diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 710421659..96a5f4854 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,6 +41,8 @@ in {
     ];
   };
 
+  makefu.taskserver.enable = true;
+
   krebs.nginx.servers.cgit = {
     server-names = [ "cgit.euer.krebsco.de" ];
     listen = [ "${external-ip}:80" "${internal-ip}:80" ];
@@ -86,6 +88,8 @@ in {
           21032
           # tinc-retiolum
           21031
+          # taskserver
+          53589
         ];
         allowedUDPPorts = [
           # tinc
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index f007a8418..0a10b1532 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -4,6 +4,7 @@ _:
   imports = [
     ./snapraid.nix
     ./umts.nix
+    ./taskserver.nix
   ];
 }
 
diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix
new file mode 100644
index 000000000..41247fff3
--- /dev/null
+++ b/makefu/3modules/taskserver.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.taskserver;
+
+  out = {
+    options.makefu.taskserver = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "taskserver";
+
+    workingDir = mkOption {
+      type = types.str;
+      default = "/var/lib/taskserver";
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.taskserver;
+    };
+
+
+  };
+
+  imp = {
+    environment.systemPackages = [ cfg.package ];
+    systemd.services.taskserver = {
+      description = "taskd server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      unitConfig = {
+        Documentation = "http://taskwarrior.org/docs/#taskd" ;
+        # https://taskwarrior.org/docs/taskserver/configure.html
+        ConditionPathExists = "${cfg.workingDir}/config";
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/taskd server --data ${cfg.workingDir}";
+        WorkingDirectory = cfg.workingDir;
+        PrivateTmp = true;
+        InaccessibleDirectories = "/home /boot /opt /mnt /media";
+        User = "taskd";
+      };
+    };
+
+    users.users.taskd = {
+      uid = genid "taskd";
+      home = cfg.workingDir;
+      createHome = true;
+    };
+    users.groups.taskd.gid = genid "taskd";
+  };
+
+in
+out
+
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index c64ee036e..fff92725e 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -9,8 +9,8 @@ in
     alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
-    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     mycube-flask = callPackage ./mycube-flask {};
+    nodemcu-uploader = callPackage ./nodemcu-uploader {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
     taskserver = callPackage ./taskserver {};
   };