diff --git a/nginx-config.nix b/nginx-config.nix
new file mode 100644
index 0000000..ad7cdd6
--- /dev/null
+++ b/nginx-config.nix
@@ -0,0 +1,185 @@
+{ config, pkgs, ... }:
+
+{
+   security.acme = {
+   	acceptTerms = true; # accept terms of letsencrypt
+   	defaults.email = "grimhilt@proton.me";
+   };
+
+   services.nginx = {
+	enable = true;
+   	clientMaxBodySize = "3G";
+
+	virtualHosts."domain.com" = {
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/.well-known/matrix/server" = {
+		extraConfig = ''
+		    access_log off;
+		    add_header Access-Control-Allow-Origin "*";
+		    add_header Content-Type "application/json";
+		    return 200 '{"m.server": "matrix.domain.com:443"}';
+
+		'';
+	   };
+	   locations."/.well-known/matrix/client" = {
+		extraConfig = ''
+		    access_log off;
+		    add_header Access-Control-Allow-Origin "*";
+		    add_header Content-Type "application/json";
+		    return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.com"}}';
+
+		'';
+	   };
+	   locations."/" = {
+		root = "/var/www/html";
+	   };
+
+        };
+
+	virtualHosts."git.domain.com" = {
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/" = {
+	   	proxyPass = "http://localhost:3000";
+		extraConfig = ''
+		    proxy_set_header Host $host;
+		    proxy_set_header X-Real-IP $remote_addr;
+		    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		    proxy_set_header X-Forwarded-Proto $scheme;
+
+		'';
+	   };
+	};
+
+	virtualHosts."matrix.domain.com" = {
+ 	listen = [
+	{ addr = "0.0.0.0"; port = 80 ;}
+	{ addr = "[::]"; port = 80 ;}
+	{ addr = "0.0.0.0"; port = 443 ; ssl = true; }
+	{ addr = "[::]"; port = 443 ; ssl = true; }
+	{ addr = "0.0.0.0"; port = 8448 ; ssl = true; }
+	{ addr = "[::]"; port = 8448 ; ssl = true; }
+	] ;
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/" = {
+	  	proxyPass = "http://localhost:8008";
+		extraConfig = ''
+		    proxy_set_header Host $host;
+		    proxy_set_header X-Real-IP $remote_addr;
+		    proxy_set_header X-Forwarded-Proto $scheme;
+		    client_max_body_size 50M;
+		'';
+	   };
+	};
+
+	virtualHosts."nextcloud.domain.com" = {
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/".proxyPass = "http://localhost:8010";
+	   extraConfig = ''
+		location /.well-known/carddav {
+			return 301 $scheme://$host/remote.php/dav;
+		}
+		location /.well-known/caldav {
+			return 301 $scheme://$host/remote.php/dav;
+		}
+	   '';
+	};
+
+	virtualHosts."ntfy.domain.com" = {
+	   enableACME = true;
+	   listen = [
+	   {
+		   addr = "*";
+		   port = 443;
+		   ssl = true;
+	   }
+	   {
+		   addr = "*";
+		   port = 80;
+	   }
+	   ];
+	   locations."/" = {
+	   	proxyPass = "http://localhost:8011";
+		extraConfig = ''
+		    proxy_set_header Host $host;
+		    proxy_set_header X-Real-IP $remote_addr;
+		    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		    proxy_set_header X-Forwarded-Proto $scheme;
+		    proxy_set_header Upgrade $http_upgrade;
+		    proxy_set_header Connection Upgrade;
+		    proxy_read_timeout 90;
+		    proxy_http_version 1.1;
+		'';
+	   };
+	};
+
+	virtualHosts."home.domain.com" = {
+	   listen = [
+	   {
+		   addr = "*";
+		   port = 443;
+		   ssl = true;
+	   }
+	   {
+		   addr = "*";
+		   port = 80;
+	   }
+	   ];
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/" = {
+	  	proxyPass = "http://192.168.1.120:5500";
+		extraConfig = ''
+		    proxy_set_header Host $host;
+		    proxy_set_header X-Real-IP $remote_addr;
+		    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		    proxy_set_header X-Forwarded-Proto $scheme;
+		    proxy_set_header Upgrade $http_upgrade;
+		    proxy_set_header Connection Upgrade;
+		    proxy_read_timeout 90;
+		    proxy_http_version 1.1;
+		    proxy_buffering off;
+		    proxy_buffer_size 16k;
+		    proxy_busy_buffers_size 24k;
+		    proxy_buffers 64 4k;
+		'';
+	   };
+	};
+	virtualHosts."gcc.domain.com" = {
+	   listen = [
+	   {
+		   addr = "*";
+		   port = 443;
+		   ssl = true;
+	   }
+	   {
+		   addr = "*";
+		   port = 80;
+	   }
+	   ];
+	   forceSSL = true;
+	   enableACME = true;
+	   locations."/" = {
+	  	proxyPass = "http://localhost:9010";
+		extraConfig = ''
+		    proxy_set_header Host $host;
+		    proxy_set_header X-Real-IP $remote_addr;
+		    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		    proxy_set_header X-Forwarded-Proto $scheme;
+		    proxy_set_header Upgrade $http_upgrade;
+		    proxy_set_header Connection Upgrade;
+		    proxy_read_timeout 90;
+		    proxy_http_version 1.1;
+		    proxy_buffering off;
+		    proxy_buffer_size 16k;
+		    proxy_busy_buffers_size 24k;
+		    proxy_buffers 64 4k;
+		'';
+	   };
+	};
+   };
+}
+