diff --git a/data/network.nix b/data/network.nix
index 8a93f8c..7ac3b48 100644
--- a/data/network.nix
+++ b/data/network.nix
@@ -66,6 +66,19 @@ rec {
         port = 6167;
         ssl = true;
         allowExternConnections = true;
+        listen = [
+          {
+            port = 80;
+          }
+          {
+            port = 443;
+            ssl = true;
+          }
+          {
+            port = 8448;
+            ssl = true;
+          }];
+        endpoints = ["/_matrix"];
       };
       domainOverride = "nudelerde.de";
     };
diff --git a/services/nginx.nix b/services/nginx.nix
index 353e1cb..ddbbf35 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -21,11 +21,15 @@ let
     myExtraConfig = if service.reverse_proxy ? extraConfig
         then service.reverse_proxy.extraConfig
         else {};
+    listenConfig = if service.reverse_proxy ? listen
+        then service.reverse_proxy.listen
+        else if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
+          then [ {port = 80;} {port = 443; ssl=true;} ]
+          else [ {port = 80;} ];
     sslConfig = if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
         then {
           enableACME = true;
           forceSSL = true;
-          listen = [ {addr = "0.0.0.0"; port = 80;} {addr = "0.0.0.0"; port = 443; ssl=true;} ];
         }
         else {};
     externConnections = if service.reverse_proxy ? allowExternConnections && service.reverse_proxy.allowExternConnections
@@ -38,7 +42,10 @@ let
   in
     {
       serverName = "${domain}";
-      listen = [ {addr = "0.0.0.0"; port = 80;} ];
+      listen = map (obj: ({
+        addr = if obj ? addr then obj.addr else "0.0.0.0"; 
+        port = obj.port;
+        } // (if obj ? ssl then {ssl = obj.ssl;} else {}))) listenConfig;
       locations = locationsData;
       extraConfig = ''
         allow ${network.network.subnet};