diff --git a/krops/nas/configuration.nix b/krops/nas/configuration.nix
index dd8632c..ba7d644 100644
--- a/krops/nas/configuration.nix
+++ b/krops/nas/configuration.nix
@@ -100,12 +100,22 @@
     };
     nginx = {
       enable = true;
-      logError = "/var/log/nginx/debug.log info";
+      recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedZstdSettings = true;
+      recommendedOptimisation = true;
+
       # We can only proxy one port with Tailscale Funnel so we abuse locations instead.
       virtualHosts."vancouver.gmem.ca" =  {
         default = true;
         enableACME = false;
         forceSSL = false;
+        locations."/" = {
+          root = "/var/www/";
+          extraConfig = ''
+            error_page 404 /404.html;
+          '';
+        };
         locations."/git/" = {
           proxyWebsockets = false; # needed if you need to use WebSocket
           extraConfig =
@@ -117,6 +127,20 @@
             '';
           proxyPass = "http://127.0.0.1:8973/";
         };
+        locations."/ci/" = {
+          proxyWebsockets = false; # needed if you need to use WebSocket
+          extraConfig =
+            ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_redirect off;
+            proxy_http_version 1.1;
+            proxy_buffering off;
+            '';
+          proxyPass = "http://127.0.0.1:8000/";
+        };
         locations."/n8n/" = {
           proxyPass = "http://127.0.0.1:5678/";
           proxyWebsockets = true; # needed if you need to use WebSocket
@@ -140,6 +164,9 @@
           DISABLE_REGISTRATION = true;
           COOKIE_SECURE = true;
         };
+        actions = {
+          ENABLED = true;
+        };
       };
     };
   };