diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
new file mode 100644
index 000000000..a3c6d0f28
--- /dev/null
+++ b/lass/2configs/bepasty.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+# secrets used:
+#   wildcard.krebsco.de.crt
+#   wildcard.krebsco.de.key
+#   bepasty-secret.nix     <- contains single string
+
+with import <stockholm/lib>;
+let
+  secKey = import <secrets/bepasty-secret.nix>;
+  ext-dom = "paste.lassul.us" ;
+in {
+
+  services.nginx.enable = mkDefault true;
+  krebs.bepasty = {
+    enable = true;
+    serveNginx= true;
+
+    servers = {
+      "paste.r" = {
+        nginx = {
+          serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+        };
+        defaultPermissions = "admin,list,create,read,delete";
+        secretKey = secKey;
+      };
+
+      "${ext-dom}" = {
+        nginx = {
+          enableSSL = true;
+          forceSSL = true;
+          enableACME = true;
+        };
+        defaultPermissions = "read";
+        secretKey = secKey;
+      };
+    };
+  };
+}