diff --git a/configuration.nix b/configuration.nix
index d4b1de2..da94343 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -54,7 +54,11 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
+  networking.firewall.allowPing = false;
   networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -p tcp -s 95.90.121.54 -j ACCEPT
+  '';
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.loooph = {
diff --git a/matrix-synapse.nix b/matrix-synapse.nix
index 3ce2a4f..9187f81 100644
--- a/matrix-synapse.nix
+++ b/matrix-synapse.nix
@@ -54,5 +54,19 @@ in {
         ];
       }
     ];
+    extraConfig = ''
+      password_providers:
+       - module: "ldap_auth_provider.LdapAuthProvider"
+         config:
+           enabled: true
+           mode: "search"
+           uri: "ldap://bib3.de:389"
+           start_tls: true
+           base: "ou=users,o=bib3,c=DE"
+           attributes:
+              uid: "cn"
+              mail: "mail"
+              name: "givenName"
+    '';
   };
 }
diff --git a/openldap.nix b/openldap.nix
index 7b7e4ff..74389e7 100644
--- a/openldap.nix
+++ b/openldap.nix
@@ -1,12 +1,24 @@
 {config, pkgs, ...}:
 
 {
+  # let's hope this works
+  security.acme.certs."bib3.de".postRun = ''
+    install -o openldap -g openldap -m 700 -d /var/lib/acme/bib3.de /var/lib/ssl/openldap
+    install -o openldap -g openldap -m 600 /var/lib/acme/bib3.de/* /var/lib/ssl/openldap
+  '';
+
   services.openldap = {
     enable = true;
     dataDir = "/var/lib/openldap";
     rootpwFile = "/etc/nixos/secret/openldaproot.pw";
     suffix = "o=bib3,c=DE";
     rootdn = "cn=admin,o=bib3,c=DE";
+    extraConfig = ''
+      TLSCipherSuite DEFAULT
+      TLSCACertificateFile  /var/lib/ssl/openldap/chain.pem
+      TLSCertificateFile    /var/lib/ssl/openldap/cert.pem
+      TLSCertificateKeyFile /var/lib/ssl/openldap/key.pem
+    '';
     declarativeContents = ''
       dn: o=bib3, c=DE
       objectclass: organization
@@ -16,9 +28,13 @@
       ou: users
 
       dn: cn=test, ou=users, o=bib3, c=DE
-      objectclass: person
-      cn: test
-      sn: test
+      objectclass: InetOrgPerson
+      cn: testcn
+      sn: testsn
+      givenName: test test
+      mail: test@test.de
+      userPassword: {CRYPT}$6$ssV7iTyDF7VMB.gx$DKUJgb/M5q.nd0/ilBTQRaR/pw9bMGhbrCp0CSD9Mt1epgoXYu9LA9P4UtWOyVV/QV3LHvJNoiBsfZMcBMAQN.
     '';
   };
+  # TODO move users to seperate files
 }