diff --git a/main.tf b/main.tf
index 99ef4c3..cbd3eb4 100644
--- a/main.tf
+++ b/main.tf
@@ -53,6 +53,14 @@ module "gitea" {
   mysql-password = "${var.gitea-mysql-password}"
 }
 
+module "opml" {
+  source         = "opml"
+  domain         = "opml.bb8.fun"
+  client-id      = "${var.opml-github-client-id}"
+  client-secret  = "${var.opml-github-client-secret}"
+  traefik-labels = "${var.traefik-common-labels}"
+}
+
 module "radicale" {
   source         = "radicale"
   domain         = "radicale.bb8.fun"
diff --git a/opml/data.tf b/opml/data.tf
new file mode 100644
index 0000000..ee0c40a
--- /dev/null
+++ b/opml/data.tf
@@ -0,0 +1,7 @@
+data "docker_registry_image" "opml" {
+  name = "captn3m0/opml-gen:latest"
+}
+
+data "docker_registry_image" "redis" {
+  name = "redis:alpine"
+}
diff --git a/opml/main.tf b/opml/main.tf
new file mode 100644
index 0000000..dd7563c
--- /dev/null
+++ b/opml/main.tf
@@ -0,0 +1,28 @@
+resource "docker_container" "opml" {
+  name  = "opml"
+  image = "${docker_image.opml.latest}"
+
+  labels = "${merge(
+    var.traefik-labels, map(
+      "traefik.port", 80,
+      "traefik.frontend.rule","Host:${var.domain}"
+  ))}"
+
+  env = [
+    "GITHUB_CLIENT_ID=${var.client-id}",
+    "GITHUB_CLIENT_SECRET=${var.client-secret}",
+    "REDIS_URL=redis://opml-redis:6379/1",
+  ]
+
+  memory                = 256
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  networks = ["${docker_network.opml.id}"]
+}
+
+resource "docker_image" "opml" {
+  name          = "${data.docker_registry_image.opml.name}"
+  pull_triggers = ["${data.docker_registry_image.opml.sha256_digest}"]
+}
diff --git a/opml/network.tf b/opml/network.tf
new file mode 100644
index 0000000..dc17e53
--- /dev/null
+++ b/opml/network.tf
@@ -0,0 +1,4 @@
+resource "docker_network" "opml" {
+  name   = "opml"
+  driver = "bridge"
+}
diff --git a/opml/redis.tf b/opml/redis.tf
new file mode 100644
index 0000000..4b5e176
--- /dev/null
+++ b/opml/redis.tf
@@ -0,0 +1,21 @@
+resource "docker_container" "redis" {
+  name  = "opml-redis"
+  image = "${docker_image.redis.latest}"
+
+  volumes {
+    host_path      = "/mnt/xwing/cache/opml-redis"
+    container_path = "/data"
+  }
+
+  memory                = 256
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  networks = ["${docker_network.opml.id}"]
+}
+
+resource "docker_image" "redis" {
+  name          = "${data.docker_registry_image.redis.name}"
+  pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"]
+}
diff --git a/opml/variables.tf b/opml/variables.tf
new file mode 100644
index 0000000..11b5f6f
--- /dev/null
+++ b/opml/variables.tf
@@ -0,0 +1,7 @@
+variable "traefik-labels" {
+  type = "map"
+}
+
+variable "domain" {}
+variable "client-id" {}
+variable "client-secret" {}
diff --git a/variables.tf b/variables.tf
index 0b94e74..e124c0e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -72,3 +72,6 @@ variable "traefik-common-labels" {
 
 variable "timemachine-password-2" {}
 variable "timemachine-password-1" {}
+
+variable "opml-github-client-id" {}
+variable "opml-github-client-secret" {}