diff --git a/nixos/machines/driftwood/configuration.nix b/nixos/machines/driftwood/configuration.nix
index f04a9a0..79740d7 100644
--- a/nixos/machines/driftwood/configuration.nix
+++ b/nixos/machines/driftwood/configuration.nix
@@ -1,10 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -15,6 +17,25 @@
   i18n.defaultLocale = "en_US.UTF-8";
 
   system.stateVersion = "24.11"; # Did you read the comment?
+  networking.nat = {
+    enable = true;
+    internalInterfaces = ["ve-+"];
+    externalInterface = "enp5s0f0";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+  };
 
+  # Nginx configuration
+  # Configure automated TLS acquisition/renewal
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "admin@stranger.systems";
+    };
+  };
+
+  # ACME data must be readable by the NGINX user
+  # users.users.nginx.extraGroups = [
+  #   "acme"
+  # ];
 }
-
diff --git a/nixos/machines/driftwood/containers/conduit.nix b/nixos/machines/driftwood/containers/conduit.nix
new file mode 100644
index 0000000..a519334
--- /dev/null
+++ b/nixos/machines/driftwood/containers/conduit.nix
@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  containers.conduit = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    hostAddress6 = "fc00::1";
+    localAddress6 = "fc00::2";
+    bindMounts = {
+      "/var/lib/" = {
+        hostPath = "/var/containers/conduit";
+        isReadOnly = false;
+      };
+    };
+    config = {
+      config,
+      lib,
+      pkgs,
+      ...
+    }: {
+      # Conduit proper
+      services.matrix-conduit = {
+        enable = true;
+        settings.global = {
+          server_name = "stranger.systems";
+          allow_registration = false;
+          port = 6167;
+        };
+      };
+      # Open the port
+      networking.firewall.allowedTCPPorts = [6167];
+
+      system.stateVersion = "24.11";
+    };
+  };
+}
diff --git a/nixos/machines/driftwood/machine.nix b/nixos/machines/driftwood/machine.nix
index 6530412..759513b 100644
--- a/nixos/machines/driftwood/machine.nix
+++ b/nixos/machines/driftwood/machine.nix
@@ -38,6 +38,7 @@
                   mutableUsers = false;
                 })
                 (import ../../modules/ssh.nix)
+                (import ./containers/conduit.nix)
               ];
 
               nix.settings.experimental-features = [