diff --git a/nixarr/default.nix b/nixarr/default.nix
index 3884aa5..2c1f419 100644
--- a/nixarr/default.nix
+++ b/nixarr/default.nix
@@ -86,6 +86,7 @@ in {
     ./sonarr
     ./openssh
     ./prowlarr
+    ./flaresolverr
     ./transmission
     ./sabnzbd
     ../util
@@ -120,6 +121,7 @@ in {
         - [Bazarr](#nixarr.bazarr.enable)
         - [Lidarr](#nixarr.lidarr.enable)
         - [Prowlarr](#nixarr.prowlarr.enable)
+        - [Flaresolverr](#nixarr.flaresolverr.enable)
         - [Radarr](#nixarr.radarr.enable)
         - [Readarr](#nixarr.readarr.enable)
         - [Sonarr](#nixarr.sonarr.enable)
diff --git a/nixarr/flaresolverr/default.nix b/nixarr/flaresolverr/default.nix
new file mode 100644
index 0000000..68af86d
--- /dev/null
+++ b/nixarr/flaresolverr/default.nix
@@ -0,0 +1,115 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixarr.flaresolverr;
+  nixarr = config.nixarr;
+in {
+  options.nixarr.flaresolverr = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        Whether or not to enable the Flaresolverr service.
+
+        **Required options:** [`nixarr.enable`](#nixarr.enable)
+      '';
+    };
+
+    package = mkPackageOption pkgs "flaresolverr" {};
+
+    port = mkOption {
+      type = types.port;
+      default = 5055;
+      example = 12345;
+      description = "Flaresolverr port.";
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      defaultText = literalExpression ''!nixarr.flaresolverr.vpn.enable'';
+      default = !cfg.vpn.enable;
+      example = true;
+      description = "Open firewall for Flaresolverr";
+    };
+
+    vpn.enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
+
+        Route Jellyseerr traffic through the VPN.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> nixarr.enable;
+        message = ''
+          The nixarr.flaresolverr.enable option requires the
+          nixarr.enable option to be set, but it was not.
+        '';
+      }
+      {
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
+        message = ''
+          The nixarr.flaresolverr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
+    services.flaresolverr = {
+      enable = cfg.enable;
+      package = cfg.package;
+      openFirewall = cfg.openFirewall;
+      port = cfg.port;
+    };
+
+    # Enable and specify VPN namespace to confine service in.
+    systemd.services.flaresolverr.vpnConfinement = mkIf cfg.vpn.enable {
+      enable = true;
+      vpnNamespace = "wg";
+    };
+
+    # Port mappings
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
+      portMappings = [
+        {
+          from = defaultPort;
+          to = defaultPort;
+        }
+      ];
+    };
+
+    services.nginx = mkIf cfg.vpn.enable {
+      enable = true;
+
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+
+      virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = {
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = defaultPort;
+          }
+        ];
+        locations."/" = {
+          recommendedProxySettings = true;
+          proxyWebsockets = true;
+          proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
+        };
+      };
+    };
+  };
+}