diff --git a/hosts/common/optional/nginx/semitamaps.nix b/hosts/common/optional/nginx/semitamaps.nix
new file mode 100644
index 0000000..e9a65aa
--- /dev/null
+++ b/hosts/common/optional/nginx/semitamaps.nix
@@ -0,0 +1,7 @@
+{
+  networking.firewall.allowedTCPPorts = [ 80 ];
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."samchance.xyz" = {
+    root = "/srv/hello/";
+  };
+}
diff --git a/hosts/common/optional/nginx/vaultwarden.nix b/hosts/common/optional/nginx/vaultwarden.nix
new file mode 100644
index 0000000..097912f
--- /dev/null
+++ b/hosts/common/optional/nginx/vaultwarden.nix
@@ -0,0 +1,24 @@
+{configVars, ...}: let
+  email = configVars.email.user;
+  domain = configVars.domains.vaultwarden;
+  vaultwardenIp = configVars.networking.addresses.vaultwarden.localAddress;
+  vaultwardenPort = configVars.networking.addresses.vaultwarden.port;
+in {
+  networking.firewall.allowedTCPPorts = [80 443];
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = email;
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://${vaultwardenIp}:${toString vaultwardenPort}";
+      };
+    };
+  };
+}