diff --git a/configuration/default.nix b/configuration/default.nix
index f6ff072..a12aceb 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports = [
@@ -54,18 +54,20 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
     clientMaxBodySize = "10G";
+    domain = "tlater.net";
 
     virtualHosts = let
       host = port: extra:
-        {
+        lib.recursiveUpdate {
           forceSSL = true;
           enableACME = true;
-          locations."/" = { proxyPass = "http://localhost:${toString port}"; };
-        } // extra;
+          locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
+        } extra;
+      domain = config.services.nginx.domain;
     in {
-      "tlater.net" = host 3002 { serverAliases = [ "www.tlater.net" ]; };
-      "gitea.tlater.net" = host 3000 { };
-      "nextcloud.tlater.net" = host 3001 { };
+      "${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; };
+      "gitea.${domain}" = host 3000 { };
+      "nextcloud.${domain}" = host 3001 { };
     };
   };
 
diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix
index 4ca6454..978760a 100644
--- a/configuration/services/gitea.nix
+++ b/configuration/services/gitea.nix
@@ -14,6 +14,7 @@
   virtualisation.pods.gitea = {
     hostname = "gitea.tlater.net";
     publish = [ "3000:3000" "2221:2221" ];
+    network = "slirp4netns";
 
     containers = {
       gitea = {
@@ -26,7 +27,6 @@
           DB_HOST = "gitea-postgres:5432";
           DB_NAME = "gitea";
           DB_USER = "gitea";
-          DB_PASSWD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
 
           USER_UID = toString config.users.extraUsers.gitea.uid;
           USER_GID = toString config.users.extraGroups.gitea.gid;
@@ -47,7 +47,6 @@
         environment = {
           POSTGRES_DB = "gitea";
           POSTGRES_USER = "gitea";
-          POSTGRES_PASSWORD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
         };
         volumes = [ "gitea-db-data:/var/lib/postgresql/data" ];
       };
diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix
index c3831aa..9b77c09 100644
--- a/configuration/services/minecraft.nix
+++ b/configuration/services/minecraft.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 let
   minecraft-server-args = [
@@ -52,7 +52,7 @@ let
 
 in {
   nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (pkgs.lib.getName pkg) [ "forge-server" ];
+    builtins.elem (lib.getName pkg) [ "forge-server" ];
 
   virtualisation.oci-containers.containers.minecraft-voor-kia = let
     properties = ./configs/minecraft/voor-kia/server.properties;
diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix
index ba1754b..4b74ac7 100644
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@@ -4,6 +4,7 @@
   virtualisation.pods.nextcloud = {
     hostname = "nextcloud.tlater.net";
     publish = [ "3001:80" ];
+    network = "slirp4netns";
 
     containers = {
       nextcloud = {
@@ -18,7 +19,6 @@
           POSTGRES_DB = "nextcloud";
           POSTGRES_USER = "nextcloud";
           POSTGRES_HOST = "nextcloud-postgres";
-          POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
           OVERWRITEPROTOCOL = "https";
         };
       };
@@ -43,7 +43,6 @@
         environment = {
           POSTGRES_DB = "nextcloud";
           POSTGRES_USER = "nextcloud";
-          POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
         };
         volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ];
       };
diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix
index e1c396d..c1966a5 100644
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@@ -34,6 +34,10 @@
 
     ports = [ "3002:3002" ];
     volumes = [ "tlaternet-mail:/srv/mail" ];
-    extraOptions = [ "--hostname=tlater.net" ];
+    extraOptions = [
+      "--hostname=tlater.net"
+      # Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
+      "--stop-signal=SIGKILL"
+    ];
   };
 }
diff --git a/flake.nix b/flake.nix
index a9baf34..78a3cfb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,12 +68,16 @@
             (import ./modules)
 
             (import ./configuration)
-            ({ ... }: {
+            ({ lib, ... }: {
               users.users.tlater.password = "insecure";
 
               # Disable graphical tty so -curses works
               boot.kernelParams = [ "nomodeset" ];
 
+              # Sets the base domain for nginx to localhost so that we
+              # can easily test locally with the VM.
+              services.nginx.domain = lib.mkOverride 99 "localhost";
+
               # # Set up VM settings to match real VPS
               # virtualisation.memorySize = 3941;
               # virtualisation.cores = 2;
diff --git a/modules/default.nix b/modules/default.nix
index 4b9cea4..1963d8e 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,5 +1,12 @@
-{ ... }:
+{ lib, ... }:
+
+with lib;
 
 {
   imports = [ ./virtualisation/pods.nix ./virtualisation/oci-containers.nix ];
+
+  options.services.nginx.domain = mkOption {
+    type = types.str;
+    description = "The base domain name to append to virtual domain names";
+  };
 }