diff --git a/modules/home/cli/programs/knock/default.nix b/modules/home/cli/programs/knock/default.nix
new file mode 100644
index 0000000..8fbdc01
--- /dev/null
+++ b/modules/home/cli/programs/knock/default.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  pkgs,
+  namespace,
+  ...
+}:
+let
+  inherit (lib) mkIf;
+  inherit (lib.${namespace}) mkBoolOpt;
+
+  cfg = config.${namespace}.cli.programs.knock;
+in
+{
+  options.${namespace}.cli.programs.knock = {
+    enable = mkBoolOpt false "Whether or not to enable knock.";
+  };
+
+  config = mkIf cfg.enable { home.packages = [ pkgs.${namespace}.knock ]; };
+}
diff --git a/modules/home/roles/common/default.nix b/modules/home/roles/common/default.nix
index c1d7bd2..d396916 100644
--- a/modules/home/roles/common/default.nix
+++ b/modules/home/roles/common/default.nix
@@ -39,6 +39,7 @@ in
           file-tools = enabled;
           xclip = enabled;
           manix = enabled;
+          knock = enabled;
         };
       };
 
diff --git a/packages/knock/default.nix b/packages/knock/default.nix
new file mode 100644
index 0000000..a8f1a50
--- /dev/null
+++ b/packages/knock/default.nix
@@ -0,0 +1,38 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  pkg-config,
+  libpcap,
+  autoreconfHook,
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "knock";
+  version = "0.8";
+
+  src = fetchFromGitHub {
+    owner = "jvinet";
+    repo = "knock";
+    rev = "refs/tags/v${finalAttrs.version}";
+    hash = "sha256-GOg6wovyr6J5qHm5EsOxrposFtwwx/FyJs7g0dagFmk=";
+  };
+
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+  ];
+
+  buildInputs = [ libpcap ];
+
+  patches = [ ./makefile.patch ];
+
+  meta = {
+    description = "A port-knocking implementation";
+    homepage = "https://github.com/jvinet/knock";
+    changelog = "https://github.com/jvinet/knock/releases";
+    license = lib.licenses.gpl2Plus;
+    maintainers = with lib.maintainers; [ theobori ];
+    mainProgram = "knock";
+    platforms = lib.platforms.unix;
+  };
+})
diff --git a/packages/knock/makefile.patch b/packages/knock/makefile.patch
new file mode 100644
index 0000000..ad4831c
--- /dev/null
+++ b/packages/knock/makefile.patch
@@ -0,0 +1,20 @@
+diff --git a/Makefile.am b/Makefile.am
+index c5b15ab..9f83379 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5,14 +5,10 @@ bin_PROGRAMS = knock
+ man_MANS = doc/knock.1
+ 
+ if BUILD_KNOCKD
+-sbin_PROGRAMS = knockd
+-dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
++bin_PROGRAMS += knockd
+ man_MANS += doc/knockd.1
+-sysconf_DATA = knockd.conf
+ endif
+ 
+-dist_doc_DATA = README.md TODO ChangeLog COPYING
+-
+ knock_SOURCES = src/knock.c
+ knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
+