diff --git a/services/matrix-synapse.nix b/services/matrix-synapse.nix
index b840d74..aab097b 100644
--- a/services/matrix-synapse.nix
+++ b/services/matrix-synapse.nix
@@ -84,6 +84,12 @@
   services.matrix-synapse = {
     enable = true;
     server_name = "hacc.space";
+    public_baseurl = "https://matrix.hacc.space";
+    enable_registration = true;
+    allow_guest_access = true;
+    max_upload_size = "25M";
+    max_image_pixels = "25M";
+    dynamic_thumbnails = true;
     extraConfigFiles = [ "/var/lib/matrix-synapse/secrets.yml" ];
     extraConfig = ''
       public_baseurl: https://matrix.hacc.space
@@ -97,8 +103,6 @@
         client_base_url: "https://element.hacc.space"
         invite_client_location: "https://element.hacc.space"
 
-      enable_registration = true;
-      allow_guest_access = true;
       admin_contact: 'mailto:admin@hacc.space'
       web_client_location: https://element.hacc.space/
       use_presence: false # uses lots of CPU for bacially nothing
@@ -106,12 +110,9 @@
       allow_public_rooms_without_auth: true # public rooms should be public. can be changed if too much spam occurs
       default_room_version: "6"
 
-      limit_usage_by_mau: false # disables max userer
-      mau_stats_only: false
-      
       redaction_retention_period: 3d # ich hab keine Ahnung, was das tut, aber weniger klingt besser
       user_ips_max_age: 1d # ich will das Zeug gar nicht qq
-      
+
       retention:
         enabled: true
         default_policy:
@@ -129,40 +130,29 @@
           - shortest_max_lifetime: 1w
             interval: 1d
       
-
-      max_upload_size: 50M
-      max_image_pixels: 24M
-      url_preview_enabled: false # disabled, can leak urls of encrypted communication
-
-      
       auto_join_rooms:
         - "#lobby:hacc.space"
       auto_join_rooms_for_guests: true
-      
-      
-      enable_metrics: false
-      report_stats: false
-      
+
       password_config:
          policy:
             enabled: true
             minimum_length: 16
-      
+
       push:
         include_content: false
         group_unread_count_by_room: false
-      
+
       encryption_enabled_by_default_for_room_type: all # invite might be the more sane setting, but like this we never retain any unecrypted messeage from our rooms
-      
+
       enable_group_creation: true
       group_creation_prefix: "__" # groups created by non-admins start eith this prefix
-      
+
       user_directory:
           enabled: true
           search_all_users: false
           prefer_local_users: true
-      
-      
+
       # User Consent configuration
       #
       # for detailed instructions, see
@@ -211,13 +201,7 @@
       #    terms and conditions at %(consent_uri)s
       #  require_at_registration: false
       #  policy_name: Privacy Policy
-      #
-      
-      stats:
-        enabled: true # disabling this apparently breaks the room directory
-        bucket_size: 1w
-
-      ";
+      #      
     '';
     listeners = [ {
       port = 8008;