diff --git a/hosts/tyo0/ports.nix b/hosts/tyo0/ports.nix
index 254e4c0..cfc8374 100644
--- a/hosts/tyo0/ports.nix
+++ b/hosts/tyo0/ports.nix
@@ -1,7 +1,6 @@
 {
   lib.ports = {
     keycloak = 8010;
-    miniflux = 8020;
     vaultwarden = 8040;
     wastebin = 8050;
 
diff --git a/hosts/tyo0/services/miniflux.nix b/hosts/tyo0/services/miniflux.nix
index 11c4ab9..9310310 100644
--- a/hosts/tyo0/services/miniflux.nix
+++ b/hosts/tyo0/services/miniflux.nix
@@ -1,14 +1,24 @@
 { lib, config, ... }:
-let
-  port = config.lib.ports.miniflux;
-in
 {
+  # https://miniflux.app/docs/howto.html#systemd-socket-activation
+  systemd = {
+    sockets.miniflux = {
+      description = "Miniflux Socket";
+      wantedBy = [ "sockets.target" ];
+      requiredBy = [ "miniflux.service" ];
+      listenStreams = [ "/run/miniflux.sock" ];
+      socketConfig.NoDelay = true;
+    };
+    services.miniflux = {
+      serviceConfig.NonBlocking = true;
+    };
+  };
+
   services.miniflux = {
     enable = true;
     adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
     config = {
       CREATE_ADMIN = 0;
-      LISTEN_ADDR = "127.0.0.1:${toString port}";
       BASE_URL = "https://rss.ny4.dev";
 
       OAUTH2_PROVIDER = "oidc";
@@ -23,7 +33,7 @@ in
     match = lib.singleton { host = [ "rss.ny4.dev" ]; };
     handle = lib.singleton {
       handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:${toString port}"; } ];
+      upstreams = [ { dial = "unix//run/miniflux.sock"; } ];
     };
   };
 }