diff --git a/options/custom/containers/oryx.nix b/options/custom/containers/oryx.nix
new file mode 100644
index 0000000..1b793af
--- /dev/null
+++ b/options/custom/containers/oryx.nix
@@ -0,0 +1,42 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.custom.containers.oryx;
+in {
+  options.custom.containers.oryx.enable = mkOption {default = false;};
+
+  config = mkIf cfg.enable {
+    age.secrets = let
+      secret = filename: {
+        file = "${inputs.self}/secrets/${filename}";
+      };
+    in {
+      "${config.custom.profile}/oryx/.env" = secret "${config.custom.profile}/oryx/.env";
+    };
+
+    #?? arion-oryx pull
+    environment.shellAliases.arion-oryx = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.oryx.settings.out.dockerComposeYaml}";
+
+    virtualisation.arion.projects.oryx.settings.services = {
+      oryx.service = {
+        container_name = "oryx";
+        env_file = [config.age.secrets."${config.custom.profile}/oryx/.env".path];
+        image = "ossrs/oryx:5";
+
+        ports = [
+          "127.0.0.1:2022:2022" # HTTP
+          "1935:1935" # RTMP
+          "8000:8000/udp" # WebRTC
+          "10080:10080/udp" # SRT
+        ];
+
+        restart = "unless-stopped";
+        volumes = ["${config.custom.containers.directory}/oryx/data:/data"];
+      };
+    };
+  };
+}
diff --git a/profiles/server/default.nix b/profiles/server/default.nix
index 50a983e..2b57811 100644
--- a/profiles/server/default.nix
+++ b/profiles/server/default.nix
@@ -19,7 +19,8 @@
       mastodon.enable = true;
       netbox.enable = true;
       #// nextcloud.enable = true;
-      owncast.enable = true;
+      oryx.enable = true;
+      #// owncast.enable = true;
       #// redlib.enable = true;
       #// searxng.enable = true;
     };
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 04bfc7b..9d64ac3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -83,6 +83,7 @@ in {
   "server/netdata/parent.conf".publicKeys = server;
   "server/nextcloud/.env".publicKeys = server;
   "server/nextcloud/db.env".publicKeys = server;
+  "server/oryx/.env".publicKeys = server;
   "server/searxng/.env".publicKeys = server;
   "server/users/myned.pass".publicKeys = server;
   "server/users/root.pass".publicKeys = server;
diff --git a/secrets/server/oryx/.env b/secrets/server/oryx/.env
new file mode 100644
index 0000000..8f07b55
Binary files /dev/null and b/secrets/server/oryx/.env differ