diff --git a/conf.d/default.conf b/conf.d/default.conf
index 8d37f41e1a68cd2a2205dcdb190e6b5358eeb11b..3fed2c0bf88aa6b7032b58396478d71318434ae4 100644
--- a/conf.d/default.conf
+++ b/conf.d/default.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 server {
     listen      80 default_server;
     listen      [::]:80 default_server;
diff --git a/conf.d/global.conf b/conf.d/global.conf
index 608fe8de67213f080cf2736ceceab71c26117be1..b3623a9bd31dfaa99a94b789919279b270d784e9 100644
--- a/conf.d/global.conf
+++ b/conf.d/global.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 # The resolver for the Docker network.
 resolver                        127.0.0.11 valid=30s;
 gzip                            on;
diff --git a/conf.d/status.conf b/conf.d/status.conf
index 6ecb7d85dd156109d327ee8d4b3e0ba39ce1681d..22dab122ec9302633834aaa13aab766acaa6d0c4 100644
--- a/conf.d/status.conf
+++ b/conf.d/status.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 server {
     listen      80;
     listen      [::]:80;
diff --git a/snippets/ads-txt.conf b/snippets/ads-txt.conf
index b074c08328eef2bc8a18f41937ff787ceacbe6ba..acd9b93d8e3ad2e701666313fb3a6effbbda276e 100644
--- a/snippets/ads-txt.conf
+++ b/snippets/ads-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 location = /ads.txt {
     if ($scheme = http) {
         return 301 https://$host$request_uri;
diff --git a/snippets/allow-ns1.conf b/snippets/allow-ns1.conf
index bdadb248d461af214acec72962ed6f45b9ac4651..6cdf88b43ceef1915719a9a1c03814bf6970bcd8 100644
--- a/snippets/allow-ns1.conf
+++ b/snippets/allow-ns1.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 allow   62.219.131.121;  # ns1.shore.co.il
diff --git a/snippets/allow-ns4.conf b/snippets/allow-ns4.conf
index 5e39f4028d30aa2529179de757b07a19d4039ff6..395de013f0c148010514fb5333f3833fe8a84cfb 100644
--- a/snippets/allow-ns4.conf
+++ b/snippets/allow-ns4.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 allow   163.172.74.36;  # ns4.shore.co.il
diff --git a/snippets/allow-private-ips.conf b/snippets/allow-private-ips.conf
index 154262aa4070edf80c878a8fba8cdf6a9f03030a..5e798a0a9bc45123a556f296019018c3ef33a29a 100644
--- a/snippets/allow-private-ips.conf
+++ b/snippets/allow-private-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 allow 127.0.0.0/8;
 allow 10.0.0.0/8;
 allow 192.168.0.0/16;
diff --git a/snippets/allow-shore-ips.conf b/snippets/allow-shore-ips.conf
index 709b549d2e1c5e15fa5cd4c8d671a509181f6a0f..8fed4103de8e79c3168b2020656c25f53b764f6d 100644
--- a/snippets/allow-shore-ips.conf
+++ b/snippets/allow-shore-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 include snippets/allow-ns1.conf;
 include snippets/allow-ns4.conf;
 include snippets/allow-private-ips.conf;
diff --git a/snippets/common-headers.conf b/snippets/common-headers.conf
index e97cb6890f107423095a68af45db2c4662ecc482..22a7e891e80bb258e9be4fd3eacd78b75f2f50ef 100644
--- a/snippets/common-headers.conf
+++ b/snippets/common-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 # add_headers are inherited from previous level if and only if there are no
 # add_header directives defined on the current level. So any time there's an
 # add_header directive there should be an `include snippets/common-headers.conf`
diff --git a/snippets/ldap-auth.conf b/snippets/ldap-auth.conf
index cba7d38c6c118a9647ede772d10adb234a0a4d9c..e5c51c890120337e9674415d96bc1318f8c0b26a 100644
--- a/snippets/ldap-auth.conf
+++ b/snippets/ldap-auth.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 auth_request    /validate;
 
 location = /validate {
diff --git a/snippets/matrix-well-known.conf b/snippets/matrix-well-known.conf
index 1962eec228dd86fb04bac92786757df1c861b1e9..e499bb8c0aef6df26bd5cf83d06ea3909c5d2177 100644
--- a/snippets/matrix-well-known.conf
+++ b/snippets/matrix-well-known.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 location = /.well-known/matrix/server {
     return 200 "{\"m.server\": \"matrix.shore.co.il:443\"}";
 }
diff --git a/snippets/proxy-headers.conf b/snippets/proxy-headers.conf
index e1420368822afd1ec4d574b95a2403909fe2a439..19fe814d5363f07c152df8f903c728ce7df4e9a2 100644
--- a/snippets/proxy-headers.conf
+++ b/snippets/proxy-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 proxy_set_header    X-Forwarded-Host $host;
 proxy_set_header    X-Forwarded-Proto $scheme;
 proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/snippets/proxy-ssl.conf b/snippets/proxy-ssl.conf
index 547d081bdedf8525242d123d6eb4fb5715c68713..4c17a50751bdec3e6c8723dc46fb3ce081b5eb7e 100644
--- a/snippets/proxy-ssl.conf
+++ b/snippets/proxy-ssl.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 proxy_ssl_verify                  on;
 proxy_ssl_verify_depth            3;
 proxy_ssl_server_name             on;
diff --git a/snippets/redirect-https.conf b/snippets/redirect-https.conf
index 991d5934ea26fdf1596be7731bca044be57e1a21..28f510ea7029be57c3e42ec34f05e8c73866c839 100644
--- a/snippets/redirect-https.conf
+++ b/snippets/redirect-https.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 location    / { return 301 https://$host$request_uri; }
diff --git a/snippets/redirect-www.conf b/snippets/redirect-www.conf
index 2d89d75e34296121d630cd90330793dff97ff19d..53940625def0c8651f127577300b0e2ded22e710 100644
--- a/snippets/redirect-www.conf
+++ b/snippets/redirect-www.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 location    / { return 301 https://www.$host$request_uri; }
diff --git a/snippets/robots-allow-all.conf b/snippets/robots-allow-all.conf
index 627aee5db300861870c3dc70c82016a4abd676c2..81fdd7cec33021a4e519c6e1acf8c7d471ac753b 100644
--- a/snippets/robots-allow-all.conf
+++ b/snippets/robots-allow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 location = /robots.txt {
     add_header Content-Type "text/plain; charset=utf-8";
     return 200 "User-agent: *\nDisallow:\n";
diff --git a/snippets/robots-disallow-all.conf b/snippets/robots-disallow-all.conf
index 03d50312dfd4108ef9758ff8d65f4d090d0a4c1c..c5001aab541e070b0200d210cf1c4d9c702c8ab9 100644
--- a/snippets/robots-disallow-all.conf
+++ b/snippets/robots-disallow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 location = /robots.txt {
     add_header Content-Type "text/plain; charset=utf-8";
     return 200 "User-agent: *\nDisallow: *\n";
diff --git a/snippets/security-txt.conf b/snippets/security-txt.conf
index c1f0d219b5dc1f4fe2537633a0c2ed58f05f10b3..5ce6a55c2a491368559a14597403c9d0aa005673 100644
--- a/snippets/security-txt.conf
+++ b/snippets/security-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 location = /.well-known/security.txt {
     if ($scheme = http) {
         return 301 https://$host$request_uri;
diff --git a/snippets/ssl-common.conf b/snippets/ssl-common.conf
index b8ed3075fcafd4963a3d6f90316170bf441b43fa..3f0c2708a2a543dc2f625e747e221bc6a3b62892 100644
--- a/snippets/ssl-common.conf
+++ b/snippets/ssl-common.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
 add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
 include                     snippets/common-headers.conf;
diff --git a/snippets/ssl-legacy.conf b/snippets/ssl-legacy.conf
index 4e569dd0347fdc955e1f9c86bcca7cb578478920..f03f4935cc41d8fbaa589ac3a3383930c8d70d46 100644
--- a/snippets/ssl-legacy.conf
+++ b/snippets/ssl-legacy.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 include                     snippets/ssl-common.conf;
 ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 ssl_ciphers                 !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
diff --git a/snippets/ssl-modern.conf b/snippets/ssl-modern.conf
index f5551228202be749289a61139dc56e0864b132ee..ea0b317210ec238e6a629afc4d3807403a10ba42 100644
--- a/snippets/ssl-modern.conf
+++ b/snippets/ssl-modern.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 include                     snippets/ssl-common.conf;
 ssl_protocols               TLSv1.2 TLSv1.3;
 ssl_ciphers                 HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1;
diff --git a/snippets/upgrade-secure.conf b/snippets/upgrade-secure.conf
index 2abc805d48d6d33d67fa70967ac85fc7075dc65c..3d1b4e60da85fab4408bdb8ca92c82738d962f36 100644
--- a/snippets/upgrade-secure.conf
+++ b/snippets/upgrade-secure.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 if ($http_Upgrade-Insecure-Requests = 1) { return 301 https://$host$request_uri; }
diff --git a/snippets/vouch.conf b/snippets/vouch.conf
index 9571b80c28f366b99b57096ab7c23afacf61b46d..c731657446fedf7f8a5e8eebd2af103bde22b517 100644
--- a/snippets/vouch.conf
+++ b/snippets/vouch.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 # send all requests to the `/validate` endpoint for authorization
 auth_request    /validate;
 
diff --git a/snippets/websockets.conf b/snippets/websockets.conf
index 64b7e3736a33c2d1e6621b4b0d64076030759251..0f494e9801e74e1c1568fc052d99979e963b0474 100644
--- a/snippets/websockets.conf
+++ b/snippets/websockets.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
 proxy_set_header    Upgrade $http_upgrade;
 proxy_set_header    Connection "Upgrade";
 proxy_read_timeout  36000s;
diff --git a/snippets/www-acme-challenge.conf b/snippets/www-acme-challenge.conf
index ba3c0b7117cdc522b64ab5593b5d888e72e8a7df..db17b301a17ce9bb3df3d8cee668299cc8cc040e 100644
--- a/snippets/www-acme-challenge.conf
+++ b/snippets/www-acme-challenge.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
 location /.well-known/acme-challenge/ { root /var/www/www.shore.co.il; }