diff --git a/.gitignore b/.gitignore
index 019004f..eea4882 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,7 @@
 matrix_reg_key
 slack_client_secret
 slack-registration.yaml
+discord-registration.yaml
+discord_envs
 *_psql_password
 secrets.json
diff --git a/nixos_configs/bridge.nix b/nixos_configs/bridge.nix
new file mode 100644
index 0000000..adfac8a
--- /dev/null
+++ b/nixos_configs/bridge.nix
@@ -0,0 +1,58 @@
+# adapted from https://nixos.org/manual/nixos/stable/index.html#module-services-matrix
+{ modulesPath, config, lib, pkgs, ... }:
+let
+  secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
+in {
+  imports = [
+     "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
+  ];
+
+  environment.systemPackages = [ pkgs.jq ];
+  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    (builtins.readFile "/home/mike/.ssh/id_mops.pub")
+  ];
+
+  ### app specific config
+  users.users.matterbridge = {
+    createHome = true;
+    isNormalUser = false;
+    isSystemUser = true;
+  };
+
+  services.matterbridge = let
+  config-file = pkgs.writeText "matterbridge.toml" ''
+[discord.cryptic]
+Token="${secrets.matterbridge.discord.token}"
+Server="${secrets.matterbridge.discord.server}"
+RemoteNickFormat="{NICK} [{PROTOCOL}]"
+AutoWebhooks=true
+
+[slack.cryptic]
+Token="${secrets.matterbridge.slack.token}"
+RemoteNickFormat="{NICK} [{PROTOCOL}]"
+
+# [[gateway]]
+# name="bot-test-gateway"
+# enable=true
+#     [[gateway.inout]]
+#     account="discord.cryptic"
+#     channel="bot-test"
+# 
+#     [[gateway.inout]]
+#     account="slack.cryptic"
+#     channel="bot-test"
+
+[[samechannelgateway]]
+   name="same-channel-gw"
+   enable = true
+   accounts = [ "slack.cryptic", "discord.cryptic" ]
+   channels = [ "bot-test", "generic-gaming", "to-the-moon-and-back" ]
+    '';
+  in {
+    enable = true;
+    configPath = "${config-file}";
+  };
+}
diff --git a/nixos_configs/matrix.nix b/nixos_configs/matrix.nix
index fc8f8fd..8f164ea 100644
--- a/nixos_configs/matrix.nix
+++ b/nixos_configs/matrix.nix
@@ -10,6 +10,10 @@ let
   secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
   slack-reg-source-yaml = (builtins.readFile ./slack-registration.yaml);
   slack-reg-dest-yaml = pkgs.writeText "slack-registration.yaml" "${slack-reg-source-yaml}";
+  discord-reg-source-yaml = (builtins.readFile ./discord-registration.yaml);
+  discord-reg-dest-yaml = pkgs.writeText "discord-registration.yaml" "${discord-reg-source-yaml}";
+  discord-envs-src = (builtins.readFile ./discord_envs);
+  discord-envs-dst = pkgs.writeText "discord_envs" "${discord-envs-src}";
   fqdn =
     let
       join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
@@ -150,6 +154,7 @@ in {
         - "#cryptic-chat:waffle.farm"
       app_service_config_files:
         - "${slack-reg-dest-yaml}"
+        - "${discord-reg-dest-yaml}"
     '';
 
     listeners = [
@@ -313,7 +318,7 @@ encryption:
   pantalaimon_url: "http://localhost:8009"
     '';
   in {
-    enable = true;
+    enable = false;
     description = "matrix-appservice-slack daemon";
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {
@@ -352,4 +357,18 @@ IgnoreVerification = True
     };
   };
 
+  services.matrix-appservice-discord = {
+    enable = true;
+    settings = {
+      bridge = {
+        domain = "waffle.farm";
+        homeserverUrl = "https://matrix.waffle.farm";
+        enableSelfServiceBridging = true;
+        disableJoinLeaveNotifications = true;
+        disableInviteNotifications = true;
+      };
+    };
+    url = "http://localhost:8008";
+    environmentFile = "${discord-envs-dst}";
+  };
 }
diff --git a/terraform/bridge.tf b/terraform/bridge.tf
new file mode 100644
index 0000000..c78cb6a
--- /dev/null
+++ b/terraform/bridge.tf
@@ -0,0 +1,23 @@
+resource "digitalocean_droplet" "bridge-0" {
+  name = "bridge-0"
+
+  image = data.digitalocean_image.nixos_base.id 
+  region = "nyc3"
+  size = "s-1vcpu-1gb"
+
+  ssh_keys = [data.digitalocean_ssh_key.mops.id]
+}
+
+module "deploy_nixos_bridge" {
+  source = "github.com/tweag/terraform-nixos//deploy_nixos?ref=d055d2180da230e47ba9082fc53a8b7d1fadbc43"
+
+  nixos_config = "../nixos_configs/bridge.nix"
+
+  target_user = "root"
+  target_host = digitalocean_droplet.bridge-0.ipv4_address
+
+  triggers = {
+    // Also re-deploy whenever the VM is re-created
+    instance_id = digitalocean_droplet.bridge-0.id
+  }
+}