diff --git a/nixos/pkgs/default.nix b/nixos/pkgs/default.nix
index 474cd5b4463bd09a3d117c6a9c85d5c949d65ed4..9bf482c22ef51380d646d9d07bcba2576caec1f4 100644
--- a/nixos/pkgs/default.nix
+++ b/nixos/pkgs/default.nix
@@ -10,6 +10,7 @@ let
     dotnet-sdk = callPackage ./dotnet-sdk { };
     haskell-ide-engine = (import ./haskell-ide-engine { inherit pkgs; }).haskell-ide-engine;
     neovim = (import ./neovim {inherit pkgs; }).neovim;
+    nginx-sso = callPackage ./nginx-sso {};
   };
 
 in newpkgs
diff --git a/nixos/pkgs/nginx-sso/default.nix b/nixos/pkgs/nginx-sso/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..5ab803aca01638eecbbfb053eafb346e0121187f
--- /dev/null
+++ b/nixos/pkgs/nginx-sso/default.nix
@@ -0,0 +1,28 @@
+{ buildGoPackage, fetchFromGitHub, stdenv }:
+
+buildGoPackage rec {
+  pname = "nginx-sso";
+  version = "0.23.0";
+  rev = "v${version}";
+
+  goPackagePath = "github.com/Luzifer/nginx-sso";
+
+  src = fetchFromGitHub {
+    inherit rev;
+    owner = "Luzifer";
+    repo = "nginx-sso";
+    sha256 = "1wfk56xnjbx7cwrryrl3jy8zw7sz8akq55nsxiq2i6h3vafy4yaz";
+  };
+
+  postInstall = ''
+    mkdir -p $bin/share
+    cp -R $src/frontend $bin/share
+  '';
+
+  meta = with stdenv.lib; {
+    description = "SSO authentication provider for the auth_request nginx module";
+    homepage = https://github.com/Luzifer/nginx-sso;
+    license = licenses.asl20;
+    platforms = platforms.unix;
+  };
+}
\ No newline at end of file