/nix-serve-cloudflared/cloudflared-credentials.json.age
new file mode 100644
index 0000000..7259093
--- /dev/null
+++ b/secrets/nix-serve-cloudflared/cloudflared-credentials.json.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 96IXNQ 7mc1bNt7+SlS80zWIcESS3BDDbGX/Nzcv/HmpiJXPzk
+6BQtl69t0UcoaMZvYMydi5Ssn66DaRTbEYOE0zmnOS8
+-> ssh-ed25519 Ysxvmg nv9ndyVO9helRdywQnW+INIFfkR1eT17kfLIy9+PHlM
+7TGdyOl8Kac83H4L+6PgIOuYLJEwuoyDzN4aWjUhEqk
+-> ssh-ed25519 HQ+y9w g+FGOsvLMob1RaFOMdf8sWXwLwJenY9mUhGw0W6yYQg
+Y2Iix4zOUGRnpRca3HAiex22tNAc2EGEFqODMrEVj2U
+-> ssh-ed25519 p0qplg +5abAIfm6WBmQh+uGJSKX/wjn+kJZ4/zC++kRodwOGw
+HNLIOKPkelMnkkObjvALmYUxFiYBfmHmYm2eNNghPik
+--- RU/y77v3sDBXEmPlc4AOzAtUaNClgqq/Bqo1gXsrS+U
+‘s§+F|žUoTý †ý¢œÛg¤7ó72‘ÝˆTxÒ›y€Ý¯²Fôšðûu8éRûp=¡Øþ$Äü×®Xýé³@.	ðW–Æ×w¬‰K-ÈOy: ¹›p»ÖHz]¹ž€ÛhU$Võ»ýŸjÍöV×¤1ŠËÒ`Í¬JeVzÅV~í1¸(LK[ÇF[VœÌj‹Özd_lFJ3&äîu„›´™!2$Òå×Î®Ðºž y@ï‡‡¡}Uª0JN©e|{WPnóð‡[òÏO“Ó
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 720b3d4..e9a61fa 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,4 +14,6 @@ in
   "pureintent-basic-auth.age".publicKeys = users ++ systems;
   "gmail-app-password.age".publicKeys = users ++ systems;
   "hackage-password.age".publicKeys = users ++ systems;
+  "nix-serve-cloudflared/cache-key.pem.age".publicKeys = users ++ systems;
+  "nix-serve-cloudflared/cloudflared-credentials.json.age".publicKeys = users ++ systems;
 }