diff --git a/hosts/servers/alexandria/conduit.nix b/hosts/servers/alexandria/conduit.nix
index 94d9a00..8537e3d 100644
--- a/hosts/servers/alexandria/conduit.nix
+++ b/hosts/servers/alexandria/conduit.nix
@@ -92,6 +92,11 @@ in
       };
 
       "${server_name}" = {
+        useACMEHost = "baduhai.me";
+        forceSSL = true;
+        kTLS = true;
+        root = inputs.homepage;
+
         locations."=/.well-known/matrix/server" = {
           # Use the contents of the derivation built previously
           alias = "${well_known_server}";
@@ -109,7 +114,7 @@ in
           extraConfig = ''
             # Set the header since by default NGINX thinks it's just bytes
             default_type application/json;
-          
+
             # https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
             add_header Access-Control-Allow-Origin "*";
           '';
diff --git a/hosts/servers/alexandria/services.nix b/hosts/servers/alexandria/services.nix
index 8ba4a22..2682a88 100644
--- a/hosts/servers/alexandria/services.nix
+++ b/hosts/servers/alexandria/services.nix
@@ -58,12 +58,6 @@
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       virtualHosts = {
-        "baduhai.me" = {
-          useACMEHost = "baduhai.me";
-          forceSSL = true;
-          kTLS = true;
-          root = inputs.homepage;
-        };
         "bazarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}"; };
         "bitwarden.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; };
         "cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; };