diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
index 950112b2dabe..94beb78ef5a4 100644
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -6,19 +6,18 @@ let
 
   inherit (pkgs) privoxy;
 
-  stateDir = "/var/spool/privoxy";
-
   privoxyUser = "privoxy";
 
-  privoxyFlags = "--no-daemon --user ${privoxyUser} ${privoxyCfg}";
+  cfg = config.services.privoxy;
 
-  privoxyCfg = pkgs.writeText "privoxy.conf" ''
-    listen-address  ${config.services.privoxy.listenAddress}
-    logdir          ${config.services.privoxy.logDir}
-    confdir         ${privoxy}/etc
-    filterfile      default.filter
-
-    ${config.services.privoxy.extraConfig}
+  confFile = pkgs.writeText "privoxy.conf" ''
+    user-manual ${privoxy}/share/doc/privoxy/user-manual
+    confdir ${privoxy}/etc/
+    listen-address  ${cfg.listenAddress}
+    enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
+    ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
+    ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
+    ${cfg.extraConfig}
   '';
 
 in
@@ -32,27 +31,51 @@ in
     services.privoxy = {
 
       enable = mkOption {
+        type = types.bool;
         default = false;
         description = ''
-          Whether to run the machine as a HTTP proxy server.
+          Whether to enable the Privoxy non-caching filtering proxy.
         '';
       };
 
       listenAddress = mkOption {
+        type = types.str;
         default = "127.0.0.1:8118";
         description = ''
           Address the proxy server is listening to.
         '';
       };
 
-      logDir = mkOption {
-        default = "/var/log/privoxy" ;
+      actionsFiles = mkOption {
+        type = types.listOf types.str;
+        example = [ "match-all.action" "default.action" "/etc/privoxy/user.action" ];
+        default = [ "match-all.action" "default.action" ];
         description = ''
-          Location for privoxy log files.
+          List of paths to Privoxy action files.
+          These paths may either be absolute or relative to the privoxy configuration directory.
+        '';
+      };
+
+      filterFiles = mkOption {
+        type = types.listOf types.str;
+        example = [ "default.filter" "/etc/privoxy/user.filter" ];
+        default = [ "default.filter" ];
+        description = ''
+          List of paths to Privoxy filter files.
+          These paths may either be absolute or relative to the privoxy configuration directory.
+        '';
+      };
+
+      enableEditActions = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether or not the web-based actions file editor may be used.
         '';
       };
 
       extraConfig = mkOption {
+        type = types.lines;
         default = "" ;
         description = ''
           Extra configuration. Contents will be added verbatim to the configuration file.
@@ -62,33 +85,22 @@ in
 
   };
 
-
   ###### implementation
 
-  config = mkIf config.services.privoxy.enable {
+  config = mkIf cfg.enable {
   
-    environment.systemPackages = [ privoxy ];
-
     users.extraUsers = singleton
       { name = privoxyUser;
         uid = config.ids.uids.privoxy;
         description = "Privoxy daemon user";
-        home = stateDir;
       };
 
-    jobs.privoxy =
-      { name = "privoxy";
-
-        startOn = "startup";
-
-        preStart =
-          ''
-            mkdir -m 0755 -p ${stateDir}
-            chown ${privoxyUser} ${stateDir}
-          '';
-
-        exec = "${privoxy}/sbin/privoxy ${privoxyFlags}";
-      };
+    systemd.services.privoxy = {
+      description = "Filtering web proxy";
+      after = [ "network.target" "nss-lookup.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}";
+    };
 
   };