diff --git a/common/gts.conf b/common/gts.conf
new file mode 100644
index 0000000..50a9ef5
--- /dev/null
+++ b/common/gts.conf
@@ -0,0 +1,13 @@
+add_header Onion-Location http://gts.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+
+location / {
+	# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
+	proxy_pass http://127.0.0.1:1420;
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-For $remote_addr;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
+client_max_body_size 40M;
+
diff --git a/common/icecast.conf b/common/icecast.conf
new file mode 100644
index 0000000..a2ffd81
--- /dev/null
+++ b/common/icecast.conf
@@ -0,0 +1,10 @@
+add_header Onion-Location http://radio.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernwe65i5iwfypgmlaciaqsbuvzouxf7qco6xl6qkfgdzsmvf2a.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://127.0.0.1:8533;
+	proxy_redirect off;
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
diff --git a/common/jellyfin.conf b/common/jellyfin.conf
index 0bfb91c..73f25ba 100644
--- a/common/jellyfin.conf
+++ b/common/jellyfin.conf
@@ -14,3 +14,17 @@ location / {
 	proxy_set_header X-Forwarded-Host $http_host;
 	proxy_buffering off;
 }
+
+location /socket {
+	# Proxy Jellyfin Websockets traffic
+	proxy_pass http://localhost:8096;
+	proxy_http_version 1.1;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header Host $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_set_header X-Forwarded-Protocol $scheme;
+	proxy_set_header X-Forwarded-Host $http_host;
+}
diff --git a/common/libretranslate.conf b/common/libretranslate.conf
new file mode 100644
index 0000000..352494d
--- /dev/null
+++ b/common/libretranslate.conf
@@ -0,0 +1,9 @@
+add_header Onion-Location http://lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernf45n7mxwqnp5riaax7p67pwcl7wcefdcnqqvim7ckdx4264a.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://127.0.0.1:5001;
+	proxy_redirect off;
+	proxy_set_header Host $host;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
diff --git a/common/piped.conf b/common/piped.conf
index f563813..50a0953 100644
--- a/common/piped.conf
+++ b/common/piped.conf
@@ -5,3 +5,8 @@ location / {
 	proxy_pass http://localhost:8058/;
 	proxy_set_header Host $host;
 }
+
+if ($http_user_agent = "FeedFetcher-Google; (+http://www.google.com/feedfetcher.html)") {
+	return 403;
+}
+
diff --git a/common/safetwitch-backend.conf b/common/safetwitch-backend.conf
new file mode 100644
index 0000000..3e72809
--- /dev/null
+++ b/common/safetwitch-backend.conf
@@ -0,0 +1,11 @@
+add_header Onion-Location http://ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p$request_uri;
+
+location / {
+	proxy_pass http://10.0.3.57:7420;
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header X-Forwarded-For $remote_addr;
+	proxy_set_header X-Forwarded-Proto $scheme;
+}
diff --git a/common/safetwitch.conf b/common/safetwitch.conf
new file mode 100644
index 0000000..20c1d2d
--- /dev/null
+++ b/common/safetwitch.conf
@@ -0,0 +1,18 @@
+add_header strict_sni on;
+add_header strict_sni_header on;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header Content-Security-Policy upgrade-insecure-requests;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options "DENY";
+add_header Clear-Site-Data "cookies";
+add_header Referrer-Policy "no-referrer";
+add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
+add_header Onion-Location http://sw.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p$request_uri;
+
+location / {
+	root /var/www/safetwitch;
+	index index.html;
+	try_files $uri $uri/ /index.html;
+}
diff --git a/common/tent.conf b/common/tent.conf
new file mode 100644
index 0000000..b3bdc63
--- /dev/null
+++ b/common/tent.conf
@@ -0,0 +1,14 @@
+add_header Onion-Location http://tn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion$request_uri;
+add_header X-I2P-Location http://vernk23oml2talve3keetcqmjylmu7r7kdrcfciv36oxitgpos5a.b32.i2p$request_uri;
+root /var/www/Tent/pages;
+index index.php index.html index.htm;
+location / {
+	try_files $uri $uri/ /index.php;
+}
+
+location ~ \.php$ {
+	fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+	fastcgi_index index.php;
+	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	include /etc/nginx/snippets/fastcgi.conf;
+}
diff --git a/conf.d/0x0.conf b/conf.d/0x0.conf
index 12512cc..02fb4a7 100644
--- a/conf.d/0x0.conf
+++ b/conf.d/0x0.conf
@@ -35,18 +35,6 @@ server {
 	listen 80;
 	listen [::]:80;
 
-	server_name 0.vern.cc vern0.me;
-
-	return 301 https://$host$request_uri;
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name vern0.me;
-	ssl_certificate_key /etc/letsencrypt/live/vern0.me/privkey.pem;
-	ssl_certificate /etc/letsencrypt/live/vern0.me/fullchain.pem;
-	default_type text/plain;
-	return 200 "vern0.me is deprecated. Please use 0.vern.cc.\n";
+	server_name 0.vern.cc;
+	include common/0x0.conf;
 }
diff --git a/conf.d/gts.conf b/conf.d/gts.conf
new file mode 100644
index 0000000..1827027
--- /dev/null
+++ b/conf.d/gts.conf
@@ -0,0 +1,19 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name gts.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/gts.conf;
+}
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name gts.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/gts.conf;
+}
+server {
+	listen 80;
+	listen [::]:80;
+	server_name gts.vern.cc;
+	return 301 https://$host$request_uri;
+}
diff --git a/conf.d/icecast.conf b/conf.d/icecast.conf
new file mode 100644
index 0000000..7564d0c
--- /dev/null
+++ b/conf.d/icecast.conf
@@ -0,0 +1,32 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name radio.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion icecast.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/icecast.conf;
+}
+
+server {
+	listen 11106;
+	listen [::]:11106;
+
+	server_name vernwe65i5iwfypgmlaciaqsbuvzouxf7qco6xl6qkfgdzsmvf2a.b32.i2p;
+
+	include common/icecast.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name radio.vern.cc icecast.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/icecast.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name radio.vern.cc icecast.vern.cc;
+}
diff --git a/conf.d/libretranslate.conf b/conf.d/libretranslate.conf
new file mode 100644
index 0000000..649cf99
--- /dev/null
+++ b/conf.d/libretranslate.conf
@@ -0,0 +1,31 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name lt.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion libretranslate.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/libretranslate.conf;
+}
+
+server {
+	listen 11005;
+	listen [::]:11005;
+
+	server_name vernpizcdua537tg7wbhtrjumxotqbpj34w6gqzgnnqhgsavvbaa.b32.i2p;
+
+	include common/libretranslate.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	include snippets/lets-encrypt.conf;
+	server_name lt.vern.cc libretranslate.vern.cc;
+	include common/libretranslate.conf;
+}
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name lt.vern.cc libretranslate.vern.cc;
+}
diff --git a/conf.d/matrix.conf b/conf.d/matrix.conf
index c86f20b..15e8453 100644
--- a/conf.d/matrix.conf
+++ b/conf.d/matrix.conf
@@ -72,6 +72,10 @@ server {
 		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
 		client_max_body_size 1024M;
 	}
+	location /synapseadmin {
+		alias /var/www/synapse-admin;
+		index index.html;
+	}
 	## well-known
 	location /.well-known/matrix/support {
 		add_header Access-Control-Allow-Origin '*' always;
@@ -120,6 +124,10 @@ server {
 		# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
 		client_max_body_size 1024M;
 	}
+	location /synapseadmin {
+		alias /var/www/synapse-admin;
+		index index.html;
+	}
 	## well-known
 	location /.well-known/matrix/support {
 		add_header Access-Control-Allow-Origin '*' always;
@@ -168,7 +176,7 @@ server {
 		client_max_body_size 1024M;
 	}
 	location /synapseadmin {
-		root /var/www/synapse-admin;
+		alias /var/www/synapse-admin;
 		index index.html;
 	}
 	## well-known
diff --git a/conf.d/private.dat b/conf.d/private.dat
new file mode 100644
index 0000000..40d1517
Binary files /dev/null and b/conf.d/private.dat differ
diff --git a/conf.d/safetwitch-backend.conf b/conf.d/safetwitch-backend.conf
new file mode 100644
index 0000000..737a7e0
--- /dev/null
+++ b/conf.d/safetwitch-backend.conf
@@ -0,0 +1,28 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 11109;
+	listen [::]:11109;
+	server_name vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name ttvbackend.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/safetwitch-backend.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttvbackend.vern.cc;
+	return 301 https://$host$request_uri;
+}
diff --git a/conf.d/safetwitch.conf b/conf.d/safetwitch.conf
new file mode 100644
index 0000000..d4d8314
--- /dev/null
+++ b/conf.d/safetwitch.conf
@@ -0,0 +1,30 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttv.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion safetwitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion twitch.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	subs_filter ttvbackend.vern.cc ttvbackend.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 11108;
+	listen [::]:11108;
+	server_name vernz43kgqiy3nzzof3nejeo4hh3bjgyqi3b3hijchilv7noqtrq.b32.i2p;
+	subs_filter ttvbackend.vern.cc vern46mfrbcp77qakppr3f6ygxt6zmyzeu4ha6rgebkj6wwgw6za.b32.i2p;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name ttv.vern.cc safetwitch.vern.cc twitch.vern.cc;
+	include snippets/lets-encrypt.conf;
+	include common/safetwitch.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ttv.vern.cc safetwitch.vern.cc twitch.vern.cc;
+	return 301 https://$host$request_uri;
+}
diff --git a/conf.d/tent.conf b/conf.d/tent.conf
new file mode 100644
index 0000000..c5faff3
--- /dev/null
+++ b/conf.d/tent.conf
@@ -0,0 +1,32 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name tn.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion tent.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion bandcamp.vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion;
+
+	include common/tent.conf;
+}
+
+server {
+	listen 11107;
+	listen [::]:11107;
+
+	server_name vernk23oml2talve3keetcqmjylmu7r7kdrcfciv36oxitgpos5a.b32.i2p;
+
+	include common/tent.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	include snippets/lets-encrypt.conf;
+	server_name tn.vern.cc bandcamp.vern.cc tent.vern.cc;
+	include common/tent.conf;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+	server_name tent.vern.cc tn.vern.cc bandcamp.vern.cc;
+}
diff --git a/conf.d/usersites.conf b/conf.d/usersites.conf
index 02fe279..eabd63f 100644
--- a/conf.d/usersites.conf
+++ b/conf.d/usersites.conf
@@ -14,6 +14,7 @@ server {
 			return 307 http://vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion/;
 		}
 		autoindex on;
+		ssi on;
 	}
 }
 
@@ -32,6 +33,7 @@ server {
 			return 307 https://vern.cc/;
 		}
 		autoindex on;
+		ssi on;
 	}
 }