diff --git a/hosts/web-arm/sites/fueltide.io.nix b/hosts/web-arm/sites/fueltide.io.nix
index e6c8e55..9239883 100644
--- a/hosts/web-arm/sites/fueltide.io.nix
+++ b/hosts/web-arm/sites/fueltide.io.nix
@@ -13,6 +13,64 @@
     credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
   };
 
+  security.acme.certs."fueltide.io" = {
+    credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
+  };
+
+  security.acme.certs."stage.fueltide.io" = {
+    credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
+  };
+
+  security.acme.certs."www.fueltide.io" = {
+    credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
+  };
+
+  services.webstack.instances."stage.fueltide.io" = {
+    enablePhp = false;
+    enableDefaultLocations = false;
+
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+Regq8BQgTZ6RPxX5NBGb5xGjtg9or1PV0NVUfQA3j"
+    ];
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
+    '';
+  };
+
+  services.webstack.instances."fueltide.io" = {
+    enablePhp = false;
+    enableDefaultLocations = false;
+
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7OclM+71wxsMjTw4qMukzu3vLoROtgxrH0wpIvbNT6"
+    ];
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
+    '';
+  };
+
+  services.nginx.virtualHosts."www.fueltide.io" = {
+    enableACME = true;
+    forceSSL = true;
+    globalRedirect = "fueltide.io";
+  };
+
   services.webstack.instances."fueltide.cloonar.dev" = {
     enablePhp = false;
     enableDefaultLocations = false;