diff --git a/hosts/servers/db-01.nix b/hosts/servers/db-01.nix
index 5bbd2c5..5d6fa66 100644
--- a/hosts/servers/db-01.nix
+++ b/hosts/servers/db-01.nix
@@ -20,6 +20,7 @@
       "authelia"
       "forgejo"
       "kinky-vaultwarden"
+      "kinky-docuseal"
       "lldap"
       "mealie"
     ];
@@ -40,6 +41,10 @@
         name = "kinky-vaultwarden";
         ensureDBOwnership = true;
       }
+      {
+        name = "kinky-docuseal";
+        ensureDBOwnership = true;
+      }
       {
         name = "lldap";
         ensureDBOwnership = true;
@@ -59,6 +64,7 @@
       "authelia"
       "forgejo"
       "kinky-vaultwarden"
+      "kinky-docuseal"
       "lldap"
       "mealie"
     ];
diff --git a/hosts/servers/hosting-01.nix b/hosts/servers/hosting-01.nix
index e87b520..12ae1ff 100644
--- a/hosts/servers/hosting-01.nix
+++ b/hosts/servers/hosting-01.nix
@@ -153,6 +153,26 @@ in
     };
   };
 
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      docuseal = {
+        image = "docuseal/docuseal:latest";
+        ports = [ "3001:3000" ];
+        environmentFiles = [ config.sops.secrets.docusealEnvironment.path ];
+        extraOptions = [ "--dns=100.100.100.100" ];
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."sign.kinkystar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:3001";
+    };
+  };
+
   sops = {
     defaultSopsFile = ./hosting-01.yaml;
     validateSopsFiles = false;
@@ -165,6 +185,10 @@ in
       vaultwarden = {
         owner = "root";
       };
+
+      docusealEnvironment = {
+        owner = "root";
+      };
     };
   };
 
diff --git a/hosts/servers/hosting-01.yaml b/hosts/servers/hosting-01.yaml
index 62a419a..1d2f290 100644
--- a/hosts/servers/hosting-01.yaml
+++ b/hosts/servers/hosting-01.yaml
@@ -21,6 +21,7 @@ forgejo:
     oidc-secret: ENC[AES256_GCM,data:CC78bq7nFYXAV0MLIshBkB1s7kQOgn0bkk21olNf9xT10KjJBB4KkbIZ6WI45T88MsK9Lv3FB6C9tRaPo3TLzcuz7D2Yk6O7,iv:ouUIoQY03DRlKpbEy8LTFnuClmYADa38Tp9EN932XSU=,tag:ieVnmE1A6g91qw9p1ek49Q==,type:str]
 mealie-env: ENC[AES256_GCM,data:E9z2K/HJNs3MrYMG+WjxUjxl5vslVskQOyHSs2qwDWbL6Dzjqd3ifvwuT6vSufEce0QaU9d+lIC/EAwi3LIxl9M77eBaUq3QXLeTdJ87DObJOpsxhbelaV5rKec=,iv:w1cdMEIaHFES8oHvMGcGp4jHhMPMje3SVepbaMJcEe4=,tag:wl5+xDtjM8rd9ecq2ws/Xw==,type:str]
 vaultwarden: ENC[AES256_GCM,data:YTGRVjajeSSRnjqaZHTa9HiV1c0kQj6+3m3BMirMH4Pu6NNlTYJgGOdz44jEmx4plbZkyM+ZkFVK3sL9rDryaxKGeDxZyM/2zPTlcosPVgA4ObzmmyT0XUoNRjOPYiE3CibmG9ZAEKp8hkGJGJATFOaQrphDS0Zczq/zc8+vUpVSJi8ycB1y1fxNAvfrftyETUsGYdKrD5+5s4fl422L6G12xdcy3TQNdfPz+SeXfhcTXSnORCglyYVzYlbUFQF9N6rpyZROv0dsN+s+c1d6Fsg6ROL3NrfQ0DkUy2rdmzAxrMNlRa89ZAybkDNeW/Wm24E/P+S5gqysRKA9ZJ6H/F9JZWJOazESgzcBLsWvSRO7U0O4Nou8uWAVuvQ/lmgwbepjUKG1EWRXJdNkZtL4EQiWR5G7NnhXjiLb22do7w5O8qiCXOHtQek/wfT57loLCn8oQfz6,iv:Sq7Mom6PwmmjU9t+qZM3I+Ybb416eEzqwAFeCHaeB8M=,tag:8mb+YC6zq22V/qgjMKHbPw==,type:str]
+docusealEnvironment: ENC[AES256_GCM,data:4Ij0S1ovq/YlVo4Ubo4ZKed1cEahNL1caaPCoBQ4PVik+Ys7IARQD9qZabm5+V+73C1QnrqLJf4QLNaQ1rwpEohMZSx6dLl0HwfaGdLx5+tIjTpwHwzMkkFnoJOgwNJ7iziHxF6EYZ45VjuE+LMFa1yE5XZUDMCRf0Wkn9RfU5wyXA4RNQ6N+p46FQ2toUcBcVEJFkBrEjMN2C8heV8RI93Om9jfAJmEi75il3ZHESJnE4QVmWN5U+xuMgNuR+cw7sEQ/bnb6chXkTPKfPqPoP6dKARcZPVG4omIMgqonnkSM7IwxEcwaU1S7dc/7F3zCT9wtQoZhoaPeB/VxSyzozcxTdEteovl0j4qOd8hNPGSN8fMXO173yxgrHergY6D7R4IvZJQNxou4XBCh27SWHuJGp34ek7yDr6L+XuECcSVrC8XdENgjNOAZEX6hlJNgW18sHstw8pUzhS9Ic6Zx/rGbRt/hK0sPd/AXHhCC1dBt1hIBHLKqgsiLonAV5KVFV7Nw+1FrOy9GUsUR1p1JAmnodZF0su6q3r1bNvYACDWyGQfIH9BUCQy1Pn97BIyte1SG9cs4jJrXRrjcn4gy4l1mYBzdcUYv4Nb/W3uVxROkThN,iv:NetK2q1+Rpi6LVhhJNlLz997fzx4O/cqos/8azg/Nbc=,tag:1MJvnIUNHwvIuDFFpwHImg==,type:str]
 sops:
     age:
         - recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv
@@ -32,8 +33,8 @@ sops:
             RWRCYlk1RkM1Z0ZiS25mYnRuWjYybzAKcZgEfGBifKHkEowQxe+1xQJhk6JuhJXQ
             LLdL9jBdfMrqXz48653XRKf3h4Nn4K70E65Ek8sPyZ5qSJYJHOwjYw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-21T11:33:52Z"
-    mac: ENC[AES256_GCM,data:6N0F+M2EyTiuXQokdVLGn3dZ5AG6Oq+uvrVoEvKPatyy8ynO0X7fS4GbvmHXmrzXcZwEIz16Y8M3Mk8S+PsVR0Zpc08HRwcIKtXCS7y00Y1iokAL83MoqG4m0kZbuvyY4nOvYAfH1VEJXsD5wSCYL2rMcer5oZ9zQagrNSjTUzw=,iv:+0990xD6258PwlWsggOLeXjSTqPSiN/qF6/xS9gRfXI=,tag:fZg+cQZncU0VV1maNSPOgg==,type:str]
+    lastmodified: "2025-10-21T12:38:15Z"
+    mac: ENC[AES256_GCM,data:DnzL2KsPXHSxGOcdAfIQ1+cLXG/nAQ+6m+1WBtW6xejiK1tmQYHTrYYdVOKBaYOl6cp9BB8qd20WfFCa/pE7745RwO2u13I4anX/fHYKTnDtuihQDFUsISkGwg5ynErh9dCd8pS3DxdtJtx6v4XrA0AEyYHZXfnTK6rxIFEDJu0=,iv:ep9lFZc6OcuP8mM2hu3iDsYuDjm4FjpQ9sraRm8LScA=,tag:AH/pG7Df7DiCv3TShI08Ow==,type:str]
     pgp:
         - created_at: "2025-10-21T11:33:41Z"
           enc: |-