diff --git a/systems/x86_64-linux/attic/default.nix b/systems/x86_64-linux/attic/default.nix
index e6658e5..40148d6 100644
--- a/systems/x86_64-linux/attic/default.nix
+++ b/systems/x86_64-linux/attic/default.nix
@@ -44,9 +44,31 @@
     address = [ "2a01:4f9:c014:619::1/64" ];
     routes = [{ Gateway = "fe80::1"; }];
   };
-  networking.firewall.allowedTCPPorts = [ 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   networking.firewall.allowPing = true;
 
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "harald@hoyer.xyz";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."attic.teepot.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:8080";
+        proxyWebsockets = true;
+        extraConfig = ''
+          client_max_body_size 0;
+        '';
+      };
+    };
+  };
+
   powerManagement.cpuFreqGovernor = "ondemand";
 
   system.stateVersion = "25.11";