diff --git a/nixarr/jellyseerr/default.nix b/nixarr/jellyseerr/default.nix
index 595475f..c779d72 100644
--- a/nixarr/jellyseerr/default.nix
+++ b/nixarr/jellyseerr/default.nix
@@ -9,6 +9,10 @@ with lib; let
   nixarr = config.nixarr;
   defaultPort = 5055;
 in {
+  imports = [
+    ./jellyseerr-module
+  ];
+
   options.nixarr.jellyseerr = {
     enable = mkOption {
       type = types.bool;
@@ -31,10 +35,6 @@ in {
       description = ''
         The location of the state directory for the Jellyseerr service.
 
-        > **Warning** this option does not work on the latest stable nixpkgs.
-        > If you are using an old version of nixpkgs, make sure to set the
-        > `jellyseerr.package` option to use the latest version from nixkpgs-unstable.
-
         > **Warning:** Setting this to any path, where the subpath is not
         > owned by root, will fail! For example:
         >
diff --git a/nixarr/jellyseerr/jellyseerr-module/default.nix b/nixarr/jellyseerr/jellyseerr-module/default.nix
new file mode 100644
index 0000000..dd44672
--- /dev/null
+++ b/nixarr/jellyseerr/jellyseerr-module/default.nix
@@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.util-nixarr.services.jellyseerr;
+in {
+  options = {
+    util-nixarr.services.prowlarr = {
+      enable = mkEnableOption "Jellyseerr";
+
+      package = mkPackageOption pkgs "jellyseerr" {};
+
+      user = mkOption {
+        type = types.str;
+        default = "jellyseerr";
+        description = "User account under which Jellyseerr runs.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "jellyseerr";
+        description = "Group under which Jellyseerr runs.";
+      };
+
+      configDir = mkOption {
+        type = types.str;
+        default = "/var/lib/jellyseerr";
+        description = "The directory where Jellyseerr stores its data files.";
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for the Jellyseerr web interface.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.tmpfiles.rules = [
+      "d '${cfg.configDir}' 0700 ${cfg.user} ${cfg.group} - -"
+    ];
+
+    systemd.services.prowlarr = {
+      description = "Jellyseerr, a requests manager for Jellyfin";
+      after = ["network.target"];
+      wantedBy = ["multi-user.target"];
+      environment = {
+        PORT = toString cfg.port;
+        CONFIG_DIRECTORY = cfg.configDir;
+      };
+
+      serviceConfig = {
+        Type = "exec";
+        StateDirectory = "jellyseerr";
+        User = cfg.user;
+        ExecStart = lib.getExe cfg.package;
+        Restart = "on-failure";
+        ProtectHome = true;
+        ProtectSystem = "strict";
+        PrivateTmp = true;
+        PrivateDevices = true;
+        ProtectHostname = true;
+        ProtectClock = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectKernelLogs = true;
+        ProtectControlGroups = true;
+        NoNewPrivileges = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        RemoveIPC = true;
+        PrivateMounts = true;
+      };
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [5055];
+    };
+
+    users.users = mkIf (cfg.user == "jellyseerr") {
+      jellyseerr = {
+        group = cfg.group;
+        home = cfg.configDir;
+        uid = 294;
+      };
+    };
+
+    users.groups = mkIf (cfg.group == "jellyseerr") {
+      jellyseerr = {};
+    };
+  };
+}