diff --git a/configuration/common/default.nix b/configuration/common/default.nix
index da366bd..efebb33 100644
--- a/configuration/common/default.nix
+++ b/configuration/common/default.nix
@@ -3,6 +3,8 @@
 {
   imports = [
     ../../modules
+
+    ./web.nix
   ];
 
   networking.domain = "net.clerie.de";
@@ -64,51 +66,6 @@
     options = "--delete-older-than 30d";
   };
 
-  services.nginx = {
-    enableReload = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    commonHttpConfig = ''
-      server_names_hash_bucket_size 64;
-      map $remote_addr $remote_addr_anon {
-        ~(?P<ip>\d+\.\d+\.\d+)\.          $ip.0;
-        ~(?P<ip>[^:]*:[^:]*(:[^:]*)?):    $ip::;
-        default                           ::;
-      }
-      log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
-                               '"$request" $status $body_bytes_sent '
-                               '"$http_referer" "$http_user_agent"';
-      log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
-                                '"$request" $status $body_bytes_sent '
-                                '"$http_referer" "$http_user_agent"';
-      access_log /var/log/nginx/access.log vcombined_anon;
-    '';
-
-    virtualHosts = {
-      "default" = {
-        default = true;
-        rejectSSL = true;
-        locations."/" = {
-          return = ''200 "Some piece of infrastructure\n"'';
-          extraConfig = ''
-            types { } default_type "text/plain; charset=utf-8";
-          '';
-        };
-      };
-    };
-  };
-  services.logrotate.settings.nginx = {
-    frequency = "daily";
-    maxage = 14;
-  };
-
-  security.acme = {
-    defaults.email = "letsencrypt@clerie.de";
-    acceptTerms = true;
-  };
 
   nix.settings = {
     experimental-features = [
diff --git a/configuration/common/web.nix b/configuration/common/web.nix
new file mode 100644
index 0000000..360d950
--- /dev/null
+++ b/configuration/common/web.nix
@@ -0,0 +1,50 @@
+{ ... }:
+
+{
+  services.nginx = {
+    enableReload = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    commonHttpConfig = ''
+      server_names_hash_bucket_size 64;
+      map $remote_addr $remote_addr_anon {
+        ~(?P<ip>\d+\.\d+\.\d+)\.          $ip.0;
+        ~(?P<ip>[^:]*:[^:]*(:[^:]*)?):    $ip::;
+        default                           ::;
+      }
+      log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
+                               '"$request" $status $body_bytes_sent '
+                               '"$http_referer" "$http_user_agent"';
+      log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
+                                '"$request" $status $body_bytes_sent '
+                                '"$http_referer" "$http_user_agent"';
+      access_log /var/log/nginx/access.log vcombined_anon;
+    '';
+
+    virtualHosts = {
+      "default" = {
+        default = true;
+        rejectSSL = true;
+        locations."/" = {
+          return = ''200 "Some piece of infrastructure\n"'';
+          extraConfig = ''
+            types { } default_type "text/plain; charset=utf-8";
+          '';
+        };
+      };
+    };
+  };
+
+  services.logrotate.settings.nginx = {
+    frequency = "daily";
+    maxage = 14;
+  };
+
+  security.acme = {
+    defaults.email = "letsencrypt@clerie.de";
+    acceptTerms = true;
+  };
+}