diff --git a/data.nix b/data.nix
index 6e4d967..aa49ca3 100644
--- a/data.nix
+++ b/data.nix
@@ -80,8 +80,8 @@ rec {
     @                                SOA   ns1.jakstys.lt. motiejus.jakstys.lt. (2023032100 86400 86400 86400 86400)
     @                                NS    ns1.jakstys.lt.
     @                                NS    ns2.jakstys.lt.
-    @                60              A     ${hel1a}
-    www              60              A     ${hel1a}
+    @                60              A     ${vno1}
+    www              60              A     ${vno1}
     ns1                              A     ${vno1}
     ns2                              A     ${hel1a}
     vpn             600              A     ${hel1a}
diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
index 424d431..1c134e9 100644
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@@ -119,12 +119,12 @@
     caddy = {
       enable = true;
       email = "motiejus+acme@jakstys.lt";
-      virtualHosts."www.jakstys.lt".extraConfig = ''
-        redir https://jakstys.lt
-      '';
       virtualHosts."fwmine.jakstys.lt".extraConfig = ''
         reverse_proxy fwmine.motiejus.jakst:8080
       '';
+      virtualHosts."www.jakstys.lt".extraConfig = ''
+        redir https://jakstys.lt
+      '';
       virtualHosts."jakstys.lt" = {
         logFormat = ''
           output file ${config.services.caddy.logDir}/access-jakstys.lt.log {
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index 04bda0f..dfdf949 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -158,10 +158,48 @@
     caddy = {
       enable = true;
       email = "motiejus+acme@jakstys.lt";
-      virtualHosts."grafana.jakstys.lt" = {
+      virtualHosts."grafana.jakstys.lt".extraConfig = ''
+        reverse_proxy 127.0.0.1:3000
+        tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
+      '';
+      virtualHosts."www.jakstys.lt".extraConfig = ''
+        redir https://jakstys.lt
+      '';
+      virtualHosts."jakstys.lt" = {
+        logFormat = ''
+          output file ${config.services.caddy.logDir}/access-jakstys.lt.log {
+            roll_disabled
+          }
+        '';
         extraConfig = ''
-          reverse_proxy 127.0.0.1:3000
-          tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
+          header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+          header /_/* Cache-Control "public, max-age=31536000, immutable"
+
+          root * /var/www/jakstys.lt
+          file_server {
+            precompressed br gzip
+          }
+
+          @matrixMatch {
+            path /.well-known/matrix/client
+            path /.well-known/matrix/server
+          }
+          header @matrixMatch Content-Type application/json
+          header @matrixMatch Access-Control-Allow-Origin *
+          header @matrixMatch Cache-Control "public, max-age=3600, immutable"
+
+          handle /.well-known/matrix/client {
+            respond "{\"m.homeserver\": {\"base_url\": \"https://jakstys.lt\"}}" 200
+          }
+          handle /.well-known/matrix/server {
+            respond "{\"m.server\": \"jakstys.lt:443\"}" 200
+          }
+
+          handle /_matrix/* {
+            encode gzip
+            reverse_proxy http://127.0.0.1:${toString myData.ports.matrix-synapse}
+          }
         '';
       };
     };