diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index ecf3c11..2bf471f 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -18,6 +18,7 @@
       ./meow.nix
       ./milchinsel.nix
       ./mitel-ommclient2.nix
+      ./nix-install.nix
       ./ping.nix
       ./public.nix
       ./radicale.nix
diff --git a/hosts/web-2/nix-install.nix b/hosts/web-2/nix-install.nix
new file mode 100644
index 0000000..b5aa79e
--- /dev/null
+++ b/hosts/web-2/nix-install.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+let
+  install_script = pkgs.writeTextDir "web/install" ''
+    #!/usr/bin/env bash
+    set -euo pipefail
+
+    which nix 2>1 > /dev/null || { echo "nix command not found. Install nix and try again"; exit 1; }
+
+    nix --extra-experimental-features "nix-command" \
+      --substituters "https://nix-cache.clerie.de" \
+      --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \
+      copy --from "https://nix-cache.clerie.de" \
+      ${pkgs.nixfiles-auto-install}
+    ${pkgs.nixfiles-auto-install}/bin/nixfiles-auto-install
+  '';
+in {
+  services.nginx.virtualHosts = {
+    "install.nix.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        root = install_script + "/web/";
+        extraConfig = ''
+          index install;
+          types { } default_type "text/plain; charset=utf-8";
+        '';
+      };
+    };
+  };
+}