diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix
index b7aa48a..e7d214d 100644
--- a/systems/hetzner/default.nix
+++ b/systems/hetzner/default.nix
@@ -95,19 +95,22 @@ in
     chrootlocalUser = true;
   };
 
-  services.mastodon = {
-    enable = false;
-    streamingProcesses = (lib.elemAt config.facter.report.hardware.cpu 0).cores - 1;
-    localDomain = "nyan.social";
-    smtp.fromAddress = "mastodon@nyan.social";
-    configureNginx = true;
-  };
-
   users.users.backupftp = {
     isNormalUser = true;
     initialPassword = "backupPassword";
   };
 
+  services.nginx = {
+    virtualHosts."${config.containers.nyan.config.services.mastodon.localDomain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://192.168.100.5";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
   containers = {
     nyan = {
       privateNetwork = true;
@@ -115,6 +118,30 @@ in
       localAddress = "192.168.100.5/24";
       config = {
         system.stateVersion = "25.05";
+        services.mastodon = {
+          enable = true;
+          streamingProcesses = (lib.elemAt config.facter.report.hardware.cpu 0).cores - 1;
+          localDomain = "nyan.social";
+          smtp.fromAddress = "mastodon@nyan.social";
+          configureNginx = true;
+        };
+        services.nginx = {
+          virtualHosts."${config.containers.nyan.config.services.mastodon.localDomain}" = {
+            forceSSL = false;
+            enableACME = false;
+          };
+        };
+        networking = {
+          firewall = {
+            enable = true;
+            allowedTCPPorts = [
+              80
+            ];
+            allowedUDPPorts = [
+              80
+            ];
+          };
+        };
       };
     };
   };