diff --git a/common/default.nix b/common/default.nix
index 3b1826a..e5cd2e3 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -77,6 +77,7 @@ in {
 
   services.nginx.appendHttpConfig = ''
     access_log off;
+    add_header Permissions-Policy "interest-cohort=()";
   '';
 
   networking.nftables.enable = true;
diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix
index 7f6bf78..2a6253e 100644
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@@ -43,8 +43,21 @@
     interface = "enp35s0";
   };
 
-  services.nginx.enable = true;
-  services.nginx.recommendedProxySettings = true;
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "parsons.hacc.space" = {
+        default = true;
+        locations."/".return = "404";
+      };
+      "hacc.space" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".return = "302 https://hacc.earth";
+      };
+    };
+  };
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
   services.restic.backups.tardis = {