diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..51c871b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/cloudflare.token
\ No newline at end of file
diff --git a/nixos/leena/configuration.nix b/nixos/leena/configuration.nix
index 2bf4c65..aeed076 100644
--- a/nixos/leena/configuration.nix
+++ b/nixos/leena/configuration.nix
@@ -35,6 +35,7 @@
     };
   };
 
+  nix.settings.auto-optimise-store = true;
   nixpkgs.config.allowUnfree = true;
   programs.iftop.enable = true;
   programs.iotop.enable = true;
@@ -77,9 +78,22 @@
     apiTokenFile = "/home/jt/conf/cloudflare.token";
   };
   networking.firewall.enable = true;
-  # networking.firewall.allowedTCPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
 
+  #security.acme.acceptTerms = true;
+  #security.acme.defaults.email = "";
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "leena.jakest.us" = {
+        addSSL = true;
+        #enableACME = true;
+        root = "/var/www/leena.jakest.us";
+      };
+    };
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave