diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index e2d338e1..ac1cb06b 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -246,6 +246,9 @@
 
 /modules/services/network-manager-applet.nix          @rycee
 
+/modules/services/pantalaimon.nix                     @jojosch
+/tests/modules/services/pantalaimon                   @jojosch
+
 /modules/services/parcellite.nix                      @gleber
 
 /modules/services/pass-secret-service.nix             @cab404
diff --git a/modules/misc/news.nix b/modules/misc/news.nix
index 7185c8c4..7a791200 100644
--- a/modules/misc/news.nix
+++ b/modules/misc/news.nix
@@ -2069,6 +2069,14 @@ in
           A new module is available: 'services.xidlehook'.
         '';
       }
+
+      {
+        time = "2021-06-07T20:44:00+00:00";
+        condition = hostPlatform.isLinux;
+        message = ''
+          A new module is available: 'services.pantalaimon'.
+        '';
+      }
     ];
   };
 }
diff --git a/modules/modules.nix b/modules/modules.nix
index 3139e7b0..8d0c46b7 100644
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -185,6 +185,7 @@ let
     (loadModule ./services/network-manager-applet.nix { })
     (loadModule ./services/nextcloud-client.nix { })
     (loadModule ./services/owncloud-client.nix { })
+    (loadModule ./services/pantalaimon.nix { condition = hostPlatform.isLinux; })
     (loadModule ./services/parcellite.nix { })
     (loadModule ./services/pass-secret-service.nix { condition = hostPlatform.isLinux; })
     (loadModule ./services/password-store-sync.nix { condition = hostPlatform.isLinux; })
diff --git a/modules/services/pantalaimon.nix b/modules/services/pantalaimon.nix
new file mode 100644
index 00000000..38662a34
--- /dev/null
+++ b/modules/services/pantalaimon.nix
@@ -0,0 +1,79 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.pantalaimon;
+
+  iniFmt = pkgs.formats.ini { };
+in {
+  meta.maintainers = [ maintainers.jojosch ];
+
+  options = {
+    services.pantalaimon = {
+      enable = mkEnableOption
+        "Pantalaimon, an E2EE aware proxy daemon for matrix clients";
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.pantalaimon;
+        defaultText = literalExample "pkgs.pantalaimon";
+        description =
+          "Package providing the <command>pantalaimon</command> executable to use.";
+      };
+
+      settings = mkOption {
+        type = iniFmt.type;
+        default = { };
+        defaultText = literalExample "{ }";
+        example = literalExample ''
+          {
+            Default = {
+              LogLevel = "Debug";
+              SSL = true;
+            };
+            local-matrix = {
+              Homeserver = "https://matrix.org";
+              ListenAddress = "127.0.0.1";
+              ListenPort = 8008;
+            };
+          }
+        '';
+        description = ''
+          Configuration written to
+          <filename>$XDG_CONFIG_HOME/pantalaimon/pantalaimon.conf</filename>.
+          </para><para>
+          See <link xlink:href="https://github.com/matrix-org/pantalaimon/blob/master/docs/manpantalaimon.5.md" /> or
+          <citerefentry>
+            <refentrytitle>pantalaimon</refentrytitle>
+            <manvolnum>5</manvolnum>
+          </citerefentry>
+          for options.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+
+    systemd.user.services = {
+      pantalaimon = {
+        Unit = {
+          Description =
+            "Pantalaimon - E2EE aware proxy daemon for matrix clients";
+          After = [ "network-online.target" ];
+        };
+
+        Service = {
+          ExecStart = "${cfg.package}/bin/pantalaimon -c ${
+              iniFmt.generate "pantalaimon.conf" cfg.settings
+            }";
+          Restart = "on-failure";
+        };
+
+        Install.WantedBy = [ "default.target" ];
+      };
+    };
+  };
+}
diff --git a/tests/default.nix b/tests/default.nix
index 1bbf8e89..2d855f5d 100644
--- a/tests/default.nix
+++ b/tests/default.nix
@@ -113,6 +113,7 @@ import nmt {
     ./modules/services/fluidsynth
     ./modules/services/kanshi
     ./modules/services/lieer
+    ./modules/services/pantalaimon
     ./modules/services/pbgopy
     ./modules/services/playerctld
     ./modules/services/polybar
diff --git a/tests/modules/services/pantalaimon/basic-configuration.nix b/tests/modules/services/pantalaimon/basic-configuration.nix
new file mode 100644
index 00000000..f04101c0
--- /dev/null
+++ b/tests/modules/services/pantalaimon/basic-configuration.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+  config = {
+    services.pantalaimon = {
+      enable = true;
+      package = pkgs.writeScriptBin "dummy-pantalaimon" "" // {
+        outPath = "@pantalaimon@";
+      };
+      settings = {
+        Default = {
+          LogLevel = "Debug";
+          SSL = true;
+        };
+        local-matrix = {
+          Homeserver = "https://matrix.org";
+          ListenAddress = "127.0.0.1";
+          ListenPort = 8008;
+        };
+      };
+    };
+
+    nmt.script = ''
+      serviceFile=home-files/.config/systemd/user/pantalaimon.service
+      assertFileExists $serviceFile
+      assertFileRegex $serviceFile 'ExecStart=@pantalaimon@/bin/pantalaimon -c /nix/store/.*-pantalaimon.conf'
+    '';
+  };
+}
diff --git a/tests/modules/services/pantalaimon/default.nix b/tests/modules/services/pantalaimon/default.nix
new file mode 100644
index 00000000..8c29efb4
--- /dev/null
+++ b/tests/modules/services/pantalaimon/default.nix
@@ -0,0 +1 @@
+{ pantalaimon-basic-configuration = ./basic-configuration.nix; }