diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix
index 4470943..378fe40 100644
--- a/systems/hetzner/default.nix
+++ b/systems/hetzner/default.nix
@@ -9,6 +9,7 @@
     self.inputs.snm.nixosModules.mailserver
     ./mail.nix
     ./matrix.nix
+    ./nginx.nix
   ];
 
   jopejoe1 = {
diff --git a/systems/hetzner/matrix.nix b/systems/hetzner/matrix.nix
index 42268b0..af5d1b6 100644
--- a/systems/hetzner/matrix.nix
+++ b/systems/hetzner/matrix.nix
@@ -22,16 +22,8 @@ in
   '';
 
   services.nginx = {
-    enable = true;
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
     virtualHosts = {
       "missing.ninja" = {
-        serverAliases = [ "joens.zone" "joens.website" "joens.site" "joens.online" "joens.link" "joens.international" "joens.family" "joens.digital" "joens.blog" "net0loggy.net" "clan-war.net" "net0loggy.de" "dtg-c.de" ];
-        enableACME = true;
-        forceSSL = true;
         locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
         locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
       };
@@ -53,9 +45,6 @@ in
           };
         };
       };
-      "webmail.missing.ninja" = {
-        serverAliases = [ "joens.email" ];
-      };
     };
   };
 
diff --git a/systems/hetzner/nginx.nix b/systems/hetzner/nginx.nix
new file mode 100644
index 0000000..1d16283
--- /dev/null
+++ b/systems/hetzner/nginx.nix
@@ -0,0 +1,47 @@
+{config, pkgs, ...}:
+
+{
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "missing.ninja" = {
+        serverAliases = [ "joens.zone" "joens.website" "joens.site" "joens.online" "joens.link" "joens.international" "joens.family" "joens.digital" "joens.blog" "net0loggy.net" "clan-war.net" "net0loggy.de" "dtg-c.de" ];
+        enableACME = true;
+        forceSSL = true;
+      };
+      "webmail.missing.ninja" = {
+        serverAliases = [ "joens.email" ];
+      };
+      "pad.missing.ninja" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyPass = "http://localhost:3333";
+        locations."/socket.io/" = {
+          proxyPass = "http://localhost:3333";
+          proxyWebsockets = true;
+          extraConfig =
+            "proxy_ssl_server_name on;"
+            ;
+        };
+      };
+    };
+  };
+
+  hedgedoc = {
+    enable = true;
+    settings = {
+      db = {
+        dialect = "sqlite";
+        torage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
+      };
+      domain = "pad.missing.ninja";
+      port = 3333;
+      useSSL = false;
+      protocolUseSSL = true;
+    };
+  };
+}