diff --git a/flake.nix b/flake.nix
index dc423a9..2599e7c 100755
--- a/flake.nix
+++ b/flake.nix
@@ -45,6 +45,7 @@
             ./modules/mautrix-telegram.nix
             ./modules/sogo.nix
             ./modules/vaultwarden.nix
+            ./modules/website.nix
             ./modules/zsh.nix
             ./modules/course-management.nix
             ./modules/gitea.nix
diff --git a/modules/website.nix b/modules/website.nix
new file mode 100644
index 0000000..7b3159a
--- /dev/null
+++ b/modules/website.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+let
+  www-domain = "www.${config.fsr.domain}";
+  user = "fsr-web";
+  group = "fsr-web";
+in
+{
+
+  users.users.${user} = {
+    group = group;
+    isSystemUser = true;
+  };
+  users.groups.${group} = { };
+
+  services.phpfpm.pools.ifsrde = {
+    user = user;
+    group = group;
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 32;
+      "pm.max_requests" = 500;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 2;
+      "pm.max_spare_servers" = 5;
+      "php_admin_value[error_log]" = "stderr";
+      "php_admin_flag[log_errors]" = true;
+      "catch_workers_output" = true;
+    };
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
+  };
+
+  services.nginx = rec {
+    virtualHosts.${www-domain} = {
+      root = "/srv/web/ifsrde";
+      locations = {
+        "= /" = {
+          extraConfig = ''
+            rewrite ^ /index.php;
+          '';
+        };
+        "~ \.php$" = {
+          extraConfig = ''
+            try_files $uri =404;
+            fastcgi_pass unix:${config.services.phpfpm.pools.ifsrde.socket};
+            fastcgi_index index.php;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+            include ${pkgs.nginx}/conf/fastcgi.conf;
+          '';
+        };
+      };
+    };
+    # ifsr.de without www
+    virtualHosts.${config.fsr.domain} = virtualHosts.${www-domain};
+  };
+}