diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix
index 56689cc..1ef72bd 100644
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -9,6 +9,7 @@ in
   config = {
     mod = {
       ssh.enable = true;
+      nginx.enable = true;
     };
   };
 }
diff --git a/hosts/tadpole/modules/nginx/default.nix b/hosts/tadpole/modules/nginx/default.nix
new file mode 100644
index 0000000..ed90b6f
--- /dev/null
+++ b/hosts/tadpole/modules/nginx/default.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.nginx.enable;
+in
+{
+  options = {
+    mod.nginx = {
+      enable = lib.mkEnableOption "add nginx module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    security = {
+      acme = {
+        acceptTerms = true;
+
+        defaults = {
+          email = "p@ppp.pm";
+        };
+      };
+    };
+
+    services = {
+      nginx = {
+        enable = true;
+
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+      };
+    };
+
+    networking = {
+      firewall = {
+        allowedTCPPorts = [ 80 443 ];
+      };
+    };
+  };
+}