diff --git a/configs/tegola.toml b/configs/tegola.toml
new file mode 100644
index 0000000..8ee0983
--- /dev/null
+++ b/configs/tegola.toml
@@ -0,0 +1,57 @@
+tile_buffer = 64
+
+[webserver]
+port = ":9090"
+
+[cache]
+type="file"             # cache type
+basepath="/tmp/tegola"  # cache specific config
+
+# register data providers
+[[providers]]
+name = "bonn"   # provider name is referenced from map layers
+type = "mvt_postgis"        # the type of data provider. currently only supports postgis
+#uri = "postgres://tegola:supersecret@localhost:5432/tegola?sslmode=prefer" # PostGIS connection string (required)
+uri = "postgres://tegola:@localhost:/tegola?host=/var/run/postgresql&sslmode=disable" # PostGIS connection string (required)
+srid = 4326             # The default srid for this provider. If not provided it will be WebMercator (3857)
+
+
+  [[providers.layers]]
+  name = "road"
+  geometry_fieldname = "wkb_geometry"
+  geometry_type="linestring"
+  id_fieldname = "ogc_fid"
+  sql = "SELECT ST_AsMVTGeom(wkb_geometry, !BBOX!) AS wkb_geometry, name, ogc_fid FROM all_roads WHERE wkb_geometry && !BBOX!"
+
+  [[providers.layers]]
+  name = "main_roads"
+  geometry_fieldname = "wkb_geometry"
+  geometry_type="linestring"
+  id_fieldname = "ogc_fid"
+  sql = "SELECT ST_AsMVTGeom(wkb_geometry, !BBOX!) AS wkb_geometry, name, ogc_fid FROM main_roads WHERE wkb_geometry && !BBOX!"
+
+  [[providers.layers]]
+  name = "lakes"
+  geometry_fieldname = "wkb_geometry"
+  geometry_type="polygon"
+  id_fieldname = "ogc_fid"
+  sql = "SELECT ST_AsMVTGeom(wkb_geometry, !BBOX!) AS wkb_geometry, name, ogc_fid FROM lakes WHERE wkb_geometry && !BBOX!"
+
+[[maps]]
+name = "bonn"
+center = [7.0982, 50.7374, 11.0] # set the center of the map so the user is auto navigated to Bonn
+
+  [[maps.layers]]
+  provider_layer = "bonn.road"
+  min_zoom = 10
+  max_zoom = 20
+
+  [[maps.layers]]
+  provider_layer = "bonn.main_roads"
+  min_zoom = 5
+  max_zoom = 20
+
+  [[maps.layers]]
+  provider_layer = "bonn.lakes"
+  min_zoom = 5
+  max_zoom = 20
diff --git a/modules/system/default.nix b/modules/system/default.nix
index 2adf59e..290fd57 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -25,6 +25,7 @@
 		./static-websites.nix
 		./sudo.nix
 		./synapse.nix
+		./tegola.nix
 		./timecardbot.nix
 		./tmux.nix
 		./twenty-crm.nix
diff --git a/modules/system/nidus-sync.nix b/modules/system/nidus-sync.nix
index 01df78b..141fca9 100644
--- a/modules/system/nidus-sync.nix
+++ b/modules/system/nidus-sync.nix
@@ -35,6 +35,7 @@ in {
 				ensureDBOwnership = true;
 				name = databaseUser;
 			}];
+			extensions = ps: with ps; [ h3-pg postgis ];
 		};
 		services.restic.backups."${backupName}-db" = {
 			# We can use this due to overridding restic with unstable
diff --git a/modules/system/tegola.nix b/modules/system/tegola.nix
new file mode 100644
index 0000000..0333c77
--- /dev/null
+++ b/modules/system/tegola.nix
@@ -0,0 +1,58 @@
+{ config, configFiles, lib, pkgs, ... }:
+with lib;
+
+let
+	databaseName = "tegola";
+	databaseUser = "tegola";
+	group = "tegola";
+	user = "tegola";
+in {
+	options.myModules.tegola.enable = mkEnableOption "custom tegola configuration";
+
+	config = mkIf config.myModules.tegola.enable {
+		environment = {
+			etc."tegola.toml" = {
+				group = group;
+				source = "${configFiles}/tegola.toml";
+				user = user;
+			};
+			systemPackages = with pkgs; [
+				tegola
+			];
+		};
+		networking.firewall.allowedTCPPorts = [ 9090 ];
+		services.postgresql = {
+			enable = true;
+			ensureDatabases = [databaseName];
+			ensureUsers = [{
+				ensureClauses.login = true;
+				ensureDBOwnership = true;
+				name = databaseUser;
+			}];
+			extensions = ps: with ps; [ h3-pg postgis ];
+		};
+		systemd.services."tegola" = {
+			after=["network.target" "network-online.target"];
+			description="Tegola Vector Tile";
+			path = [ pkgs.tegola ];
+			requires=["network-online.target"];
+			serviceConfig = {
+				Group = group;
+				ExecStart = "${pkgs.tegola}/bin/tegola serve --config /etc/tegola.toml";
+				PrivateTmp = true;
+				TimeoutStopSec = "5s";
+				Type = "simple";
+				User = user;
+				WorkingDirectory = "/tmp";
+			};
+			wantedBy = ["multi-user.target"];
+		};
+		users = {
+			groups."${group}" = {};
+			users."${user}" = {
+				group = group;
+				isSystemUser = true;
+			};
+		};
+	};
+}
diff --git a/roles/nidus-sync.nix b/roles/nidus-sync.nix
index dff63b0..42256ae 100644
--- a/roles/nidus-sync.nix
+++ b/roles/nidus-sync.nix
@@ -75,4 +75,5 @@ in {
 	myModules.asterisk.enable = true;
 	myModules.caddy.enable = true;
 	myModules.nidus-sync.enable = true;
+	myModules.tegola.enable = true;
 }