diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 211a8a2..8e33040 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -56,8 +56,17 @@ in
   services.malobeo.microvm.deployHosts = [ "infradocs" ];
 
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
-    locations."/".proxyPass = "http://10.0.0.11:9000";
+  networking = {
+    firewall = {
+      allowedTCPPorts = [ 80 ];
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/".proxyPass = "http://10.0.0.11:9000";
+    };
   };
 
   services.tor = {
diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix
index d10f80f..ec18fa5 100644
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -12,6 +12,7 @@ with lib;
     nameservers = [ "1.1.1.1" ];
     firewall = {
       allowedUDPPorts = [ 51821 ];
+      allowedTCPPorts = [ 80 ];
     };
   };
 
@@ -27,8 +28,11 @@ with lib;
     privateKeyFile = config.sops.secrets.wg_private.path;
   };
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
-    locations."/".proxyPass = "http://10.100.0.101";
+  services.nginx = {
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/".proxyPass = "http://10.100.0.101";
+    };
   };
 
   system.stateVersion = "22.11"; # Did you read the comment?