diff --git a/configuration.nix b/configuration.nix
index 1c7b466..207efd1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,6 +14,7 @@ let
 in {
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
+    ./egirls-qa.nix
     #./vpn.nix
     #/home/jaina/src/nix-deployments/nordvpn/containers.nix
     #/home/jaina/src/nix-deployments/refactor/nixos-containers.nix
@@ -250,6 +251,8 @@ in {
     intel-gpu-tools
 
     sshfs
+
+    docker
   ];
 
   programs.sway.enable = true;
diff --git a/egirls-qa.nix b/egirls-qa.nix
new file mode 100644
index 0000000..2ab8b1f
--- /dev/null
+++ b/egirls-qa.nix
@@ -0,0 +1,76 @@
+{ pkgs, ... }: {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin+acme@heartles.xyz";
+    certs."ANY.dev.egirls.gay" = {
+      domain = "*.dev.egirls.gay";
+      dnsProvider = "namecheap";
+      credentialsFile = "/etc/nixos-secrets/namecheap-acme";
+      group = "nginx";
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = let
+      mkHost = upstream: {
+        listen = [
+          {
+            port = 443;
+            addr = "0.0.0.0";
+            ssl = true;
+          }
+          {
+            port = 80;
+            addr = "0.0.0.0";
+          }
+        ];
+        useACMEHost = "ANY.dev.egirls.gay";
+        forceSSL = true;
+        locations."/" = {
+          proxyWebsockets = true;
+          proxyPass = upstream;
+        };
+      };
+    in {
+      "masto1.dev.egirls.gay" = {
+        listen = [
+          {
+            port = 443;
+            addr = "0.0.0.0";
+            ssl = true;
+          }
+          {
+            port = 80;
+            addr = "0.0.0.0";
+          }
+        ];
+        useACMEHost = "ANY.dev.egirls.gay";
+        forceSSL = true;
+        locations."/" = {
+          proxyWebsockets = true;
+          proxyPass = "http://172.16.128.1";
+        };
+      };
+      "eg.dev.egirls.gay" = mkHost "http://127.0.0.1:3000";
+      "goto.dev.egirls.gay" = mkHost "http://127.0.0.1:8080";
+    };
+  };
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "wlp0s20f3";
+    enableIPv6 = true;
+  };
+
+  networking.hosts = {
+    "127.0.0.1" =
+      [ "masto1.dev.egirls.gay" "eg.dev.egirls.gay" "goto.dev.egirls.gay" ];
+    #"5.78.100.40" = [ "jellyfin.home.heartles.xyz" ];
+  };
+  networking.firewall.allowedTCPPortRanges = [{
+    from = 55000;
+    to = 55100;
+  }];
+}