diff --git a/hosts/storage-2/configuration.nix b/hosts/storage-2/configuration.nix
index 4aaea5a..3b39699 100644
--- a/hosts/storage-2/configuration.nix
+++ b/hosts/storage-2/configuration.nix
@@ -5,8 +5,10 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ./firmware.nix
       ./mixcloud.nix
       ./syncthing.nix
+      ./users.nix
     ];
 
   boot.loader.grub.enable = true;
diff --git a/hosts/storage-2/firmware.nix b/hosts/storage-2/firmware.nix
new file mode 100644
index 0000000..4ba6b5d
--- /dev/null
+++ b/hosts/storage-2/firmware.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  age.secrets.firmware-htpasswd = {
+    owner = "nginx";
+    group = "nginx";
+  };
+
+  services.nginx.virtualHosts = {
+    "firmware.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        alias = "/data/firmware/";
+        basicAuthFile = config.age.secrets.firmware-htpasswd.path;
+        extraConfig = ''
+          autoindex on;
+          autoindex_exact_size off;
+        '';
+      };
+    };
+  };
+
+  users.users.data-firmware = {
+    group = "data-firmware";
+    home = "/data/firmware";
+    useDefaultShell = true;
+    isSystemUser = true;
+  };
+  users.groups.data-firmware = {};
+
+  systemd.tmpfiles.rules = [
+    "d /data/firmware - data-firmware data-firmware - -"
+  ];
+}
diff --git a/hosts/storage-2/secrets/firmware-htpasswd.age b/hosts/storage-2/secrets/firmware-htpasswd.age
new file mode 100644
index 0000000..efcf094
--- /dev/null
+++ b/hosts/storage-2/secrets/firmware-htpasswd.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 HwR33w AtsznTAUQumy3G6fSBwIiezL2Zdzl33t9TU3hDotcRs
+eG+bBDB+MOQk7cHx+3Ha/n83t2QEbZunRYi0idRF9RQ
+-> ssh-ed25519 pI7EWw egjmvw3f6zrl0XmxI7xWhKsPl8PXTkZDSY84VbtJTG4
+MFsjDhp5UrprE3w7q9W3ZmGlkNnOFbsJNVjfeO11trw
+-> 0=-grease Fi`a + >zPFov* a
+nx2zvPHhzkSNi/8oxnL07qefB248BCwJMjpVTc8i5j5aedELas87iI/WppKoa/tq
+/jYLHztLjqKy412YvA0xuzR6yZ7G
+--- 7M+CSupk4WV36DU/c8ZtODB6N8kuhttk4aLMULp8/Zc
+�!U����թ�ұm��L��s�aYh?�Uaq�a�}�� �Ž������l@Eqǘ���w�䍯���*.��L�ѓJeFy@=	J�����
\ No newline at end of file
diff --git a/hosts/storage-2/users.nix b/hosts/storage-2/users.nix
new file mode 100644
index 0000000..984ce62
--- /dev/null
+++ b/hosts/storage-2/users.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  users.users.clerie.extraGroups = [ "data-firmware" ];
+}