diff --git a/modules/module-list.nix b/modules/module-list.nix
index 3fa741fa5d9..16ea90bf670 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -153,6 +153,7 @@
   ./services/networking/unbound.nix
   ./services/networking/vsftpd.nix
   ./services/networking/wakeonlan.nix
+  ./services/networking/websockify.nix
   ./services/networking/wicd.nix
   ./services/networking/wpa_supplicant.nix
   ./services/networking/xinetd.nix
diff --git a/modules/services/networking/websockify.nix b/modules/services/networking/websockify.nix
new file mode 100644
index 00000000000..5e97d2a65cd
--- /dev/null
+++ b/modules/services/networking/websockify.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.networking.websockify; in {
+  options = {
+    services.networking.websockify = {
+      enable = mkOption {  
+        description = "Whether to enable websockify to forward websocket connections to TCP connections";
+
+        default = false;   
+
+        type = types.bool; 
+      };
+
+      sslCert = mkOption {
+        description = "Path to the SSL certificate";
+        type = types.path;
+      };
+
+      sslKey = mkOption {
+        description = "Path to the SSL key";
+        default = cfg.sslCert;
+        type = types.path;
+      };
+
+      portMap = mkOption {
+        description = "Ports to map by default";
+        default = {};
+        type = types.attrsOf types.int;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services."websockify@" = {
+      script = ''
+        IFS=':' read -a array <<< "$1"
+        ${pkgs.pythonPackages.websockify}/bin/websockify --ssl-only \
+          --cert=${cfg.sslCert} --key=${cfg.sslKey} 0.0.0.0:''${array[0]} 0.0.0.0:''${array[1]}
+      '';
+      scriptArgs = "%i";
+    };
+
+    systemd.targets."default-websockify" = {
+      wants = mapAttrsToList (name: value: "websockify@${name}:${toString value}.service") cfg.portMap;
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}
diff --git a/modules/system/boot/systemd-unit-options.nix b/modules/system/boot/systemd-unit-options.nix
index 1f8097ada1c..513e9e85708 100644
--- a/modules/system/boot/systemd-unit-options.nix
+++ b/modules/system/boot/systemd-unit-options.nix
@@ -147,6 +147,12 @@ rec {
       description = "Shell commands executed as the service's main process.";
     };
 
+    scriptArgs = mkOption {
+      type = types.uniq types.string;
+      default = "";
+      description = "Arguments passed to the main process script.";
+    };
+
     preStart = mkOption {
       type = types.string;
       default = "";
@@ -262,4 +268,4 @@ rec {
     };
   };
 
-}
\ No newline at end of file
+}
diff --git a/modules/system/boot/systemd.nix b/modules/system/boot/systemd.nix
index c958433ff45..ddb6dd3db26 100644
--- a/modules/system/boot/systemd.nix
+++ b/modules/system/boot/systemd.nix
@@ -241,7 +241,7 @@ let
             ExecStart=${makeJobScript "${name}-start" ''
               #! ${pkgs.stdenv.shell} -e
               ${def.script}
-            ''}
+            ''} ${def.scriptArgs}
           ''}
 
           ${optionalString (def.postStart != "") ''