diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index fd479763c0a..7bcc5b84941 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -328,7 +328,7 @@
   ./services/networking/hostapd.nix
   ./services/networking/i2pd.nix
   ./services/networking/i2p.nix
-  ./services/networking/iodined.nix
+  ./services/networking/iodine.nix
   ./services/networking/ircd-hybrid/default.nix
   ./services/networking/kippo.nix
   ./services/networking/lambdabot.nix
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index c6a781b6f00..84eccfd5129 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -101,6 +101,13 @@ with lib;
     # Enlightenment
     (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
 
+    # Iodine
+    (mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ])
+    (mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
+    (mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
+    (mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
+    (mkRemovedOptionModule [ "services" "iodined" "client" ])
+
     # Options that are obsolete and have no replacement.
     (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
     (mkRemovedOptionModule [ "programs" "bash" "enable" ])
diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix
new file mode 100644
index 00000000000..1b0d2d9a517
--- /dev/null
+++ b/nixos/modules/services/networking/iodine.nix
@@ -0,0 +1,136 @@
+# NixOS module for iodine, ip over dns daemon
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.iodine;
+
+  iodinedUser = "iodined";
+
+in
+{
+
+  ### configuration
+
+  options = {
+
+    services.iodine = {
+      clients = mkOption {
+        default = {};
+        description = ''
+          Each attribute of this option defines a systemd service that
+          runs iodine. Many or none may be defined.
+          The name of each service is
+          <literal>iodine-<replaceable>name</replaceable></literal>
+          where <replaceable>name</replaceable> is the name of the
+          corresponding attribute name.
+        '';
+        example = literalExample ''
+        {
+          foo = {
+            server = "tunnel.mdomain.com";
+            relay = "8.8.8.8";
+            extraConfig = "-P mysecurepassword";
+          }
+        }
+        '';
+        type = types.attrsOf (types.submodule (
+        {
+          options = {
+            server = mkOption {
+              type = types.str;
+              default = "";
+              description = "Domain or Subdomain of server running iodined";
+              example = "tunnel.mydomain.com";
+            };
+
+            relay = mkOption {
+              type = types.str;
+              default = "";
+              description = "DNS server to use as a intermediate relay to the iodined server";
+              example = "8.8.8.8";
+            };
+
+            extraConfig = mkOption {
+              type = types.str;
+              default = "";
+              description = "Additional command line parameters";
+              example = "-P mysecurepassword -l 192.168.1.10 -p 23";
+            };
+          };
+        }));
+      };
+
+      server = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = "enable iodined server";
+        };
+
+        ip = mkOption {
+          type = types.str;
+          default = "";
+          description = "The assigned ip address or ip range";
+          example = "172.16.10.1/24";
+        };
+
+        domain = mkOption {
+          type = types.str;
+          default = "";
+          description = "Domain or subdomain of which nameservers point to us";
+          example = "tunnel.mydomain.com";
+        };
+
+        extraConfig = mkOption {
+          type = types.str;
+          default = "";
+          description = "Additional command line parameters";
+          example = "-P mysecurepassword -l 192.168.1.10 -p 23";
+        };
+      };
+
+    };
+  };
+
+  ### implementation
+
+  config = mkIf (cfg.server.enable || cfg.clients != {}) {
+    environment.systemPackages = [ pkgs.iodine ];
+    boot.kernelModules = [ "tun" ];
+
+    systemd.services =
+    let
+      createIodineClientService = name: cfg:
+      {
+        description = "iodine client - ${name}";
+        wantedBy = [ "ip-up.target" ];
+        serviceConfig = {
+          RestartSec = "30s";
+          Restart = "always";
+          ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}";
+        };
+      };
+    in
+    listToAttrs (
+      mapAttrsToList
+        (name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
+        cfg.clients
+    ) // {
+      iodined = mkIf (cfg.server.enable) {
+        description = "iodine, ip over dns server daemon";
+        wantedBy = [ "ip-up.target" ];
+        serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}";
+      };
+    };
+
+    users.extraUsers = singleton {
+      name = iodinedUser;
+      uid = config.ids.uids.iodined;
+      description = "Iodine daemon user";
+    };
+    users.extraGroups.iodined.gid = config.ids.gids.iodined;
+  };
+}
diff --git a/nixos/modules/services/networking/iodined.nix b/nixos/modules/services/networking/iodined.nix
deleted file mode 100644
index 20d371c4e2d..00000000000
--- a/nixos/modules/services/networking/iodined.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-# NixOS module for iodine, ip over dns daemon
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.iodined;
-
-  iodinedUser = "iodined";
-
-in
-
-{
-
-  ### configuration
-
-  options = {
-
-    services.iodined = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Enable iodine, ip over dns daemon";
-      };
-
-      client = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Start iodine in client mode";
-      };
-
-      ip = mkOption {
-        type = types.str;
-        default = "";
-        description = "Assigned ip address or ip range";
-        example = "172.16.10.1/24";
-      };
-
-      domain = mkOption {
-        type = types.str;
-        default = "";
-        description = "Domain or subdomain of which nameservers point to us";
-        example = "tunnel.mydomain.com";
-      };
-
-      extraConfig = mkOption {
-        type = types.str;
-        default = "";
-        description = "Additional command line parameters";
-        example = "-P mysecurepassword -l 192.168.1.10 -p 23";
-      };
-
-    };
-
-  };
-
-  ### implementation
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.iodine ];
-    boot.kernelModules = [ "tun" ];
-
-    systemd.services.iodined = {
-      description = "iodine, ip over dns daemon";
-      wantedBy = [ "ip-up.target" ];
-      serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
-    };
-
-
-    users.extraUsers = singleton {
-      name = iodinedUser;
-      uid = config.ids.uids.iodined;
-      description = "Iodine daemon user";
-    };
-    users.extraGroups.iodined.gid = config.ids.gids.iodined;
-
-    assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true;
-                    message = "cannot start iodined without ip set";}
-                  { assertion = cfg.domain != "";
-                    message = "cannot start iodined without domain name set";}];
-
-  };
-
-}