diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix
index c7bbba5..5814498 100644
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@@ -61,15 +61,10 @@
     enable = true;
     domain = "actual.unspecified.systems";
   };
-
-  services.nginx = {
+  fountain.services.web-redirect = {
     enable = true;
-    virtualHosts = {
-      "actual.qenya.tel" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://actual.unspecified.systems$request_uri";
-      };
+    domains = {
+      "actual.qenya.tel" = "actual.unspecified.systems";
     };
   };
 
diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix
index e028d11..9e5758a 100644
--- a/hosts/yevaud/default.nix
+++ b/hosts/yevaud/default.nix
@@ -40,20 +40,17 @@
     enable = true;
     domain = "git.unspecified.systems";
   };
+  fountain.services.web-redirect = {
+    enable = true;
+    domains = {
+      "git.katherina.rocks" = "git.unspecified.systems";
+      "git.qenya.tel" = "git.unspecified.systems";
+    };
+  };
 
   services.nginx = {
     enable = true;
     virtualHosts = {
-      "git.katherina.rocks" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://git.unspecified.systems$request_uri";
-      };
-      "git.qenya.tel" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://git.unspecified.systems$request_uri";
-      };
       "birdsong.network" = {
         forceSSL = true;
         enableACME = true;
diff --git a/services/default.nix b/services/default.nix
index f136e92..2828a8e 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -8,5 +8,6 @@
     ./navidrome.nix
     ./pipewire-low-latency.nix
     ./remote-builder.nix
+    ./web-redirect.nix
   ];
-}
\ No newline at end of file
+}
diff --git a/services/web-redirect.nix b/services/web-redirect.nix
new file mode 100644
index 0000000..92b9c5a
--- /dev/null
+++ b/services/web-redirect.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkOption mkEnableOption types;
+  cfg = config.fountain.services.web-redirect;
+in
+{
+  options.fountain.services.web-redirect = {
+    enable = mkEnableOption "Module to do simple 301 redirects from one domain to another";
+    domains = mkOption {
+      type = types.attrsOf types.str;
+      description = "Mapping from source domain to destination domain";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts = builtins.mapAttrs
+        (name: value: {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".return = "301 https://${value}$request_uri";
+        })
+        cfg.domains;
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}