diff --git a/modules/modules/services/proxy.nix b/modules/modules/services/proxy.nix
new file mode 100644
index 0000000..3254f0b
--- /dev/null
+++ b/modules/modules/services/proxy.nix
@@ -0,0 +1,37 @@
+{ config, options, lib, ... }:
+with lib;
+with lib.hlissner;
+let
+  cfg = config.modules.services.proxy;
+in
+{
+  options.modules.services.proxy = {
+    enable = mkBoolOpt false;
+    port = mkOpt types.port 49494;
+    listen-address = mkOpt types.string "localhost:8118";
+    ssh-connect-string = "infinidoge@server.doge-inc.net -S none -i /home/infinidoge/.ssh/id_ed25519 -v";
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      privoxy = {
+        enable = true;
+
+        settings = {
+          inherit (cfg) listen-address;
+          enable-edit-actions = true;
+          forward-socks5 = "/ 127.0.0.1:${toString cfg.port} .";
+        };
+      };
+
+      ssh-tunnel = {
+        enable = true;
+        server = cfg.ssh-connect-string;
+        requiredBy = [ "privoxy.service" ];
+        forwards.dynamic = [ 49494 ];
+      };
+    };
+
+    networking.proxy.default = cfg.listen-address;
+  };
+}
diff --git a/profiles/services/proxy.nix b/profiles/services/proxy.nix
deleted file mode 100644
index 636b5a6..0000000
--- a/profiles/services/proxy.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ ... }:
-let
-  listen-address = "localhost:8118";
-in
-{
-  services = {
-    privoxy = {
-      enable = true;
-
-      settings = {
-        inherit listen-address;
-        enable-edit-actions = true;
-        forward-socks5 = "/ 127.0.0.1:49494 .";
-      };
-    };
-
-    ssh-tunnel = {
-      enable = true;
-      server = "infinidoge@server.doge-inc.net -S none -i /home/infinidoge/.ssh/id_ed25519 -v";
-      requiredBy = [ "privoxy.service" ];
-      forwards.dynamic = [ 49494 ];
-    };
-  };
-
-  networking.proxy.default = listen-address;
-}