diff --git a/services/auto-torrent.nix b/services/auto-torrent.nix
index 1c334b9..20d1eb9 100644
--- a/services/auto-torrent.nix
+++ b/services/auto-torrent.nix
@@ -22,6 +22,7 @@
   ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
 in {
   microvm.autostart = [vm-name];
+  imports = [./nginx.nix];
 
   users.extraUsers.microvm.extraGroups = [
     "jellyfin" # access to media folder
@@ -158,7 +159,6 @@ in {
           peer-port-random-high = 65535;
           peer-port-random-on-start = true;
           download-queue-enabled = false;
-
         };
         downloadDirPermissions = "775";
         performanceNetParameters = true;
@@ -215,6 +215,6 @@ in {
     )
     ports);
 
-  networking.firewall.allowedTCPPorts = [80 443] ++ ports-list;
-  networking.firewall.allowedUDPPorts = [80 443] ++ ports-list;
+  networking.firewall.allowedTCPPorts = ports-list;
+  networking.firewall.allowedUDPPorts = ports-list;
 }
diff --git a/services/conduwuit.nix b/services/conduwuit.nix
new file mode 100644
index 0000000..683b014
--- /dev/null
+++ b/services/conduwuit.nix
@@ -0,0 +1,34 @@
+{...}: let
+  port = 6167;
+  address = "127.0.0.1";
+  domain = "matrix.spoodythe.one";
+  mb = 1024 * 1024;
+  max-request-size = 20;
+in {
+  imports = [
+    ./nginx.nix
+  ];
+
+  services.conduwuit = {
+    enable = true;
+    settings = {
+      global = {
+        inherit port;
+        inherit address;
+        server_name = domain;
+        max_request_size = max-request-size * mb;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${address}:${toString port}";
+      extraConfig = ''
+        client_max_body_size ${max-request-size}M;
+      '';
+    };
+  };
+}
diff --git a/services/forgejo.nix b/services/forgejo.nix
index ac3ca19..2f0dda1 100755
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@@ -2,6 +2,7 @@
   host = "127.0.0.1";
   port = 6969;
 in {
+  imports = [./nginx.nix];
   services.forgejo = {
     enable = true;
 
@@ -42,8 +43,4 @@ in {
       '';
     };
   };
-
-  # Open port 80 and 443 for reverse proxy
-  networking.firewall.allowedTCPPorts = [80 443];
-  networking.firewall.allowedUDPPorts = [80 443];
 }
diff --git a/services/jellyfin.nix b/services/jellyfin.nix
index 39bfbf3..de6a9c3 100755
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -6,35 +6,8 @@
 }: let
   host = "127.0.0.1";
   port = 8096;
-  jellyfin =
-    if config.services.mullvad-vpn.enable == true
-    then
-      pkgs.callPackage ({...}:
-        pkgs.stdenv.mkDerivation {
-          pname = "jellyfin-excluded";
-          version = "1.0.0";
-
-          phases = ["installPhase"];
-
-          buildInputs = [pkgs.jellyfin];
-
-          # Define the install phase
-          installPhase = ''
-            mkdir -p $out/bin
-            # Create a wrapper script
-            echo "${pkgs.mullvad-vpn}/bin/mullvad-exclude ${pkgs.jellyfin}/bin/jellyfin \"$@\"" > $out/bin/jellyfin-excluded
-            chmod +x $out/bin/jellyfin-excluded
-          '';
-
-          # Specify the output
-          meta = with pkgs.lib; {
-            description = "A wrapper for the hello command";
-            mainProgram = "jellyfin-excluded";
-            license = licenses.mit;
-          };
-        }) {}
-    else pkgs.jellyfin;
 in {
+  imports = [./nginx.nix];
   # Enable VAAPI
   config.nixpkgs.config.packageOverrides = pkgs: {
     vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
@@ -60,7 +33,6 @@ in {
   # Enable Jellyfin
   config.services.jellyfin = {
     enable = true;
-    package = jellyfin;
     openFirewall = false; # We want jellyfin behind a reverse proxy
   };
 
@@ -90,6 +62,6 @@ in {
   };
 
   # Open port 80 and 443 for reverse proxy
-  config.networking.firewall.allowedTCPPorts = [port 80 443];
-  config.networking.firewall.allowedUDPPorts = [port 80 443];
+  config.networking.firewall.allowedTCPPorts = [port];
+  config.networking.firewall.allowedUDPPorts = [port];
 }
diff --git a/services/nginx.nix b/services/nginx.nix
index cc0b9ad..082334f 100755
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -9,4 +9,8 @@
 
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "snorre@altschul.dk";
+
+  # Open port 80 and 443 for reverse proxy
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
 }
diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix
index d10279f..a453377 100755
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@@ -2,6 +2,7 @@
   host = "127.0.0.1";
   port = 8222;
 in {
+  imports = [./nginx.nix];
   services.vaultwarden = {
     enable = true;
 
@@ -24,9 +25,6 @@ in {
     };
   };
 
-  networking.firewall.allowedTCPPorts = [port];
-  networking.firewall.allowedUDPPorts = [port];
-
   services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
     enableACME = true;
     forceSSL = true;
diff --git a/services/website.nix b/services/website.nix
index 415b7c5..19ceefb 100755
--- a/services/website.nix
+++ b/services/website.nix
@@ -8,6 +8,7 @@
   user = "website-host-user";
   uid = 1900;
 in {
+  imports = [./nginx.nix];
   services.nginx.virtualHosts."spoodythe.one" = {
     enableACME = true;
     forceSSL = true;