diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix
index 0c1ffbb..ac1b86b 100644
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@@ -28,6 +28,7 @@
   ];
 
   networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [443];
 
   home-manager.users.root = {
     imports = with tree; [home.base home.dev.small];
diff --git a/profiles/nginx.nix b/profiles/nginx.nix
index c3632cb..7589d17 100644
--- a/profiles/nginx.nix
+++ b/profiles/nginx.nix
@@ -1,10 +1,21 @@
-{lib, ...}: {
-  security.acme = {
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  options.services.nginx.virtualHosts = lib.mkOption {
+    type = lib.types.attrsOf (lib.types.submodule {
+      config.http3 = lib.mkDefault true;
+    });
+  };
+
+  config.security.acme = {
     defaults = {email = "chaoticryptidz@owo.monster";};
     acceptTerms = true;
   };
-  services.nginx = {
+  config.services.nginx = {
     enable = true;
+    package = pkgs.nginxQuic;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;