diff --git a/common/nginx.nix b/common/nginx.nix
index a5a91c6..10e498d 100644
--- a/common/nginx.nix
+++ b/common/nginx.nix
@@ -2,8 +2,6 @@
 
 {
   services.nginx = {
-    enable = true;
-
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -28,6 +26,4 @@
     acceptTerms = true;
     defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
   };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
\ No newline at end of file
diff --git a/hive.nix b/hive.nix
index 685237e..99e29cd 100644
--- a/hive.nix
+++ b/hive.nix
@@ -24,6 +24,7 @@ in {
       (import "${sources.home-manager}/nixos")
       (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
+      ./common/nginx.nix
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix
diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix
index 410c1d2..7c8f1ba 100644
--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@@ -1,46 +1,49 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [
-    ../../common/nginx.nix
-  ];
-
   # TODO: email out
   # TODO: interface customisation
 
-  services.nginx.virtualHosts = {
-    "git.qenya.tel" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".proxyPass = "http://[::1]:3000/";
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "git.qenya.tel" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".proxyPass = "http://[::1]:3000/";
+        };
+        "git.katherina.rocks" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".return = "301 https://git.qenya.tel$request_uri";
+        };
+      };
     };
-    "git.katherina.rocks" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 https://git.qenya.tel$request_uri";
+
+    forgejo = {
+      enable = true;
+      stateDir = "/data/forgejo";
+      settings = {
+        DEFAULT.APP_NAME = "git.qenya.tel";
+        cache = {
+          ADAPTER = "twoqueue";
+          HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
+        };
+        database = {
+          DB_TYPE = "sqlite3";
+          SQLITE_JOURNAL_MODE = "WAL";
+        };
+        security.LOGIN_REMEMBER_DAYS = 365;
+        server = {
+          DOMAIN = "git.qenya.tel";
+          HTTP_PORT = 3000;
+          ROOT_URL = "https://git.qenya.tel/";
+        };
+        service.DISABLE_REGISTRATION = true;
+      };
     };
   };
 
-  services.forgejo = {
-    enable = true;
-    stateDir = "/data/forgejo";
-    settings = {
-      DEFAULT.APP_NAME = "git.qenya.tel";
-      cache = {
-        ADAPTER = "twoqueue";
-        HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
-      };
-      database = {
-        DB_TYPE = "sqlite3";
-        SQLITE_JOURNAL_MODE = "WAL";
-      };
-      security.LOGIN_REMEMBER_DAYS = 365;
-      server = {
-        DOMAIN = "git.qenya.tel";
-        HTTP_PORT = 3000;
-        ROOT_URL = "https://git.qenya.tel/";
-      };
-      service.DISABLE_REGISTRATION = true;
-    };
-  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }