diff --git a/machines/public-cof/configuration.nix b/machines/public-cof/configuration.nix
index d823d36..568fcd9 100644
--- a/machines/public-cof/configuration.nix
+++ b/machines/public-cof/configuration.nix
@@ -12,6 +12,7 @@
       ./minecraft.nix
       # ./factorio.nix # TODO
       ./nginx.nix
+      ./hedgedoc.nix
       # TODO monitoring
     ];
 
diff --git a/machines/public-cof/hedgedoc.nix b/machines/public-cof/hedgedoc.nix
new file mode 100644
index 0000000..b60e25f
--- /dev/null
+++ b/machines/public-cof/hedgedoc.nix
@@ -0,0 +1,36 @@
+{ ... }:
+let
+  port = 3000;
+in
+{
+  services.hedgedoc = {
+    enable = true;
+    configuration = {
+      protocolUseSSL = true;
+      # scp =; # TODO
+      domain = "//docs.beta.rz.ens.wtf";
+      host = "localhost";
+      port = port;
+      db = {
+        dialect = "sqlite";
+        storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
+      };
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "docs.beta.rz.ens.wtf" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString port}";
+          };
+        };
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 433 80 ];
+}