diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix
index bcef1337..cd71b111 100644
--- a/machines/durruti/host_config.nix
+++ b/machines/durruti/host_config.nix
@@ -63,6 +63,16 @@ in
       };
     };
 
+    services.nginx.virtualHosts."talks.malobeo.org" = {
+      forceSSL = true;
+      enableACME= true;
+      locations."/" = {
+        proxyPass = "http://10.0.0.10";
+        extraConfig = ''
+        '';
+      };
+    };
+
     services.nginx.virtualHosts."tasklist.malobeo.org" = {
       forceSSL = true;
       enableACME= true;
diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 1d494c8d..8e1c3ffd 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -145,6 +145,7 @@ in
     "durruti" 
     "zineshop"
     "vaultwarden"
+    "pretalx"
   ];
 
   networking = {
@@ -229,6 +230,15 @@ in
       };
     };
 
+    virtualHosts."talks.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://${hosts.malobeo.hosts.pretalx.network.address}";
+        extraConfig = ''
+          proxy_set_header Host $host;
+        '';
+      };
+    };
+
     virtualHosts."tasklist.malobeo.org" = {
       locations."/" = {
         proxyPass = "http://${hosts.malobeo.hosts.durruti.network.address}:8080";
diff --git a/machines/hosts.nix b/machines/hosts.nix
index f04d03de..e194ed10 100644
--- a/machines/hosts.nix
+++ b/machines/hosts.nix
@@ -103,6 +103,11 @@ in
         type = "microvm";
         network = createMaloNet "17" "52:DA:0D:F9:EF:F3";
       };
+
+      pretalx = {
+        type = "microvm";
+        network = createMaloNet "18" "52:DA:0D:F9:EF:F4";
+      };
     };
   };
 }
diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix
index 8fd70fda..06cac148 100644
--- a/machines/overwatch/configuration.nix
+++ b/machines/overwatch/configuration.nix
@@ -144,6 +144,18 @@ in
           targets = [ "${hosts.malobeo.hosts.zineshop.network.address}:9002" ];
         }];
       }
+      {
+        job_name = "vaultwarden";
+        static_configs = [{
+          targets = [ "${hosts.malobeo.hosts.vaultwarden.network.address}:9002" ];
+        }];
+      }
+      {
+        job_name = "pretalx";
+        static_configs = [{
+          targets = [ "${hosts.malobeo.hosts.pretalx.network.address}:9002" ];
+        }];
+      }
       {
         job_name = "fanny";
         static_configs = [{
diff --git a/machines/pretalx/configuration.nix b/machines/pretalx/configuration.nix
new file mode 100644
index 00000000..22114d0b
--- /dev/null
+++ b/machines/pretalx/configuration.nix
@@ -0,0 +1,79 @@
+{ config, self, lib, pkgs,  ... }:
+
+with lib;
+
+let
+  hosts = import ../hosts.nix {};
+in
+{
+  networking = {
+    hostName = mkDefault "pretalx";
+    useDHCP = false;
+  };
+
+  imports = [
+    self.nixosModules.malobeo.metrics
+    self.nixosModules.malobeo.users
+    ../modules/sshd.nix
+    ../modules/minimal_tools.nix
+    ../modules/autoupdate.nix
+  ];
+
+  malobeo.metrics = {
+    enable = true;
+    enablePromtail = true;
+    logNginx = true;
+  };
+
+  malobeo.users = {
+    admin = true;
+  };
+
+
+  services.postgresqlBackup = {
+    enable = true;
+  };
+
+  services.nginx = {
+    enable = true;
+    commonHttpConfig = /* nginx */ ''
+      proxy_headers_hash_bucket_size 64;
+    '';
+    virtualHosts = {
+      "talks.malobeo.org" = {
+        forceSSL = false;
+        enableACME = false;
+      };
+    };
+  };
+
+
+  services.pretalx = {
+    enable = true;
+    celery.extraArgs = [
+      "--concurrency=${toString config.microvm.vcpu}"
+    ];
+    gunicorn.extraArgs = [
+      # https://docs.pretalx.org/administrator/installation/#step-6-starting-pretalx-as-a-service
+      "--log-level=info"
+      "--max-requests-jitter=50"
+      "--max-requests=1200"
+      "--workers=${toString config.microvm.vcpu}"
+
+      # TODO: 25.11 upstream
+      "--name=pretalx"
+      "--preload"
+    ];
+    nginx.domain = "talks.malobeo.org";
+    settings = {
+      locale = {
+        language_code = "de";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+
diff --git a/machines/vaultwarden/configuration.nix b/machines/vaultwarden/configuration.nix
index 8a437116..cc6a0880 100644
--- a/machines/vaultwarden/configuration.nix
+++ b/machines/vaultwarden/configuration.nix
@@ -18,10 +18,17 @@ with lib;
   imports = [
     ../modules/malobeo_user.nix
     ../modules/sshd.nix
+    inputs.self.nixosModules.malobeo.metrics
   ];
 
   networking.firewall.allowedTCPPorts = [ 80 ];
 
+  malobeo.metrics = {
+    enable = true;
+    enablePromtail = true;
+    logNginx = true;
+  };
+
   services.nginx = {
     enable = true;
     virtualHosts."keys.malobeo.org" = {
diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix
index e2ebee3a..21720a89 100644
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -58,6 +58,15 @@ with lib;
       };
     };
 
+    virtualHosts."talks.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://10.100.0.101";
+        extraConfig = ''
+          proxy_set_header Host $host;
+        '';
+      };
+    };
+
     virtualHosts."tasklist.malobeo.org" = {
       locations."/" = {
         proxyPass = "http://10.100.0.101";