diff --git a/common/secret/default.nix b/common/secret/default.nix
index 07385705..45184a56 100644
Binary files a/common/secret/default.nix and b/common/secret/default.nix differ
diff --git a/hosts/hera/configuration.nix b/hosts/hera/configuration.nix
index d07d267a..4b71634a 100644
--- a/hosts/hera/configuration.nix
+++ b/hosts/hera/configuration.nix
@@ -73,6 +73,10 @@ m-0 = {
   server.enable = true;
   standalone.enable = true;
   git-server.enable = true;
+  mathechor-de = {
+    enable = true;
+    password = config.m-0.private.mathechor-pw;
+  };
 };
 
 home-manager.users."${me.user}" = (import ./home.nix);
diff --git a/system/default.nix b/system/default.nix
index 76dfcf00..9cf4cc97 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -8,6 +8,7 @@ in {
     ./modules/laptop.nix
     ./modules/git-server.nix
     ./modules/server
+    ./modules/server/mathechor.de.nix
     ./modules/standalone
     "${builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/nixdark"}/default.nix"
     ./modules/loginctl-linger.nix
diff --git a/system/modules/server/mathechor.de.nix b/system/modules/server/mathechor.de.nix
new file mode 100644
index 00000000..d2c4a7d6
--- /dev/null
+++ b/system/modules/server/mathechor.de.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, lib, ... }:
+with lib;
+
+let
+
+me = config.m-0.private.me;
+page = pkgs.stdenv.mkDerivation {
+  name = "mathechor.de";
+  src = builtins.fetchGit "git@hera:mathechor.de";
+  buildInputs = [ pkgs.pandoc pkgs.python3 ];
+  LC_ALL="en_US.UTF-8";
+  LOCALE_ARCHIVE="${pkgs.glibcLocales}/lib/locale/locale-archive";
+  installPhase = ''
+    mkdir $out
+    cp -r intern/output $out/intern
+    cp -r public/output $out/public
+  '';
+};
+
+in
+{
+
+options = {
+  m-0.mathechor-de = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+    };
+    password = mkOption {
+      type = types.str;
+    };
+  };
+};
+
+config = mkIf config.m-0.mathechor-de.enable {
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts."mathechor.de" = {
+        serverAliases = ["www.mathechor.de"];
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            root = "${page}/public";
+            index = "index.html";
+            extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
+          };
+        };
+      };
+      virtualHosts."intern.mathechor.de" = {
+        forceSSL = true;
+        enableACME = true;
+        basicAuth.mathechor = config.m-0.mathechor-de.password;
+        locations = {
+          "/" = {
+            root = "${page}/intern";
+            index = "index.html";
+          };
+        };
+      };
+    };
+  };
+};
+
+}