diff --git a/hosts/architect/lezzo.nix b/hosts/architect/lezzo.nix
new file mode 100644
index 0000000..2126292
--- /dev/null
+++ b/hosts/architect/lezzo.nix
@@ -0,0 +1,45 @@
+{ services, pkgs, lib, makeBinPath, ... }:
+let
+  domain = "lezzo.org";
+  lezzo_root = "/var/lib/lezzo.org";
+  service_name = "lezzo-pull";
+  network = import ./network.nix;
+  mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
+    set -euo pipefail
+    cd ${lezzo_root}
+    git pull origin master --rebase
+  '';
+in
+{
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+
+    root = lezzo_root;
+    
+    locations."/.git" = { return = "404"; };
+  };
+
+  systemd = {
+    services.${service_name} = {
+      path = [ pkgs.git ];
+      enable = true;
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = mkStartScript "${service_name}";
+      };
+    };
+    timers.${service_name} = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Unit = "${service_name}.service";
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+  '';
+}
diff --git a/hosts/architect/runas.nix b/hosts/architect/runas.nix
new file mode 100644
index 0000000..8a533e9
--- /dev/null
+++ b/hosts/architect/runas.nix
@@ -0,0 +1,45 @@
+{ services, pkgs, lib, makeBinPath, ... }:
+let
+  domain = "runas.rocks";
+  runas_root = "/var/lib/runas.rocks/dist";
+  service_name = "runas.rocks-pull";
+  network = import ./network.nix;
+  mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
+    set -euo pipefail
+    cd ${runas_root}
+    git pull origin master --rebase
+  '';
+in
+{
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/".root = runas_root;
+    
+    locations."/.git" = { return = "404"; };
+  };
+
+  systemd = {
+    services.${service_name} = {
+      path = [ pkgs.git ];
+      enable = true;
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = mkStartScript "${service_name}";
+      };
+    };
+    timers.${service_name} = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Unit = "${service_name}.service";
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+  '';
+}