diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 902503335169..a030a68e1e50 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1394,6 +1394,7 @@
   ./services/security/certmgr.nix
   ./services/security/cfssl.nix
   ./services/security/clamav.nix
+  ./services/security/e-imzo.nix
   ./services/security/endlessh-go.nix
   ./services/security/endlessh.nix
   ./services/security/esdm.nix
diff --git a/nixos/modules/services/security/e-imzo.nix b/nixos/modules/services/security/e-imzo.nix
new file mode 100644
index 000000000000..1423f3ec9596
--- /dev/null
+++ b/nixos/modules/services/security/e-imzo.nix
@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.e-imzo;
+in
+{
+  options = {
+    services.e-imzo = {
+      enable = lib.mkEnableOption "E-IMZO";
+
+      package = lib.mkPackageOption pkgs "e-imzo" {
+        extraDescription = "Official mirror deletes old versions as soon as they release new one. Feel free to use either unstable or your own custom e-imzo package and ping maintainer.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.user.services.e-imzo = {
+      enable = true;
+      description = "E-IMZO, uzbek state web signing service";
+      documentation = [ "https://github.com/xinux-org/e-imzo" ];
+
+      after = [
+        "network-online.target"
+        "graphical.target"
+      ];
+      wants = [
+        "network-online.target"
+        "graphical.target"
+      ];
+      wantedBy = [ "default.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = 1;
+        ExecStart = lib.getExe cfg.package;
+
+        NoNewPrivileges = true;
+        SystemCallArchitectures = "native";
+      };
+    };
+  };
+
+  meta.maintainers = with lib.maintainers; [ orzklv ];
+}