diff --git a/machines/raven/services/default.nix b/machines/raven/services/default.nix
index 420c68a..0ed81ef 100644
--- a/machines/raven/services/default.nix
+++ b/machines/raven/services/default.nix
@@ -3,6 +3,7 @@
     ./asterisk.nix
     ./dnsmasq.nix
     ./dyndns.nix
+    ./freeradius.nix
     ./labsync
     ./unifi-controller.nix
   ];
diff --git a/machines/raven/services/freeradius.nix b/machines/raven/services/freeradius.nix
new file mode 100644
index 0000000..9fb95db
--- /dev/null
+++ b/machines/raven/services/freeradius.nix
@@ -0,0 +1,17 @@
+# service for unifi wifi
+# provides anonymous access via WPA2 enterprise (PEAP)
+{ pkgs, ... }:
+
+{
+  services.freeradius = {
+    enable = true;
+    configDir = "${pkgs.fablab.freeradius-anon-access}/raddb";
+    debug = true;
+  };
+  users.users.radius.group = "radius";
+  users.groups.radius = { };
+  networking.firewall.allowedUDPPorts = [
+    1812
+    1813
+  ];
+}
diff --git a/pkgs/fablab/default.nix b/pkgs/fablab/default.nix
index d32b0b0..9d10179 100644
--- a/pkgs/fablab/default.nix
+++ b/pkgs/fablab/default.nix
@@ -1,5 +1,6 @@
 { callPackage }:
 
 {
+  freeradius-anon-access = callPackage ./freeradius-anon-access { };
   mitgliedsantrag = callPackage ./mitgliedsantrag { };
 }
diff --git a/pkgs/fablab/freeradius-anon-access/default.nix b/pkgs/fablab/freeradius-anon-access/default.nix
new file mode 100644
index 0000000..c9e98bd
--- /dev/null
+++ b/pkgs/fablab/freeradius-anon-access/default.nix
@@ -0,0 +1,14 @@
+{ lib, stdenvNoCC, ... }:
+
+stdenvNoCC.mkDerivation {
+  name = "freeradius-anon-access";
+  src = ./.;
+  dontBuild = true;
+  installPhase = ''
+    mkdir $out
+    cp -r raddb $out
+  '';
+  meta = with lib; {
+    platforms = platforms.unix;
+  };
+}