diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 8b26b710dfad..0934c25ff9d6 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -929,6 +929,7 @@ in {
   sourcehut = handleTest ./sourcehut {};
   spacecookie = handleTest ./spacecookie.nix {};
   spark = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./spark {};
+  spiped = runTest ./spiped.nix;
   sqlite3-to-mysql = handleTest ./sqlite3-to-mysql.nix {};
   sslh = handleTest ./sslh.nix {};
   ssh-agent-auth = handleTest ./ssh-agent-auth.nix {};
diff --git a/nixos/tests/spiped.nix b/nixos/tests/spiped.nix
new file mode 100644
index 000000000000..a39fc2fd722b
--- /dev/null
+++ b/nixos/tests/spiped.nix
@@ -0,0 +1,73 @@
+{ pkgs, ... }:
+let
+  key = pkgs.runCommand "key" { } "${pkgs.openssl}/bin/openssl rand 32 > $out";
+in
+{
+  name = "spiped";
+  meta = with pkgs.lib.maintainers; {
+    maintainers = [ tomfitzhenry ];
+  };
+
+  nodes = {
+    server =
+      { pkgs, lib, ... }:
+      {
+        services.caddy = {
+          enable = true;
+          settings = {
+            apps.http.servers.default = {
+              listen = [ ":80" ];
+              routes = [
+                {
+                  handle = [
+                    {
+                      body = "hello world";
+                      handler = "static_response";
+                      status_code = 200;
+                    }
+                  ];
+                }
+              ];
+            };
+          };
+        };
+
+        systemd.services."spiped@server" = {
+          wantedBy = [ "multi-user.target" ];
+          overrideStrategy = "asDropin";
+        };
+        systemd.services."spiped@client" = {
+          wantedBy = [ "multi-user.target" ];
+          overrideStrategy = "asDropin";
+        };
+        services.spiped = {
+          enable = true;
+          config = {
+            server = {
+              source = "localhost:8080";
+              target = "localhost:80";
+              keyfile = key;
+              decrypt = true;
+            };
+            client = {
+              source = "localhost:8081";
+              target = "localhost:8080";
+              keyfile = key;
+              encrypt = true;
+            };
+          };
+        };
+      };
+  };
+
+  testScript =
+    { nodes, ... }:
+    ''
+      server.wait_for_unit("caddy")
+      server.wait_for_open_port(80)
+      server.wait_for_open_port(8080)
+      server.wait_for_open_port(8081)
+
+      server.succeed("curl http://localhost:8081 | grep hello")
+    '';
+}
diff --git a/pkgs/tools/networking/spiped/default.nix b/pkgs/tools/networking/spiped/default.nix
index 09bb4eb6d6e3..021549e4f10e 100644
--- a/pkgs/tools/networking/spiped/default.nix
+++ b/pkgs/tools/networking/spiped/default.nix
@@ -4,6 +4,7 @@
   fetchurl,
   openssl,
   coreutils,
+  nixosTests,
 }:
 
 stdenv.mkDerivation rec {
@@ -34,6 +35,8 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
+  passthru.tests.spiped = nixosTests.spiped;
+
   meta = {
     description = "Utility for secure encrypted channels between sockets";
     homepage = "https://www.tarsnap.com/spiped.html";