diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index 621571e1c33..adaa2b0d9ae 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -101,6 +101,7 @@
       elasticsearch = 92;
       tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
       zope2 = 94;
+      firebird = 95;
 
       # When adding a uid, make sure it doesn't match an existing gid.
 
diff --git a/modules/module-list.nix b/modules/module-list.nix
index c0aab2e1804..76f5e0a4657 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -77,6 +77,7 @@
   ./services/backup/sitecopy-backup.nix
   ./services/databases/4store-endpoint.nix
   ./services/databases/4store.nix
+  ./services/databases/firebird.nix
   ./services/databases/memcached.nix
   ./services/databases/mongodb.nix
   ./services/databases/redis.nix
diff --git a/modules/services/databases/firebird.nix b/modules/services/databases/firebird.nix
new file mode 100644
index 00000000000..aca0d58900b
--- /dev/null
+++ b/modules/services/databases/firebird.nix
@@ -0,0 +1,149 @@
+{ config, pkgs, ... }:
+
+# TODO: this file needs some additional work - at least you can connect to
+# firebird ..
+# Example how to connect:
+# isql /var/db/firebird/data/your-db.fdb -u sysdba -p <default password>
+
+# There are at least two ways to run firebird. superserver has been choosen
+# however there are no strong reasons to prefer this or the other one AFAIK
+# Eg superserver is said to be most efficiently using resources according to
+# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.firebird;
+
+  firebird = cfg.package;
+
+  pidFile = "${cfg.pidDir}/firebirdd.pid";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.firebird = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the firebird super server.
+        ";
+      };
+
+      package = mkOption {
+        default = pkgs.firebirdSuper;
+        /*
+          Example: <code>package = pkgs.firebirdSuper.override { icu =
+            pkgs.icu; };</code> which is not recommended for compatibility
+            reasons. See comments at the firebirdSuper derivation
+        */
+
+        description = "
+          Which firebird derivation to use.
+        ";
+      };
+
+      port = mkOption {
+        default = "3050";
+        description = "Port of Firebird.";
+      };
+
+      user = mkOption {
+        default = "firebird";
+        description = "User account under which firebird runs.";
+      };
+
+      dataDir = mkOption {
+        default = "/var/db/firebird/data"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
+        description = "Location where firebird databases are stored.";
+      };
+
+      pidDir = mkOption {
+        default = "/run/firebird";
+        description = "Location of the file which stores the PID of the firebird server.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.firebird.enable {
+
+    users.extraUsers.firebird.description =  "Firebird server user";
+
+    environment.systemPackages = [firebird];
+
+    systemd.services.firebird =
+      { description = "firebird super server";
+
+        wantedBy = [ "multi-user.target" ];
+
+        # TODO: moving security2.fdb into the data directory works, maybe there
+        # is a better way
+        preStart =
+          ''
+            secureDir="${cfg.dataDir}/../system"
+
+            mkdir -m 0700 -p \
+              "${cfg.dataDir}" \
+              "${cfg.pidDir}" \
+              /var/log/firebird \
+              "$secureDir"
+
+            if ! test -e "$secureDir/security2.fdb"; then
+                cp ${firebird}/security2.fdb "$secureDir"
+            fi
+
+            chown -R ${cfg.user} "${cfg.pidDir}" "${cfg.dataDir}" "$secureDir" /var/log/firebird
+            chmod -R 700 "${cfg.pidDir}" "${cfg.dataDir}" "$secureDir" /var/log/firebird
+          '';
+
+        serviceConfig.PermissionsStartOnly = true; # preStart must be run as root
+        serviceConfig.User = cfg.user;
+        serviceConfig.ExecStart = ''${firebird}/bin/fbserver -d'';
+
+        # TODO think about shutdown
+      };
+
+    environment.etc."firebird/firebird.msg".source = "${firebird}/firebird.msg";
+
+    # think about this again - and eventually make it an option
+    environment.etc."firebird/firebird.conf".text = ''
+      # RootDirectory = Restrict ${cfg.dataDir}
+      DatabaseAccess = Restrict ${cfg.dataDir}
+      ExternalFileAccess = Restrict ${cfg.dataDir}
+      # what is this? is None allowed?
+      UdfAccess = None
+      # "Native" =  traditional interbase/firebird, "mixed" is windows only
+      Authentication = Native
+
+      # defaults to -1 on non Win32
+      #MaxUnflushedWrites = 100
+      #MaxUnflushedWriteTime = 100
+
+      # show trace if trouble occurs (does this require debug build?)
+      # BugcheckAbort = 0
+      # ConnectionTimeout = 180
+
+      #RemoteServiceName = gds_db
+      RemoteServicePort = ${cfg.port}
+
+      # randomly choose port for server Event Notification
+      #RemoteAuxPort = 0
+      # rsetrict connections to a network card:
+      #RemoteBindAddress =
+      # there are some more settings ..
+    '';
+    };
+
+}