diff --git a/flake.lock b/flake.lock
index 444b617..df5217c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -266,6 +266,26 @@
         "type": "github"
       }
     },
+    "pppdotpm-site": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1699822965,
+        "narHash": "sha256-zuUWYp22VXkMnDeCR2IRA70VXHsnCPrlhIBq5I1nAhA=",
+        "ref": "refs/heads/main",
+        "rev": "d2f73291ae58f1095bc4b19a15454dc0b8406334",
+        "revCount": 3,
+        "type": "git",
+        "url": "https://codeberg.org/ppp/ppp.pm-site.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://codeberg.org/ppp/ppp.pm-site.git"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -274,7 +294,8 @@
         "hyprland-contrib": "hyprland-contrib",
         "nh": "nh",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "pppdotpm-site": "pppdotpm-site"
       }
     },
     "systems": {
diff --git a/flake.nix b/flake.nix
index d734b59..a1e63e0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,6 +30,11 @@
       url = "github:hyprwm/contrib";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    pppdotpm-site = {
+      url = "git+https://codeberg.org/ppp/ppp.pm-site.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { self,  ... }@inputs: {
@@ -53,6 +58,7 @@
           ./hosts/sombrero/configuration.nix
           inputs.agenix.nixosModules.default
           inputs.home-manager.nixosModules.home-manager
+          inputs.pppdotpm-site.nixosModules.default
           ./hosts/sombrero/home.nix
         ];
       };
diff --git a/hosts/sombrero/configuration.nix b/hosts/sombrero/configuration.nix
index e4f6f90..357a2d7 100644
--- a/hosts/sombrero/configuration.nix
+++ b/hosts/sombrero/configuration.nix
@@ -86,6 +86,7 @@
     calibre-web.enable = true;
     transmission.enable = true;
     restic.enable = true;
+    pppdotpm-site.enable = true;
   };
 
   # Copy the NixOS configuration file and link it from the resulting system
diff --git a/hosts/sombrero/modules/ppp.pm-site/default.nix b/hosts/sombrero/modules/ppp.pm-site/default.nix
new file mode 100644
index 0000000..e363ede
--- /dev/null
+++ b/hosts/sombrero/modules/ppp.pm-site/default.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.pppdotpm-site.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
+in
+{
+  options = {
+    mod.pppdotpm-site = {
+      enable = lib.mkEnableOption "enable ppp.pm site";
+    };
+  };
+
+  config = {
+    security.acme = lib.mkIf (enabled && nginxEnabled) {
+      certs = {
+        "ppp.pm" = {
+          webroot = "/var/lib/acme/acme-challenge/";
+          email = "p@ppp.pm";
+          group = "nginx";
+        };
+      };
+    };
+
+    services.pppdotpm-site = {
+      enable = true;
+      domain = "ppp.pm";
+      useACMEHost = "ppp.pm";
+    };
+  };
+}