diff --git a/examples/configuration.nix b/examples/configuration.nix
index 6ed2300..62f9312 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -38,9 +38,10 @@
   # Enable this module to use clightning, a Lightning Network implementation
   # in C.
   services.clightning.enable = true;
-  # Enable this option to listen for incoming lightning connections. By
-  # default nix-bitcoin nodes offer outgoing connectivity.
-  # services.clightning.autolisten = true;
+  # Enable this option to announce our Tor Hidden Service. By default clightning
+  # offers outgoing functionality, but doesn't announce the Tor Hidden Service
+  # under which peers can reach us.
+  # services.clightning.announce-tor = true;
 
   ### LND
   # Disable clightning and uncomment the following line in order to enable lnd,
diff --git a/modules/clightning.nix b/modules/clightning.nix
index 1b6ffff..3bb516f 100644
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@@ -5,8 +5,8 @@ with lib;
 let
   cfg = config.services.clightning;
   inherit (config) nix-bitcoin-services;
+  onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []);
   configFile = pkgs.writeText "config" ''
-    autolisten=${if cfg.autolisten then "true" else "false"}
     network=bitcoin
     bitcoin-datadir=${config.services.bitcoind.dataDir}
     ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
@@ -28,7 +28,8 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        If enabled, the clightning service will listen.
+        Bind (and maybe announce) on IPv4 and IPv6 interfaces if no addr,
+        bind-addr or  announce-addr  options  are specified.
       '';
     };
     proxy = mkOption {
@@ -48,6 +49,11 @@ in {
       default = null;
       description = "Set an IP address or UNIX domain socket to listen to";
     };
+    announce-tor = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Announce clightning Tor Hidden Service";
+    };
     bitcoin-rpcuser = mkOption {
       type = types.str;
       description = ''
@@ -93,12 +99,13 @@ in {
       "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
     ];
 
+    services.onion-chef.access.clightning = if cfg.announce-tor then [ "clightning" ] else [];
     systemd.services.clightning = {
       description = "Run clightningd";
       path  = [ pkgs.nix-bitcoin.bitcoind ];
       wantedBy = [ "multi-user.target" ];
-      requires = [ "bitcoind.service" ];
-      after = [ "bitcoind.service" ];
+      requires = [ "bitcoind.service" ] ++ onion-chef-service;
+      after = [ "bitcoind.service" ] ++ onion-chef-service;
       preStart = ''
         cp ${configFile} ${cfg.dataDir}/config
         chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
@@ -106,6 +113,7 @@ in {
         rm -f ${cfg.dataDir}/bitcoin/lightning-rpc
         chmod 600 ${cfg.dataDir}/config
         echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
+        ${optionalString cfg.announce-tor "echo announce-addr=$(cat /var/lib/onion-chef/clightning/clightning) >> '${cfg.dataDir}/config'"}
         '';
       serviceConfig = nix-bitcoin-services.defaultHardening // {
         ExecStart = "${pkgs.nix-bitcoin.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";