diff --git a/machines/newton/secrets.yaml b/machines/newton/secrets.yaml
index 301adc9..3f5fa33 100644
--- a/machines/newton/secrets.yaml
+++ b/machines/newton/secrets.yaml
@@ -24,6 +24,8 @@ sso:
     felix:
         password-hash: ENC[AES256_GCM,data:4yOMOg3/RsijtXC7h73sIk3HDPq83xmSY7AaLeUbtPVZzjjZ/Qp+YiXpgL0fVsio1Pic3HyAzeVlWg0E,iv:23CdJQAhtpgrUZ1jVKiKYfgw5jQNVN6413Ew8ryJH6w=,tag:bds2Yd18gFtVDtgLkxMGkQ==,type:str]
         totp-secret: ENC[AES256_GCM,data:1fh22SICF19Svg6rLwUYs8oIBr0FV9dG30WWpPN751VbL104nQZcKnszbDox0hwuuotY7G8twYI=,iv:RrkNlJ9us8LDeQQUuexB1yvvYIbSElsB3VOm/4fBHzY=,tag:uv6Fwtk42atINufook7aAw==,type:str]
+matrix-bot:
+    password: ENC[AES256_GCM,data:LruowBkvNx2MgkChUvBFBl62zH39YzHyrNW6cfaUlzGr0DQ6WP5kFiju88VTVfje40jskhQsYqCabH5yrFaoQA==,iv:1fIRRVNNpLOGLQekACgmDdwyYRuryqjdTLOGGS+bVD8=,tag:CcFFw27rj7X9mtSvQj5pHw==,type:str]
 acme:
     inwx: ENC[AES256_GCM,data:tu3pdI2fAQPAwQNdIIk10Kkl0xBPBLx592UlYYEXxJX0YGddAhGMwDUqKTh/B5k9WW11cyoLoeTMnZPMzD15V1Qj,iv:UbbauJBjr3O4XnKRL9Pc3PdRGJqAhqO0PDNkvpyXH2o=,tag:YRVtRo8D0KLVCtWukW7GWw==,type:str]
 sops:
@@ -50,8 +52,8 @@ sops:
             NmNwT3N5UEVabFdLTDhseFRjeVZaWFkKL3HGFqfttU1tXY4OhnIr1ABFsHB0R0CX
             s6wxb0ilut32ijjtnGXMIIa9y6XsMTpYskTb9FdRP9VnQQGVrMfdew==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-16T15:46:59Z"
-    mac: ENC[AES256_GCM,data:Kwi+5HbVO63/wROufE0FjnjSJCbnaqwIWR03ru0WAfm9eN9Sfd1bydYqxKMlYNRmfrEpJCOFeSP7inTYbrrC5EaqHog9MGIXti3m7Kk+iLfr/N4PBROivWZzmzyRNnNmTfHG09Ql/QS6vIkN+s027McN9tUAFRSPo/JNIPhYPPs=,iv:F70fsuT8vdQR1tHj3Z/MtFTS8sRSrhDrhGFNWXbrX+g=,tag:Y4kRAJXfzBTgczSHNPHx0Q==,type:str]
+    lastmodified: "2023-04-30T22:49:27Z"
+    mac: ENC[AES256_GCM,data:Ni820Zyct7EN9R1pkEyEoVP63uQlqpMuM8TY3lqAOtr3uiot8R6xgrlgMTXaXHyjNY/7WdHzaX2VoCxO2UoDpttqwBcGz+cNKQgeBvGU+52bO8QeqX6SImYZ1aAuYaXznEnTr9XP8sZGEDpQ/b6H4HIHpNhITNyx9qG5zVRJhnc=,iv:XJHFtAXvlIHvZmgz0KLH99Lanbk0yyeKi4P+W06Kvb8=,tag:8UjGPxn6ZeyvAV7SNAOa7Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/machines/newton/services.nix b/machines/newton/services.nix
index 5073b82..9624a4d 100644
--- a/machines/newton/services.nix
+++ b/machines/newton/services.nix
@@ -24,6 +24,9 @@ in
   sops.secrets."grafana/password" = {
     owner = config.users.users.grafana.name;
   };
+  sops.secrets."matrix-bot/password" = {
+    owner = config.systemd.services.go-neb.serviceConfig.User;
+  };
 
   # List services that you want to enable:
   my.services = {
@@ -115,6 +118,10 @@ in
     alertmanager = {
       enable = true;
     };
+    matrix-bot = {
+      enable = true;
+      PasswortFile = secrets."matrix-bot/password".path;
+    };
     grafana = {
       enable = true;
       passwordFile = secrets."grafana/password".path;
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 902ff03..25ec50e 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -16,6 +16,7 @@
     ./jellyfin
     ./loki
     ./minecraft-server
+    ./matrix-bot
     ./mumble-server
     ./navidrome
     ./nextcloud
diff --git a/modules/services/matrix-bot/default.nix b/modules/services/matrix-bot/default.nix
new file mode 100644
index 0000000..db8a7c1
--- /dev/null
+++ b/modules/services/matrix-bot/default.nix
@@ -0,0 +1,65 @@
+# adjusted from: https://github.com/NixOS/nixos-org-configurations/blob/master/delft/eris/alertmanager-matrix-forwarder.nix
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.matrix-bot;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.matrix-bot = with lib; {
+    enable = mkEnableOption "enable matrix forwarding bot";
+    Username = mkOption {
+      type = types.str;
+      description = lib.mdDoc "Matrix bot name.";
+      example = "@bot:matrix.org";
+      default = "@stunkymonkey-bot:matrix.org";
+    };
+    PasswortFile = mkOption {
+      type = types.path;
+      description = lib.mdDoc "Password for the bot.";
+      example = "/run/secrets/password";
+    };
+    RoomID = mkOption {
+      type = types.str;
+      description = lib.mdDoc "Matrix room id.";
+      example = "!abcdefghijklmnopqr:matrix.org";
+      default = "!ZWnKiKLuQNBkBGMPCl:matrix.org";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create user so that we can set the ownership of the key to
+    # it. DynamicUser will not take full effect as a result of this.
+    users.users.go-neb = {
+      isSystemUser = true;
+      group = "go-neb";
+    };
+    users.groups.go-neb = { };
+
+    services.go-neb = {
+      enable = true;
+      baseUrl = "http://localhost";
+      secretFile = cfg.PasswortFile;
+      config = {
+        clients = [
+          {
+            UserId = cfg.Username;
+            AccessToken = "$CHANGEME";
+            DeviceID = "KIYFUKBRRK";
+            HomeServerUrl = "https://matrix-client.matrix.org";
+            Sync = true;
+            AutoJoinRooms = true;
+            DisplayName = "Stunkymonkey-Bot";
+          }
+        ];
+        services = [
+          {
+            ID = "echo_service";
+            Type = "echo";
+            UserId = cfg.Username;
+            Config = { };
+          }
+        ];
+      };
+    };
+  };
+}