diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix
index 840188b..665fc14 100644
--- a/hosts/web-01.cloonar.com/configuration.nix
+++ b/hosts/web-01.cloonar.com/configuration.nix
@@ -36,13 +36,14 @@
     ./sites/api.optiprot.cloonar.dev.nix
     ./sites/cloonar.dev.nix
     # ./sites/diabetes-austria.cloonar.dev.nix
-    ./sites/api.paraclub.cloonar.dev.nix
     ./sites/paraclub.cloonar.dev.nix
+    ./sites/api.paraclub.cloonar.dev.nix
+    ./sites/tandem.paraclub.cloonar.dev.nix
+    ./sites/module.paraclub.cloonar.dev.nix
     ./sites/gbv-aktuell.cloonar.dev.nix
     ./sites/optiprot.cloonar.dev.nix
     ./sites/mehr-leistbaren-wohnraum-schaffen.at.nix
     ./sites/mehr-leistbaren-wohnraum-schaffen.cloonar.dev.nix
-    ./sites/module.paraclub.cloonar.dev.nix
   ];
 
   nixpkgs.config.permittedInsecurePackages = [
diff --git a/hosts/web-01.cloonar.com/sites/tandem.paraclub.cloonar.dev.nix b/hosts/web-01.cloonar.com/sites/tandem.paraclub.cloonar.dev.nix
new file mode 100644
index 0000000..9be3373
--- /dev/null
+++ b/hosts/web-01.cloonar.com/sites/tandem.paraclub.cloonar.dev.nix
@@ -0,0 +1,45 @@
+{ pkgs, lib, config, ... }:
+let
+  domain = "tandem.paraclub.cloonar.dev";
+  dataDir = "/var/www/${domain}";
+  user = builtins.replaceStrings ["." "-"] ["_" "_"] domain
+in {
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+    root = "${dataDir}";
+
+    locations."/favicon.ico".extraConfig = ''
+      log_not_found off;
+      access_log off;
+    '';
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html$is_args$args;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
+     expires 365d;
+     add_header Pragma "public";
+     add_header Cache-Control "public";
+    '';
+
+    locations."~ [^/]\.php(/|$)".extraConfig = ''
+      deny all;
+    '';
+  };
+  users.users."${user}" = {
+    isNormalUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode= "770";
+    #home = "/home/${domain}";
+    group  = "nginx";
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpezoJfaqSlQKhbzIRxQysmSmU5tih0SGFh4Eiy3YjfxiJSCRCuVTBCUmnhDCPsJZK+5xEDGarO8UfiqxZfxEyEL5d7IcRQJ/uRSFhYzByGbkziLM760KYqBzaE2Siu+zk625KOm6BN9qWGZdirejwf1Ay9EYmUdNiCMBBFLkPaQkZ8IEuMavf1wHEiZLas25eK7oJWHYKltcluH05QEF+5ODu88nlSpFlz2FjxJSbLDf7qeUba/L2OL124dTU5NIDNzwZLCKjpp8aTYzTaoox7KXUVRmy1X4Or61WhSxw9+LGyrAZLsW+l0a4FgY17V5HnF5/jf8eOpkuVdwtd29KCheJ4BdUfomV8vEt6S0hUP66VqJn6MliuL+10KM6TjLnjg0McPp1LPuSFRoLzO0YetTZzeVc0oBIr9Z3vjm6jt1dYcUtaydn/fc+FgoqpIOLz6EOGCz/CmyaV4rLk2BFKqtx5GP1wbP36hVkyWpREbEMILpFKDOyp21fC67mb0M="
+    ];
+  };
+  users.groups.${user} = {};
+}