diff --git a/hosts/ghost.nix b/hosts/ghost.nix
index cf074f9..ff39490 100644
--- a/hosts/ghost.nix
+++ b/hosts/ghost.nix
@@ -78,6 +78,16 @@
     extraConfig.SINGLE_USER_MODE = "true";
   };
 
+  services.writefreely = {
+    enable = true;
+    acme.enable = true;
+    nginx.enable = true;
+    nginx.forceSSL = true;
+    host = "blog.lelgenio.xyz";
+    admin.name = "lelgenio";
+    admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
+  };
+
   services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
     forceSSL = true;
     enableACME = true;
diff --git a/secrets/ghost-writefreely.age b/secrets/ghost-writefreely.age
new file mode 100644
index 0000000..6650686
Binary files /dev/null and b/secrets/ghost-writefreely.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 991d30a..6d60a61 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,4 +8,5 @@ in
   "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
   "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
   "ghost-nextcloud.age".publicKeys = [ main_ssh_public_key ];
+  "ghost-writefreely.age".publicKeys = [ main_ssh_public_key ];
 }
diff --git a/system/secrets.nix b/system/secrets.nix
index 4243486..ebdb48c 100644
--- a/system/secrets.nix
+++ b/system/secrets.nix
@@ -11,10 +11,16 @@
     secrets.monolith-nix-serve-privkey.file =
       ../secrets/monolith-nix-serve-privkey.age;
     secrets.ghost-nextcloud = {
-      file = ../secrets/monolith-nix-serve-privkey.age;
+      file = ../secrets/ghost-nextcloud.age;
       mode = "400";
       owner = "nextcloud";
       group = "nextcloud";
     };
+    secrets.ghost-writefreely = {
+      file = ../secrets/ghost-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
   };
 }