diff --git a/flake.nix b/flake.nix
index 277ab8b..0542514 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,7 @@
 			artemisia = nixosServer { name = "artemisia"; modules = [ project-a-software.marzban ]; };
 			reine = nixosServer { name = "reine"; modules = [ project-a-software.affine ]; };
 			mio = nixosServer { name = "mio"; modules = [ project-a-software.marzban ]; };
+			ivan = nixosServer { name = "ivan"; modules = [ project-a-software.marzban ]; };
 			vanessa = nixosServer { name = "vanessa"; modules = [ project-a-software.marzban ]; };
 
 			aqore-nix = nixpkgs.lib.nixosSystem {
diff --git a/servers/artemisia/nginx.nix b/servers/artemisia/nginx.nix
index a4f1152..b610554 100644
--- a/servers/artemisia/nginx.nix
+++ b/servers/artemisia/nginx.nix
@@ -6,6 +6,8 @@
 
 	services.nginx = {
 		enable = true;
+		recommendedTlsSettings = true;
+		recommendedOptimisation = true;
 		defaultSSLListenPort = 444;
 
 		virtualHosts = {
diff --git a/servers/ivan/hardware-configuration.nix b/servers/ivan/hardware-configuration.nix
new file mode 100644
index 0000000..089be82
--- /dev/null
+++ b/servers/ivan/hardware-configuration.nix
@@ -0,0 +1,14 @@
+{ modulesPath, ... }:
+{
+	imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+	boot.loader.grub.device = "/dev/sda";
+	boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+	boot.initrd.kernelModules = [ "nvme" ];
+	fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+	networking.hostName = "ivan";
+	system.stateVersion = "25.05";
+	services.openssh.enable = true;
+	users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg2GEI2xcR0E1LzJWDvF5eHNt93TcYy7W/qEI3XoVWr almiriqi@aqore-nix'' ];
+	boot.tmp.cleanOnBoot = true;
+	zramSwap.enable = true;
+}
\ No newline at end of file
diff --git a/servers/ivan/main.nix b/servers/ivan/main.nix
new file mode 100644
index 0000000..02bd6b4
--- /dev/null
+++ b/servers/ivan/main.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, secret, ... }:
+
+{
+	imports = [
+		./hardware-configuration.nix
+		./nginx.nix
+	];
+	
+	services.yggdrasil.persistentKeys = true;
+	marzban = {
+		env = {
+			UVICORN_HOST = "ivan.project-a.space";
+			UVICORN_PORT = secret.marzban.port;
+			SUDO_USERNAME = secret.marzban.sudo-username;
+			SUDO_PASSWORD = secret.marzban.sudo-password;
+			DOCS = true;
+		};
+		cert = true;
+		domain = "ivan.project-a.space";
+		xray = import ../common/xray.nix {
+			server-domain = "ivan.project-a.space";
+			port = secret.marzban.vless-port;
+			dest = secret.marzban.dest;
+			privateKey = secret.marzban.privateKey;
+			shortId = secret.marzban.shortId;
+			spiderX = secret.marzban.spiderX;
+			sni = secret.marzban.sni;
+		};
+	};
+
+	networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
+}
\ No newline at end of file
diff --git a/servers/ivan/nginx.nix b/servers/ivan/nginx.nix
new file mode 100644
index 0000000..834f6ef
--- /dev/null
+++ b/servers/ivan/nginx.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+{
+	security.acme.defaults.email = "project-a@project-a.space";
+	security.acme.acceptTerms = true;
+
+	services.nginx = {
+		enable = true;
+		defaultSSLListenPort = 444;
+
+		streamConfig = ''
+			map $ssl_preread_server_name $name {
+				default                marzban;
+			}
+
+			upstream marzban {
+				server 127.0.0.1:1080;
+			}
+
+			server {
+				listen 0.0.0.0:443;
+				listen [::0]:443;
+				proxy_pass $name;
+				ssl_preread on;
+			}
+		'';
+	};
+}
\ No newline at end of file