diff --git a/nixos/machines/robi/nginx.nix b/nixos/machines/robi/nginx.nix
index e465464..328717f 100644
--- a/nixos/machines/robi/nginx.nix
+++ b/nixos/machines/robi/nginx.nix
@@ -141,21 +141,6 @@ in
           };
         } // error.locations;
       };
-      "terranix.org" = {
-        forceSSL = true;
-        enableACME = true;
-        extraConfig = error.extraConfig;
-        locations = {
-          "/" = {
-            root = "/srv/www/terranix";
-            extraConfig = ''
-              if (-d $request_filename) {
-                rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
-              }
-            '';
-          };
-        } // error.locations;
-      };
     };
   };
 }
diff --git a/nixos/machines/robi/terranix-dendrite.nix b/nixos/machines/robi/terranix-dendrite.nix
index 118fcb6..0639648 100644
--- a/nixos/machines/robi/terranix-dendrite.nix
+++ b/nixos/machines/robi/terranix-dendrite.nix
@@ -3,7 +3,8 @@ let
 
   inherit (config.services.dendrite.settings.global) server_name;
 
-  nginx-vhost = "matrix.terranix.org";
+  matrix_host = "matrix.terranix.org";
+  element_host = "element.terranix.org";
   element-web-terranix.org =
     pkgs.runCommand "element-web-with-config"
       {
@@ -11,9 +12,9 @@ let
       } ''
       cp -r ${pkgs.element-web} $out
       chmod -R u+w $out
-      jq '."default_server_config"."m.homeserver" = { "base_url": "https://${nginx-vhost}:443", "server_name": "${server_name}" }' \
+      jq '."default_server_config"."m.homeserver" = { "base_url": "https://${matrix_host}:443", "server_name": "${server_name}" }' \
         > $out/config.json < ${pkgs.element-web}/config.json
-      ln -s $out/config.json $out/config.${nginx-vhost}.json
+      ln -s $out/config.json $out/config.${matrix_host}.json
     '';
 in
 {
@@ -86,7 +87,37 @@ in
     "matrix-server-key:${config.sops.secrets.matrix-server-key.path}"
   ];
 
-  services.nginx.virtualHosts.${nginx-vhost} = {
+  # Verify if federation works with
+  # https://federationtester.matrix.org/#terranix.org
+  services.nginx.virtualHosts.${matrix_host} = {
+    serverAliases = [ "terranix.org" ];
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 443;
+        ssl = true;
+      }
+      {
+        addr = "0.0.0.0";
+        port = 8448;
+        ssl = true;
+        extraParameters = [ "default_server" ];
+      }
+    ];
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_read_timeout 600;
+    '';
+    locations."/".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8448 ];
+  networking.firewall.allowedUDPPorts = [ 8448 ];
+
+  services.nginx.virtualHosts.${element_host} = {
     forceSSL = true;
     enableACME = true;
     extraConfig = ''
@@ -94,16 +125,7 @@ in
       proxy_set_header X-Real-IP $remote_addr;
       proxy_read_timeout 600;
     '';
-    locations."/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
-    # for remote admin access
-    locations."/_synapse".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
     locations."/".root = element-web-terranix.org;
   };
 
-  services.nginx.virtualHosts.${server_name} = {
-    locations."= /.well-known/matrix/server".alias =
-      pkgs.writeText "matrix-server" (builtins.toJSON { "m.server" = "${nginx-vhost}:443"; });
-    locations."= /.well-known/matrix/client".alias =
-      pkgs.writeText "matrix-client" (builtins.toJSON { "m.homeserver".base_url = "https://${nginx-vhost}"; });
-  };
 }
diff --git a/terranix/terranix.org/.gitignore b/terranix/terranix.org/.gitignore
new file mode 100644
index 0000000..906b2dc
--- /dev/null
+++ b/terranix/terranix.org/.gitignore
@@ -0,0 +1 @@
+terraform.tfstate*
\ No newline at end of file
diff --git a/terranix/terranix.org/targets/namecheap/__provider.tf b/terranix/terranix.org/targets/namecheap/__provider.tf
new file mode 100644
index 0000000..3155425
--- /dev/null
+++ b/terranix/terranix.org/targets/namecheap/__provider.tf
@@ -0,0 +1,19 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+  required_providers {
+    namecheap = {
+      source  = "namecheap/namecheap"
+      version = ">= 2.0.0"
+    }
+  }
+}
+
+# Namecheap API credentials
+provider "namecheap" {
+  user_name = var.namecheap_user
+  api_user  = var.namecheap_user
+  api_key   = var.namecheap_api_key
+}
+
+variable "namecheap_user" {}
+variable "namecheap_api_key" {}
diff --git a/terranix/terranix.org/targets/namecheap/main.tf b/terranix/terranix.org/targets/namecheap/main.tf
new file mode 100644
index 0000000..c529141
--- /dev/null
+++ b/terranix/terranix.org/targets/namecheap/main.tf
@@ -0,0 +1,68 @@
+locals {
+  minutes = 60
+  hours   = 60 * local.minutes
+  days    = 24 * local.hours
+
+  normal_ttl     = 12 * local.hours
+  short_ttl      = 30 * local.minutes
+  very_short_ttl = 2 * local.minutes
+}
+
+resource "namecheap_domain_records" "terranix" {
+  domain     = "terranix.org"
+  mode       = "OVERWRITE"
+  email_type = "OX"
+
+  # terranix.org
+  record {
+    address  = "terranix.github.io"
+    hostname = "@"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "CNAME"
+  }
+
+  # subdomain regex
+  record {
+    address  = "144.76.13.147"
+    hostname = "*"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "A"
+  }
+
+  # matrix.terranix.org (needed?)
+  record {
+    address  = "144.76.13.147"
+    hostname = "matrix"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "A"
+  }
+
+  # Github Challenges
+  record {
+    address  = "c3fd9329fe"
+    hostname = "_github-challenge-terranix-org"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "TXT"
+  }
+  record {
+    address  = "ece2e1608cde1d7785b1315d0b0019"
+    hostname = "_github-pages-challenge-terranix"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "TXT"
+  }
+
+  # Mail Challenges
+  record {
+    address  = "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlSGd9dcuYFJ8CNAIgF/IWzKD8MlW41V4QeMgWgAQvKCW4JU2pF9IlcQGN+7IQf4PtJlzr/ClUspex58q75IZUjcLCGU0QdaqWPveQuIlS4JwgQadfNc8JtOiDlUSxMWfpROyvNyLtXUQftUvmppJDml2evo2OA5CpN7cKPzR4KcVINHlaL23m7mw9rLWWIpoxaGgp/aTi/a9m3PovUQ/lfDPrgvnmEGIc9piVO3DVE64dB/7yAZe9Jd2Qka3nwq5x3so1YPIOKXVK8G40NlyBOfPdKOeKhERuFL5zMIsLlcJd0BeLiuVqobc6DWLQMjrKDUEVnBsx2dJmhosqeG2wIDAQAB"
+    hostname = "default._domainkey"
+    mx_pref  = 10
+    ttl      = local.normal_ttl
+    type     = "TXT"
+  }
+
+}
\ No newline at end of file
diff --git a/terranix/terranix.org/targets/namecheap/terragrunt.hcl b/terranix/terranix.org/targets/namecheap/terragrunt.hcl
new file mode 100644
index 0000000..8396ff3
--- /dev/null
+++ b/terranix/terranix.org/targets/namecheap/terragrunt.hcl
@@ -0,0 +1,30 @@
+
+inputs = {
+  namecheap_user    = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
+  namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
+}
+
+generate "provider" {
+  path      = "__provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    namecheap = {
+      source = "namecheap/namecheap"
+      version = ">= 2.0.0"
+    }
+  }
+}
+
+# Namecheap API credentials
+provider "namecheap" {
+  user_name = var.namecheap_user
+  api_user  = var.namecheap_user
+  api_key   = var.namecheap_api_key
+}
+
+variable "namecheap_user" { }
+variable "namecheap_api_key" { }
+EOF
+}
diff --git a/treefmt.toml b/treefmt.toml
index fa7b674..01599aa 100644
--- a/treefmt.toml
+++ b/treefmt.toml
@@ -32,4 +32,17 @@ includes = [
     "*.md",
     "*.yaml",
     "*.yml",
-]
\ No newline at end of file
+]
+
+[formatter.terragrunt]
+command = "terragrunt"
+options = [ "hclfmt" ]
+includes = [ "*.hcl" ]
+excludes = [ "*/.terraform" ]
+
+[formatter.terraform]
+command = "terraform"
+options = [ "fmt" ]
+includes = [ "*.tf" ]
+excludes = [ "*/.terraform" ]
+