diff --git a/ops/machines/bugry/default.nix b/ops/machines/bugry/default.nix
index 73419307a..60d533255 100644
--- a/ops/machines/bugry/default.nix
+++ b/ops/machines/bugry/default.nix
@@ -6,8 +6,12 @@ let
 in
 {
   imports = [
+    (mod "known-hosts.nix")
+    (mod "nixery.nix")
     (mod "tvl-cache.nix")
     (mod "tvl-users.nix")
+    (mod "www/nixery.dev.nix")
+
     (depot.third_party.agenix.src + "/modules/age.nix")
   ];
 
@@ -167,5 +171,15 @@ in
   tvl.cache.enable = true;
   tvl.cache.builderball = true;
 
+  services.depot.nixery.enable = true;
+
+  services.depot.automatic-gc = {
+    enable = true;
+    interval = "1 hour";
+    diskThreshold = 50; # GiB (10% of disk)
+    maxFreed = 150; # GiB
+    preserveGenerations = "14d";
+  };
+
   system.stateVersion = "24.11";
 }
diff --git a/ops/modules/www/nixery.dev.nix b/ops/modules/www/nixery.dev.nix
index 05dc88c66..2f2dcdb74 100644
--- a/ops/modules/www/nixery.dev.nix
+++ b/ops/modules/www/nixery.dev.nix
@@ -11,6 +11,11 @@
       enableACME = true;
       forceSSL = true;
 
+      acmeFallbackHost = {
+        "nixery-01" = "bugry.tvl.fyi";
+        "bugry" = "nixery-01.tvl.fyi";
+      }."${config.networking.hostName}";
+
       extraConfig = ''
         location / {
           proxy_pass http://localhost:${toString config.services.depot.nixery.port};