diff --git a/machines/hippocampus/secrets/pass.yaml b/machines/hippocampus/secrets/pass.yaml
index 9101ff2..251e783 100644
--- a/machines/hippocampus/secrets/pass.yaml
+++ b/machines/hippocampus/secrets/pass.yaml
@@ -3,6 +3,8 @@ nextcloud:
     s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
 jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
 anki: ENC[AES256_GCM,data:hUBKr/s1DDorlmbHDUvHtVSumw==,iv:Ekjt6dsncinHhM+dV/mxOjErBQpgKtPOVbmwGRy9XOE=,tag:zvfV9z3QROgsk4eznmxqDw==,type:str]
+tandoor-secret: ENC[AES256_GCM,data:/clEIU38M7lJ6+JbFSKWb5kKSUvxdGYPq2Hl9TjgijZtYIYFOleJQ9PiT+d/osmY/r0=,iv:Nulu93V+s9RBmEDRs2LXJXy7l0O/AeU0CwwtTNLGw2c=,tag:brRyVaWeUGLx1nt0MtcIEw==,type:str]
+tandoor-pass: ENC[AES256_GCM,data:Sjz2FuFm3bmqo9z2xckuIHq4qumQ2o/FA09DP7NQtngi,iv:M8BL8enwzGh4cp2hAtee99dC0VDxBvshNBiUp4QCVPQ=,tag:wMifwdLEMw4+M1EO5iywzw==,type:str]
 webdav: ENC[AES256_GCM,data:VLwkAn1Ly36c6E1Qkurz8+mfWiwh3SNOe37R0xKkQqpnUhsnTGDB1fWuf3J6jfhag3dMLemBj5JhQD/IYoP4QKk=,iv:TSpePZuzzv6I3NURNIFL8j6YivTEEJnvorRV/9Nanac=,tag:l2I6RsDsLNdw58L3GjL1Lg==,type:str]
 vaultenv: ENC[AES256_GCM,data:oTMhUU23v0SFImzDNjfqo3wn26ghqHGfArQl+K9E3u3YI9qmwdN/Z0dpLvT7TI01cdEIwM8ToKAd2HueymTHMT0wXMNAWMFVNm5lUot6U9kV+Pwfq3W+c8MygqXL/QVeFCzUsEa4ZvAE647+2JIkcI95H8mIWfenL0wA5O+OLiEz1fFykMbGBvWm7GM5oFWU9RXo0d5BAIaqd7D5oL3tgi2EnrtnVMJ8USgYA+d3TNCEatHO8ARwtCRhC8FK+86RowBlwiylIySuJiMScvzstB8TWVps4wo7xK0lZ8PUicFI2q+N+Q7B3x1hUW0Z2f4pmxAwb8qRxXZtA7B99bBjAwSwh1A301LYMAKJqELNiNOZ9xjl5r12fAOqP3ujJ84eacNVmsKFpA5HxIfUQBlkoHYRXfkd+Z8wz9fhzr53PvWHblr4eS+jCpJzSP98uyou4FYfMXoYOT9kzNNHGsWAoxLxQusehIaHyicG6uVE53wEQw/r9xeJeg==,iv:anKhX3TVyEeatnB/qjlce3g7cifrX8QlBJ/9UzWUa8k=,tag:BDccovkJBW8q0URMLBxbcQ==,type:str]
 minioRoot: ENC[AES256_GCM,data:z6+VkyRjWRSh8pu5gO58RRyGXT+Lvl+AVr37A5nXh6aj+q6SevNL7wLf9Joao4xmjXexKVavOhs/9OSBJpmbq0R+MRI=,iv:vrow7hvrTacnMi7sFnsuXwMOHrvr6c8YUTYFUry4E4U=,tag:fWfiEvkuSiXHIFqWnLiMiQ==,type:str]
@@ -25,8 +27,8 @@ sops:
             RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
             LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-05T19:47:17Z"
-    mac: ENC[AES256_GCM,data:PAPQ79DD7JoGbX1Hr4OlQA/0vyb8OzFDrSDz9OOkyviHuM69EpTswTQGxMaDiYRUs8vTDjS2gEH26PoApdB3Jn2iA9C1kYTm1kE5Wp0+DCkri+hrcS6FQAq6OX5Kuc6bvpWZLf51j8cPlHbwcSaQoLUOeK6+24vz37C0TCZL4To=,iv:WUD83eQbKc15jA0jQ7VOGz5hf4anNhEUctedhlSS6F4=,tag:DyKbZbfiZg4wsNL2Ahm5Aw==,type:str]
+    lastmodified: "2024-06-09T21:13:43Z"
+    mac: ENC[AES256_GCM,data:wmHB0pgZODb1RL3CBJqQix4V5nES4XpiGJLy8wuuoq20HMQpuE+Ofh4V+px59kJF4bcGyB71OXGlDbPkf3Crz3WJe0UtQjm9qH+c3hlRZMAYCK+5g11ANPUTznjXdCE1JuNWBCu25wYRprDOuPzpr7UZETEHzKBiu2kGI6FajoU=,iv:mhQGGIiSXaaFHLm5mtIyCxjMeHDhv6Sc5fB6cGml2Bo=,tag:BnKHFPK7bhFEp95+9v9SGw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/machines/hippocampus/servers/public.nix b/machines/hippocampus/servers/public.nix
index 37c2834..f711dd3 100644
--- a/machines/hippocampus/servers/public.nix
+++ b/machines/hippocampus/servers/public.nix
@@ -44,5 +44,8 @@
 
     # Webdav (for things like org-mobile)
     ./public/webdav.nix
+
+    # Recipe Manager
+    ./public/tandoor.nix
   ];
 }
diff --git a/machines/hippocampus/servers/public/tandoor.nix b/machines/hippocampus/servers/public/tandoor.nix
new file mode 100644
index 0000000..c05e3e7
--- /dev/null
+++ b/machines/hippocampus/servers/public/tandoor.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, lib, ... }: let
+  tandoor_user = "tandoor";
+in {
+  sops.secrets.tandoor-secret = {};
+  sops.secrets.tandoor-pass = {};
+  services.tandoor-recipes = {
+    enable = true;
+    port = 7666;
+    extraConfig = {
+      SECRET_KEY = config.sops.secrets.tandoor-secret.path;
+      DB_ENGINE = "django.db.backends.postgresql";
+      POSTGRES_HOST = "127.0.0.1";
+      POSTGRES_PORT = config.services.postgresql.port;
+      POSTGRES_USER = tandoor_user;
+      POSTGRES_DB = tandoor_user;
+      ENABLE_SIGNUP = "1";
+    };
+  };
+
+  systemd.services.tandoor-recipes = {
+    serviceConfig = {
+      EnvironmentFile = config.sops.secrets.tandoor-pass.path;
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    port = 5432;
+    ensureDatabases = [
+      tandoor_user
+    ];
+    ensureUsers = [{
+      name = tandoor_user;
+      ensureDBOwnership = true;
+      ensureClauses = {
+        createdb = true;
+      };
+    }];
+  };
+  
+  services.caddy.virtualHosts = {
+    "tandoor.syzygial.cc" = {
+      extraConfig = ''
+        reverse_proxy 127.0.0.1:${toString config.services.tandoor-recipes.port}
+      '';           
+    };
+  };
+}