diff --git a/README.md b/README.md
index 629c2e3..05a9c48 100644
--- a/README.md
+++ b/README.md
@@ -33,3 +33,16 @@ register_new_matrix_user \
     --password <YOUR_PASSWORD>
 ```
 
+# Draupnir
+
+Remove rate limit for account:
+
+```bash
+curl -X DELETE https://matrix.berlin.ccc.de/_synapse/admin/v1/users/@admin:berlin.ccc.de/override_ratelimit
+```
+Set rate limit for account:
+
+```bash
+curl -X POST -d '{"messages_per_second":0,"burst_count":0}' https://matrix.berlin.ccc.de/_synapse/admin/v1/users/@admin:berlin.ccc.de/override_ratelimit
+```
+
diff --git a/flake.nix b/flake.nix
index 3fa8a5c..3edb18a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,6 +57,7 @@
           ./services/nginx.nix
           ./services/postgres.nix
           ./services/synapse.nix
+          ./services/draupnir.nix
         ];
       };
     };
diff --git a/services/draupnir.nix b/services/draupnir.nix
new file mode 100644
index 0000000..3c4a8b5
--- /dev/null
+++ b/services/draupnir.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+  services.draupnir = {
+    enable = false;
+    settings = {
+      homeserverUrl = "https://matrix.berlin.ccc.de";
+      managementRoom = "#moderators:berlin.ccc.de";
+      autojoinOnlyIfManager = true;
+      recordIgnoredInvites = true;
+      roomStateBackingStore.enabled = true;
+      displayReports = true;
+    };
+    secrets.accessToken = config.age.secrets.draupnir_access_token.path;
+  };
+}
+
diff --git a/services/nginx.nix b/services/nginx.nix
index b334e5c..282b82c 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -20,6 +20,7 @@ in
       kTLS = true;
       forceSSL = true;
       useACMEHost = fqdn;
+      #enableACME = true;
       locations = {
         "/.well-known/matrix/client" = {
           return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
@@ -28,13 +29,23 @@ in
             add_header Access-Control-Allow-Origin "*";
           '';
         };
-        "/" = {
+        "~ ^(/_matrix|/_synapse/client)" {
           recommendedProxySettings = true;
           proxyPass = "unix:/run/matrix-synapse.sock";
+          extraConfig = ''
+            proxy_set_header X-Request-ID $request_id;
+          '';
         };
+        "/" = {
+          return = "418 \"I'm a Teapot!\"";
+        };
+        extraConfig = ''
+          client_max_body_size 64M;
+        '';
       };
       extraConfig = ''
-      '';      
+        proxy_http_version 1.1;
+      '';
     };
   };
 
diff --git a/services/synapse.nix b/services/synapse.nix
index 3e7e9b8..0fbec23 100644
--- a/services/synapse.nix
+++ b/services/synapse.nix
@@ -15,6 +15,7 @@ in
         {
           path = "/run/matrix-synapse.sock";
           x_forwarded = true;
+          request_id_header = "X-Request-ID";
           resources = [
             {
               compress = false;