diff --git a/cdn.nix b/cdn.nix
new file mode 100644
index 0000000..d4d0dbf
--- /dev/null
+++ b/cdn.nix
@@ -0,0 +1,206 @@
+let
+cdn-node-setup = args@{ domain, config_file, ... }: {
+    deployment.targetHost = domain;
+    nixpkgs.localSystem.system = "x86_64-linux";
+    imports =
+    [
+      config_file
+    ];
+
+
+    networking.firewall.allowedTCPPorts = [
+      80 # HTTP
+      443 # HTTPs
+    ];
+
+    # Enable nginx service
+    services.nginx = {
+
+      enable = true;
+      # Use recommended settings
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      virtualHosts.${domain} = {
+
+              forceSSL = true;
+              enableACME = true;
+              locations = {
+                "~* \\.(m3u8)$" = {
+                  proxyPass = "https://cdn-master.lukas.studio$request_uri";
+
+                  extraConfig = ''
+                    #proxy_cache = off;
+                    expires -1;
+                    '';
+                };
+                "/hls" = {
+                  proxyPass = "https://cdn-master.lukas.studio$request_uri";
+                  extraConfig = ''
+                    types {
+                      application/vnd.apple.mpegurl m3u8;
+                      video/mp2t ts;
+                    }
+                    proxy_cache hls;
+                    proxy_ignore_headers Cache-Control;
+                    proxy_cache_valid any 30m;
+                    '';
+
+                };
+
+              };
+
+
+
+
+        };
+        appendHttpConfig = ''
+          proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
+          resolver 1.1.1.1;
+          '';
+
+      };
+      security.acme.certs = {
+        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
+        };
+      security.acme.acceptTerms = true;
+};
+
+cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
+    deployment.targetHost = domain;
+    nixpkgs.localSystem.system = "x86_64-linux";
+    imports =
+    [
+      config_file
+    ];
+
+
+    networking.firewall.allowedTCPPorts = [
+      80 # HTTP
+      443 # HTTPs
+    ];
+
+    # Enable nginx service
+    services.nginx = {
+
+      enable = true;
+      # Use recommended settings
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      virtualHosts.${domain} = {
+
+              forceSSL = true;
+              enableACME = true;
+              locations = {
+                "~* \\.(m3u8)$" = {
+                  proxyPass = "${host-server}$request_uri";
+
+                  extraConfig = ''
+                    #proxy_cache = off;
+                    expires -1;
+                    '';
+                };
+                "/hls" = {
+                  proxyPass = "${host-server}$request_uri";
+                  extraConfig = ''
+                    types {
+                      application/vnd.apple.mpegurl m3u8;
+                      video/mp2t ts;
+                    }
+                    proxy_cache hls;
+                    proxy_ignore_headers Cache-Control;
+                    proxy_cache_valid any 30m;
+                    '';
+
+                };
+
+              };
+            };
+            appendHttpConfig = ''
+              proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
+              resolver 1.1.1.1;
+              '';
+
+      };
+      security.acme.certs = {
+        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
+        };
+      security.acme.acceptTerms = true;
+};
+
+cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: {
+    deployment.targetHost = domain;
+    nixpkgs.localSystem.system = "x86_64-linux";
+    imports =
+    [
+      config_file
+    ];
+
+
+    networking.firewall.allowedTCPPorts = [
+      80 # HTTP
+      443 # HTTPs
+    ];
+
+    # Enable nginx service
+    services.nginx = {
+
+      enable = true;
+
+      # Use recommended settings
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      virtualHosts.${domain} = {
+              locations = {
+                "/" = {
+                  return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\"";
+                };
+              };
+              forceSSL = true;
+              enableACME = true;
+            };
+            appendHttpConfig = ''
+              split_clients "''\$''\{remote_addr''\}" $cdnhosts {
+              50% "cdn-node-1.lukas.studio";
+              50% "cdn-node-2.lukas.studio";
+              }
+              '';
+      };
+
+
+      security.acme.certs = {
+        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
+        };
+      security.acme.acceptTerms = true;
+};
+
+
+in
+{
+  network.description = "CDN for some stuff";
+  #network.enableRollback = true;
+
+  cdn-node-1 = cdn-node-setup {
+    domain="cdn-node-1.lukas.studio";
+    config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-1.nix";
+  };
+  cdn-node-2 = cdn-node-setup {
+    domain="cdn-node-2.lukas.studio";
+    config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-2.nix";
+  };
+  cdn-master = cdn-master-setup {
+    domain="cdn-master.lukas.studio";
+    config_file="/Users/lukas/Documents/nixops/configuration-cdn-master.nix";
+    host-server = "https://rosenbaum.lukas.studio";
+  };
+  cdn-loadbalancer = cdn-loadbalancer-setup {
+    domain="cdn-loadbalancer.lukas.studio";
+    config_file="/Users/lukas/Documents/nixops/configuration-cdn-loadbalancer.nix";
+    nodes= {
+    # implement automatic node setting
+    };
+  };
+
+}