diff --git a/flake.nix b/flake.nix
index 6c62b79..c551c2d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -42,6 +42,7 @@
     } {
       imports = [
         ./nix
+        ./nixos
       ];
       systems = [
         "x86_64-linux"
diff --git a/internal/cli/store/run.go b/internal/cli/store/run.go
index 6ee45f6..7d9b3b5 100644
--- a/internal/cli/store/run.go
+++ b/internal/cli/store/run.go
@@ -35,8 +35,8 @@ type Run struct {
 	Log  cli.LogOptions  `embed:""`
 	Nats cli.NatsOptions `embed:""`
 
-	ListenAddr  string `short:"l" env:"NVIX_STORE_LISTEN_ADDR" default:"localhost:5000"`
-	MetricsAddr string `short:"m" env:"NVIX_STORE_METRICS_ADDR" default:"localhost:5050"`
+	ListenAddr  string `short:"l" env:"LISTEN_ADDR" default:"localhost:5000"`
+	MetricsAddr string `short:"m" env:"METRICS_ADDR" default:"localhost:5050"`
 }
 
 func (r *Run) Run() error {
diff --git a/nix/dev/nvix.nix b/nix/dev/nvix.nix
index 404e8b1..cce2501 100644
--- a/nix/dev/nvix.nix
+++ b/nix/dev/nvix.nix
@@ -9,7 +9,7 @@
           };
           working_dir = "$PRJ_DATA_DIR";
           environment = {
-            NVIX_STORE_NATS_CREDENTIALS_FILE = "./nsc/creds/Tvix/Store/Admin.creds";
+            NATS_CREDENTIALS_FILE = "./nsc/creds/Tvix/Store/Admin.creds";
           };
           command = "${lib.getExe self'.packages.nvix} store init -v";
         };
@@ -19,7 +19,7 @@
           };
           working_dir = "$PRJ_DATA_DIR";
           environment = {
-            NVIX_STORE_NATS_CREDENTIALS_FILE = "./nsc/creds/Tvix/Store/Server.creds";
+            NATS_CREDENTIALS_FILE = "./nsc/creds/Tvix/Store/Server.creds";
           };
           command = "${lib.getExe self'.packages.nvix} store run -v";
           # TODO readiness probe
diff --git a/nixos/default.nix b/nixos/default.nix
new file mode 100644
index 0000000..438aafe
--- /dev/null
+++ b/nixos/default.nix
@@ -0,0 +1,5 @@
+{
+  flake.nixosModules = {
+    store = import ./store.nix;
+  };
+}
diff --git a/nixos/store.nix b/nixos/store.nix
new file mode 100644
index 0000000..c668090
--- /dev/null
+++ b/nixos/store.nix
@@ -0,0 +1,81 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: let
+  cfg = config.services.nvix.store;
+in {
+  options.services.nvix.store = with lib; {
+    enable = mkEnableOption (mdDoc "Enable NVIX Store");
+    package = mkOption {
+      type = types.package;
+      default = pkgs.nvix;
+      defaultText = literalExpression "pkgs.nvix";
+      description = mdDoc "Package to use for nits.";
+    };
+    listen = {
+      address = mkOption {
+        type = types.str;
+        default = "localhost:5000";
+        description = "interface and port to listen on";
+      };
+    };
+    metrics = {
+      address = mkOption {
+        type = types.str;
+        default = "localhost:5050";
+        description = "interface and port to listen on";
+      };
+    };
+    nats = {
+      url = mkOption {
+        type = types.str;
+        example = "nats://localhost:4222";
+        description = mdDoc "NATS server url.";
+      };
+      credentialsFile = mkOption {
+        type = types.path;
+        example = "/mnt/shared/user.creds";
+        description = mdDoc "Path to a file containing a NATS credentials file";
+      };
+    };
+    verbosity = mkOption {
+      type = types.int;
+      default = 1;
+      example = "2";
+      description = mdDoc "Selects the log verbosity.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.nvix-store = {
+      after = ["network.target"];
+      wantedBy = ["sysinit.target"];
+
+      description = "NVIX Store";
+      startLimitIntervalSec = 0;
+
+      # the agent will restart itself after a successful deployment
+      restartIfChanged = false;
+
+      environment = lib.filterAttrs (_: v: v != null) {
+        NATS_URL = cfg.nats.url;
+        NATS_CREDENTIALS_FILE = cfg.nats.credentialsFile;
+        LISTEN_ADDRESS = cfg.listen.address;
+        METRICS_ADDRESS = cfg.metrics.address;
+        LOG_LEVEL = "${builtins.toString cfg.verbosity}";
+      };
+
+      serviceConfig = with lib; {
+        Restart = mkDefault "on-failure";
+        RestartSec = 1;
+
+        User = "nvix-store";
+        DynamicUser = true;
+        StateDirectory = "nvix-store";
+        ExecStart = "${cfg.package}/bin/nvix store";
+      };
+    };
+  };
+}
diff --git a/pkg/cli/log.go b/pkg/cli/log.go
index 8c5baae..4e88e08 100644
--- a/pkg/cli/log.go
+++ b/pkg/cli/log.go
@@ -5,7 +5,7 @@ import (
 )
 
 type LogOptions struct {
-	Verbosity int `name:"verbose" short:"v" type:"counter" default:"0" env:"NVIX_LOG_LEVEL" help:"Set the verbosity of logs e.g. -vv"`
+	Verbosity int `name:"verbose" short:"v" type:"counter" default:"0" env:"LOG_LEVEL" help:"Set the verbosity of logs e.g. -vv"`
 }
 
 func (lo *LogOptions) ConfigureLogger() {
diff --git a/pkg/cli/nats.go b/pkg/cli/nats.go
index d102898..1d174a4 100644
--- a/pkg/cli/nats.go
+++ b/pkg/cli/nats.go
@@ -6,8 +6,8 @@ import (
 )
 
 type NatsOptions struct {
-	NatsUrl         string `short:"n" env:"NVIX_STORE_NATS_URL" default:"nats://localhost:4222"`
-	NatsCredentials string `short:"c" env:"NVIX_STORE_NATS_CREDENTIALS_FILE" required:"" type:"path"`
+	NatsUrl         string `short:"n" env:"NATS_URL" default:"nats://localhost:4222"`
+	NatsCredentials string `short:"c" env:"NATS_CREDENTIALS_FILE" required:"" type:"path"`
 }
 
 func (no *NatsOptions) Connect() *nats.Conn {