diff --git a/.gitattributes b/.gitattributes
index 59bbd76..02fe85a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -4,3 +4,4 @@ secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt
 secrets/wg0.conf filter=git-crypt diff=git-crypt
 secrets/caddy_auth.nix filter=git-crypt diff=git-crypt
 secrets/matrix_reg_token.nix filter=git-crypt diff=git-crypt
+secrets/owntracks_caddy_auth.nix filter=git-crypt diff=git-crypt
diff --git a/configuration.nix b/configuration.nix
index 161bb79..15dcd60 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -21,6 +21,8 @@
     ./services/bitmagnet.nix
 
     ./services/matrix.nix
+
+    ./services/owntracks.nix
   ];
 
   systemd.targets = {
@@ -53,6 +55,8 @@
   boot = {
     kernelPackages = pkgs.linuxPackages;
 
+    kernelParams = [ "zfs.zfs_arc_max=2000000000" ];
+
     supportedFilesystems = [ "zfs" ];
     zfs.extraPools = [ "tank" ];
 
diff --git a/flake.lock b/flake.lock
index f5488de..fe6571c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -64,11 +64,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735609543,
-        "narHash": "sha256-2+sJqwaileD2izqMv/k6Z7iLlHOF8T4kRWflCGURzN4=",
+        "lastModified": 1736128264,
+        "narHash": "sha256-B2RuVaQBbVChPf9ZqRBEqUA09MCD5P/iBpOokoXd5gM=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "2faa9fdd8d29df54d6cec075055cf1dcf50de280",
+        "rev": "eefeae9b72d15f69e7264a6a87fba6ecc9782496",
         "type": "github"
       },
       "original": {
@@ -95,11 +95,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1735531152,
-        "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
+        "lastModified": 1736061677,
+        "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b",
+        "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 9bc4c54..166a722 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,6 +47,7 @@
           torrent = 6011;
           ollama = 11434;
           bitmagnet = 3333;
+          owntracks = 3825;
         };
 
         https = {
@@ -82,6 +83,10 @@
         jellyfin = {
           dir = services_dir + "/jellyfin";
         };
+
+        owntracks = {
+          data_dir = "/tank/services/owntracks";
+        };
       };
     in
     {
@@ -116,6 +121,7 @@
                 pkgs,
                 username,
                 home-manager,
+                stateVersion,
                 ...
               }:
               {
diff --git a/home.nix b/home.nix
index cda675a..893dae0 100644
--- a/home.nix
+++ b/home.nix
@@ -1,4 +1,9 @@
-{ pkgs, username, ... }:
+{
+  pkgs,
+  username,
+  stateVersion,
+  ...
+}:
 {
   home.stateVersion = "24.11";
   programs.fish =
diff --git a/secrets/owntracks_caddy_auth.nix b/secrets/owntracks_caddy_auth.nix
new file mode 100644
index 0000000..f353a8b
Binary files /dev/null and b/secrets/owntracks_caddy_auth.nix differ
diff --git a/services/caddy.nix b/services/caddy.nix
index 4c887ab..0d62bb3 100644
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -69,6 +69,11 @@ in
       "${matrix_hostname}:8448".extraConfig =
         config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
         }".extraConfig;
+
+      "owntracks.${service_configs.https.domain}".extraConfig = ''
+        ${import ../secrets/owntracks_caddy_auth.nix}
+        reverse_proxy :${builtins.toString service_configs.ports.owntracks}
+      '';
     };
   };
 
diff --git a/services/owntracks.nix b/services/owntracks.nix
new file mode 100644
index 0000000..458f7b4
--- /dev/null
+++ b/services/owntracks.nix
@@ -0,0 +1,34 @@
+{ pkgs, service_configs, ... }:
+let
+  owntracks_pkg = pkgs.owntracks-recorder.overrideAttrs (old: {
+    installPhase =
+      old.installPhase
+      + ''
+        mkdir -p $out/usr/share/ot-recorder
+        cp -R docroot/* $out/usr/share/ot-recorder'';
+  });
+in
+{
+  users.groups.owntracks = { };
+  users.users.owntracks = {
+    isNormalUser = true;
+    group = "owntracks";
+  };
+
+  systemd.services.owntracks = {
+    enable = true;
+    description = "Store and access data published by OwnTracks apps";
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      User = "owntracks";
+      Group = "owntracks";
+      WorkingDirectory = "${owntracks_pkg}";
+      ExecStart = "${owntracks_pkg}/bin/ot-recorder -S ${service_configs.owntracks.data_dir} --doc-root usr/share/ot-recorder --http-port ${builtins.toString service_configs.ports.owntracks} --port 0";
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${service_configs.owntracks.data_dir} 0750 owntracks owntracks"
+  ];
+}