diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix
index 1ef72bd..97d1980 100644
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -10,6 +10,8 @@ in
     mod = {
       ssh.enable = true;
       nginx.enable = true;
+
+      pppdotpm-site.enable = true;
     };
   };
 }
diff --git a/hosts/tadpole/modules/ppp.pm-site/default.nix b/hosts/tadpole/modules/ppp.pm-site/default.nix
new file mode 100644
index 0000000..06d889d
--- /dev/null
+++ b/hosts/tadpole/modules/ppp.pm-site/default.nix
@@ -0,0 +1,33 @@
+{ inputs, lib, config, ... }:
+let
+  enabled = config.mod.pppdotpm-site.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
+in
+{
+  imports = [ inputs.pppdotpm-site.nixosModules.default ];
+
+  options = {
+    mod.pppdotpm-site = {
+      enable = lib.mkEnableOption "enable ppp.pm site";
+    };
+  };
+
+  config = lib.mkIf (enabled && nginxEnabled) {
+    security.acme = {
+      certs = {
+        "ppp.pm" = {
+          webroot = "/var/lib/acme/acme-challenge/";
+          email = "p@ppp.pm";
+          group = "nginx";
+        };
+      };
+    };
+
+    services.pppdotpm-site = {
+      enable = true;
+      domain = "ppp.pm";
+      useACMEHost = "ppp.pm";
+    };
+  };
+}