diff --git a/data/services.nix b/data/services.nix
index 7147577..4f0faa4 100644
--- a/data/services.nix
+++ b/data/services.nix
@@ -17,5 +17,8 @@ rec {
       "https://download.kiwix.org/zim/wikipedia/wikipedia_de_all_nopic_2026-01.zim"
     ];
   };
+  matrix = {
+    trusted_servers = [ "matrix.org" ];
+  };
 }
 
diff --git a/services/continuwuity.nix b/services/continuwuity.nix
index f97834b..efedd2f 100644
--- a/services/continuwuity.nix
+++ b/services/continuwuity.nix
@@ -15,6 +15,7 @@ in
         allow_encryption = true;
         allow_federation = true;
         max_request_size = 20 * 1024 * 1024; # 20 MiB
+        trusted_servers = serv.matrix.trusted_servers;
       };
     };
   };
diff --git a/services/nginx.nix b/services/nginx.nix
index f886018..c4fdf36 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -12,12 +12,15 @@ let
         name = endpointName;
         value = {
           proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
-            proxyWebsockets = true;
+          proxyWebsockets = true;
         };
       }));
     serverAlias = lib.optionalAttrs (service.reverse_proxy.aliases != null) {
         serverAliases = map (alias: "${alias}.${domain}") service.reverse_proxy.aliases;
       };
+    myExtraConfig = if service.reverse_proxy.extraConfig != null
+        then service.reverse_proxy.extraConfig
+        else {};
   in
     {
       serverName = "${domain}";
@@ -27,7 +30,7 @@ let
         allow ${network.network.subnet};
         deny all;
       '';
-    } // serverAlias;
+    } // serverAlias // myExtraConfig;
   rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
   serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
   fallback = {