diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix
index 4978492..fffeb44 100644
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -272,18 +272,30 @@
     };
   };
 
-  services.webserver = {
-    enable = true;
-    acme.dnsChallenge = true;
-    vHosts."koti.repomaa.com" = {
-      proxyBuffering = false;
-      locations."/".proxyPort = 8123;
+  services = {
+    webserver = {
+      enable = true;
+      acme.dnsChallenge = true;
+      vHosts."koti.repomaa.com" = {
+        proxyBuffering = false;
+        locations."/".proxyPort = 8123;
+      };
+    };
+
+    invidious = {
+      enable = true;
+      subdomain = "vid";
     };
   };
 
-  networking.nftables.enable = true;
-  networking.firewall.enable = true;
-  networking.useDHCP = false;
+  security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
+
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
+    useDHCP = false;
+    domain = "repomaa.com";
+  };
 
   system.stateVersion = "24.05";
 }
diff --git a/hosts/apu/default.nix b/hosts/apu/default.nix
index 9e36e42..e0c359d 100644
--- a/hosts/apu/default.nix
+++ b/hosts/apu/default.nix
@@ -6,6 +6,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./configuration.nix
+    ./secrets.nix
     nixos-hardware.nixosModules.pcengines-apu
   ];
 }
diff --git a/hosts/apu/secrets.nix b/hosts/apu/secrets.nix
new file mode 100644
index 0000000..4e51070
--- /dev/null
+++ b/hosts/apu/secrets.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  age.secrets = lib.listToAttrs (
+    map
+      (secret: {
+        name = secret;
+        value = {
+          file = ../../secrets/${secret}.age;
+        };
+      })
+      [
+        "hetzner"
+      ]
+  );
+}
diff --git a/secrets/hetzner.age b/secrets/hetzner.age
new file mode 100644
index 0000000..abf0b52
Binary files /dev/null and b/secrets/hetzner.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 93dfb23..b91c80c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -36,4 +36,5 @@ in
   "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
+  "hetzner.age".publicKeys = users ++ [ apu ];
 }