diff --git a/configuration.nix b/configuration.nix
index 146637d..279ef52 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,6 +2,7 @@
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
+    ./goaccess.nix
   ];
 
   nix = {
@@ -27,6 +28,17 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoyFSuik6XRU2b+O4v9C1bc7rKJyjKgzUeaBaVNQKN6 vanilla-pinebook"
   ];
 
+  users.groups.www = {};
+  services.nginx.group = "www";
+
+  services.goaccess = {
+    enable = true;
+    user = "goaccess";
+    group = "www";
+    dir = "/var/www/goaccess";
+    host = "dash.danilafe.com";
+  };
+
   services.danilafe-blog = {
     enable = true;
     challengePath = "/var/www/challenges";
diff --git a/flake.lock b/flake.lock
index 0037356..bd6de5c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1637480492,
-        "narHash": "sha256-eVWiaNpvTmiTZMbyhd9BIwSKW2Y0Oi70ygEh3S43vbo=",
+        "lastModified": 1637541569,
+        "narHash": "sha256-v+fGbJVWBgt2p3/Sg+dKHuZvXDIWcp8QKhsypojMyN4=",
         "ref": "master",
-        "rev": "e2cf1e6c7f19b86545ffe7e285ee747c68bffdec",
-        "revCount": 90,
+        "rev": "d2bad7c5d5f57e3972d88c7a81e7890a53195c7d",
+        "revCount": 92,
         "type": "git",
         "url": "https://dev.danilafe.com/DanilaFe/blog-static-flake"
       },
@@ -24,11 +24,11 @@
     "blog-source": {
       "flake": false,
       "locked": {
-        "lastModified": 1637480217,
-        "narHash": "sha256-L4v3RL92iKBrNCFYH67dIAKRdPBgKksMiBbwDe/jyH4=",
+        "lastModified": 1637541528,
+        "narHash": "sha256-uQh5CuQ8PHrRjUaTrplGA28WA+sjmrpSsslBoCdZGcc=",
         "ref": "master",
-        "rev": "18f493675a431a0086b97d81ed3c3b089665307b",
-        "revCount": 512,
+        "rev": "e440630497ee1ea91e936f733a92740ff7cb13ac",
+        "revCount": 515,
         "submodules": true,
         "type": "git",
         "url": "https://dev.danilafe.com/Web-Projects/blog-static.git"
diff --git a/goaccess.nix b/goaccess.nix
new file mode 100644
index 0000000..4a522eb
--- /dev/null
+++ b/goaccess.nix
@@ -0,0 +1,49 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.services.goaccess;
+in {
+  options.services.goaccess = {
+    enable = mkEnableOption "GoAccess dashboard";
+    group = mkOption {
+      type = types.str;
+    };
+    user = mkOption {
+      type = types.str;
+    };
+    dir = mkOption {
+      type = types.str;
+    };
+    host = mkOption {
+      type = types.str;
+    };
+  };
+  config = mkIf cfg.enable {
+    systemd.services.goaccess = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      description = "GoAccess live dashboard";
+      serviceConfig = {
+        Type = "forking";
+        User = cfg.user;
+        ExecStart = "${pkgs.goaccess}/bin/goaccess  --ignore-crawlers -f /var/log/nginx/access.log --enable-panel=REFERRERS --enable-panel=KEYPHRASES --log-format COMBINED -o ${cfg.dir}/report.html --real-time-html";
+        Restart = "on-failure";
+      };
+    };
+    users.users."${cfg.user}" = {
+      isSystemUser = true;
+      description = "GoAccess runner";
+      group = cfg.group;
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.dir} 0755 ${cfg.user} ${cfg.group}"
+    ];
+
+    services.nginx.virtualHosts."${cfg.host}" = {
+      addSSL = true;
+      enableACME = true;
+      root = cfg.dir;
+    };
+  };
+}