diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix
similarity index 96%
rename from hosts/alexandria/forgejo.nix
rename to hosts/trantor/forgejo.nix
index 909d1d1..c11573e 100644
--- a/hosts/alexandria/forgejo.nix
+++ b/hosts/trantor/forgejo.nix
@@ -28,7 +28,6 @@ in
   };
 
   services.nginx.virtualHosts = mkNginxVHosts {
-    acmeHost = "baduhai.dev";
     domains."git.baduhai.dev".locations."/".proxyPass =
       "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
   };
diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix
new file mode 100644
index 0000000..6879bfc
--- /dev/null
+++ b/hosts/trantor/nginx.nix
@@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+
+let
+  utils = import ../../utils.nix { inherit inputs lib; };
+  inherit (utils) mkNginxVHosts;
+in
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "baduhai@proton.me";
+      dnsResolver = "1.1.1.1:53";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflare.path;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "_" = {
+        default = true;
+        locations."/".return = "444";
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  age.secrets.cloudflare = {
+    file = ../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "nginx";
+  };
+}
diff --git a/shared/services.nix b/shared/services.nix
index f55e4d2..fd4e440 100644
--- a/shared/services.nix
+++ b/shared/services.nix
@@ -6,7 +6,7 @@
   services = [
     {
       name = "vaultwarden";
-      domain = "vault.baduhai.dev";
+      domain = "pass.baduhai.dev";
       host = "alexandria";
       lanIP = "192.168.15.142";
       tailscaleIP = "100.76.19.50";