diff --git a/flake.lock b/flake.lock
index 95a25fb..3a38060 100644
--- a/flake.lock
+++ b/flake.lock
@@ -378,11 +378,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1725817295,
-        "narHash": "sha256-Ttif3k1NMUesHDxieUrkqLyy8KO9kugXbatw9aP1d/Y=",
+        "lastModified": 1725996724,
+        "narHash": "sha256-/qG2amIN/cMpkCXAM1/ThYeJgEt4Ik+gv/YOkyVa0kg=",
         "ref": "refs/heads/main",
-        "rev": "aa7b891f6e76ff86b28abd26d6073dfad723c99e",
-        "revCount": 70,
+        "rev": "9821d2162d2e2ee58ff65e12c986ef3a8f105058",
+        "revCount": 71,
         "type": "git",
         "url": "file:./secrets"
       },
diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix
index 8a5a816..53e4f79 100644
--- a/hosts/Hevana/default.nix
+++ b/hosts/Hevana/default.nix
@@ -191,6 +191,11 @@ in
         enable = true;
         ports = [ config.secrets.hosts.dimaga.ssh.port ];
       };
+      transmission = {
+        enable = false;
+        home = "${services-root}/transmission";
+        url = config.secrets.services.transmission.url;
+      };
       virtualization.host = {
         enable = true;
         user = "aires";
diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix
new file mode 100644
index 0000000..3ce86f4
--- /dev/null
+++ b/modules/services/transmission.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.aux.system.services.transmission;
+in
+{
+  options = {
+    aux.system.services.transmission = {
+      enable = lib.mkEnableOption "Enables Transmission.";
+      home = lib.mkOption {
+        default = "/var/lib/transmission";
+        type = lib.types.str;
+        description = "Where to store Transmission's files";
+      };
+      url = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The complete URL where Transmission is hosted.";
+        example = "https://transmission.example.com";
+      };
+    };
+
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = pkgs.util.getDomainFromURL cfg.url;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9091";
+          extraConfig = ''
+            proxy_pass_header  X-Transmission-Session-Id;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-Host $host;
+            proxy_set_header   X-Forwarded-Server $host;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            add_header         X-Frame-Options SAMEORIGIN;
+            add_header         Front-End-Https   on;
+          '';
+        };
+      };
+      transmission = {
+        enable = true;
+        home = cfg.home;
+      };
+    };
+
+    systemd.services = {
+      transmission.unitConfig.RequiresMountsFor = cfg.home;
+      nginx.wants = [ config.systemd.services.transmission.name ];
+    };
+  };
+}
diff --git a/secrets b/secrets
index aa7b891..9821d21 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit aa7b891f6e76ff86b28abd26d6073dfad723c99e
+Subproject commit 9821d2162d2e2ee58ff65e12c986ef3a8f105058