diff --git a/default.nix b/default.nix
index 19349f82f..c04b297e0 100644
--- a/default.nix
+++ b/default.nix
@@ -56,6 +56,7 @@ let
         ./modules/services/nix-gc
         ./modules/services/ofborg
         ./modules/services/postgresql
+        ./modules/services/privoxy
         ./modules/services/redis
         ./modules/services/skhd
         ./modules/programs/bash
diff --git a/modules/services/privoxy/default.nix b/modules/services/privoxy/default.nix
new file mode 100644
index 000000000..5cb16c826
--- /dev/null
+++ b/modules/services/privoxy/default.nix
@@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.privoxy;
+in
+{
+  options = {
+    services.privoxy.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to enable the privoxy proxy service.";
+    };
+
+    services.privoxy.listenAddress = mkOption {
+      type = types.str;
+      default = "127.0.0.1:8118";
+      description = "The address and TCP port on which privoxy will listen.";
+    };
+
+    services.privoxy.package = mkOption {
+      type = types.package;
+      default = pkgs.privoxy;
+      example = literalExample "pkgs.privoxy";
+      description = "This option specifies the privoxy package to use.";
+    };
+
+    services.privoxy.config = mkOption {
+      type = types.lines;
+      default = "";
+      example = "forward / upstream.proxy:8080";
+      description = "Config to use for privoxy";
+    };
+
+    services.privoxy.templdir = mkOption {
+      type = types.path;
+      default = "${pkgs.privoxy}/etc/templates";
+      defaultText = "\${pkgs.privoxy}/etc/templates";
+      description = "Directory for privoxy template files.";
+    };
+
+    services.privoxy.confdir = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Directory for privoxy files such as .action and .filter.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.etc."privoxy-config".text = ''
+      ${optionalString (cfg.confdir != null) "confdir ${cfg.confdir}"}
+      templdir ${cfg.templdir}
+      listen-address ${cfg.listenAddress}
+      ${cfg.config}
+    '';
+
+    launchd.user.agents.privoxy = {
+      path = [ config.environment.systemPath ];
+      command = ''
+      ${cfg.package}/bin/privoxy /etc/privoxy-config
+      '';
+      serviceConfig.KeepAlive = true;
+    };
+  };
+}
diff --git a/release.nix b/release.nix
index 9a61ee67a..4511de67c 100644
--- a/release.nix
+++ b/release.nix
@@ -105,6 +105,7 @@ let
     tests.services-ofborg = makeTest ./tests/services-ofborg.nix;
     tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix;
     tests.services-skhd = makeTest ./tests/services-skhd.nix;
+    tests.services-privoxy = makeTest ./tests/services-privoxy.nix;
     tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
     tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;
     tests.system-packages = makeTest ./tests/system-packages.nix;
diff --git a/tests/services-privoxy.nix b/tests/services-privoxy.nix
new file mode 100644
index 000000000..f6c16a423
--- /dev/null
+++ b/tests/services-privoxy.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  privoxy = pkgs.runCommand "privoxy-0.0.0" {} "mkdir $out";
+in
+
+{
+  services.privoxy.enable = true;
+  services.privoxy.package = privoxy;
+  services.privoxy.config = "forward / .";
+
+  test = ''
+    echo >&2 "checking privoxy service in ~/Library/LaunchAgents"
+    grep "org.nixos.privoxy" ${config.out}/user/Library/LaunchAgents/org.nixos.privoxy.plist
+    echo grep "${privoxy}/bin/privoxy" ${config.out}/user/Library/LaunchAgents/org.nixos.privoxy.plist
+    grep "${privoxy}/bin/privoxy" ${config.out}/user/Library/LaunchAgents/org.nixos.privoxy.plist
+
+    echo >&2 "checking config in /etc/privoxy-config"
+    grep "forward / ." ${config.out}/etc/privoxy-config
+  '';
+}