diff --git a/modules/services/nextdns/default.nix b/modules/services/nextdns/default.nix
new file mode 100644
index 0000000..b4a87c3
--- /dev/null
+++ b/modules/services/nextdns/default.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.nextdns;
+  nextdns = pkgs.nextdns;
+
+in {
+  options = {
+    services.nextdns = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description =
+          "Whether to enable the NextDNS DNS/53 to DoH Proxy service.";
+      };
+      arguments = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        example = [ "-config" "10.0.3.0/24=abcdef" ];
+        description = "Additional arguments to be passed to nextdns run.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ nextdns ];
+
+    launchd.user.agents.nextdns = {
+      path = [ nextdns ];
+      script = ''
+        "${pkgs.nextdns}/bin/nextdns run ${escapeShellArgs cfg.arguments}";
+      '';
+
+      serviceConfig.KeepAlive = true;
+      serviceConfig.RunAtLoad = true;
+    };
+
+  };
+}