diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix
index e4eb3ce..6231b0d 100644
--- a/hosts/m3-atlas/services/containers/default.nix
+++ b/hosts/m3-atlas/services/containers/default.nix
@@ -3,8 +3,9 @@
     ./baserow.nix
     ./ghost.nix
     ./littlelink.nix
+    ./matomo.nix
     ./n8n.nix
-    ./restreamer.nix
+    # ./restreamer.nix
     ./slash.nix
   ];
   system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
diff --git a/hosts/m3-atlas/services/containers/matomo.nix b/hosts/m3-atlas/services/containers/matomo.nix
new file mode 100644
index 0000000..4560cfc
--- /dev/null
+++ b/hosts/m3-atlas/services/containers/matomo.nix
@@ -0,0 +1,33 @@
+{
+  virtualisation.oci-containers.containers."matomo" = {
+    image = "docker.io/matomo:latest";
+    ports = ["127.0.0.1:3011:80"];
+    volumes = ["matomo_data:/var/www/html"];
+    environment = {
+      MATOMO_DATABASE_HOST = "mysql";
+      MATOMO_DATABASE_USERNAME = "matomo";
+      MATOMO_DATABASE_PASSWORD = "matomo";
+      MATOMO_DATABASE_DBNAME = "matomo";
+      MYSQL_DATABASE = "matomo";
+      PHP_MEMORY_LIMIT = "2048M";
+    };
+    extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.15" "--network=web"];
+  };
+  # Traefik configuration specific to ghost
+  services.traefik.dynamicConfigOptions.http = {
+    services.matomo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3011/";
+      }
+    ];
+
+    routers.matomo = {
+      rule = "Host(`stats.nemoti.com`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "matomo";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/hosts/m3-atlas/services/containers/restreamer.nix b/hosts/m3-atlas/services/containers/restreamer.nix
index 6947aeb..83ffbf8 100644
--- a/hosts/m3-atlas/services/containers/restreamer.nix
+++ b/hosts/m3-atlas/services/containers/restreamer.nix
@@ -2,25 +2,87 @@
   virtualisation.oci-containers.containers."restreamer" = {
     image = "docker.io/datarhei/restreamer:latest";
     environmentFiles = [config.age.secrets.restreamer-env.path];
-    ports = ["127.0.0.1:3006:8080" "1935:1935" "1936:1936"];
+    # Modified ports to include RTMPS
+    ports = [
+      "127.0.0.1:3006:8080"
+      "127.0.0.1:1935:1935"
+      "127.0.0.1:1945:1945"
+    ];
     volumes = ["restreamer_data:/restreamer/db"];
     extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.13" "--network=web"];
   };
-  # Traefik configuration specific to baserow
-  services.traefik.dynamicConfigOptions.http = {
-    services.restreamer.loadBalancer.servers = [
-      {
-        url = "http://localhost:3006/";
-      }
-    ];
 
-    routers.restreamer = {
-      rule = "Host(`stream.m3tam3re.com`)";
-      tls = {
-        certResolver = "godaddy";
+  # Traefik configuration
+  services.traefik = {
+    # Add static configuration for entry points
+    staticConfigOptions = {
+      entryPoints = {
+        websecure = {
+          address = ":443";
+        };
+        rtmp = {
+          address = ":1935";
+        };
+        rtmps = {
+          address = ":1945";
+        };
+      };
+    };
+
+    dynamicConfigOptions = {
+      http = {
+        services.restreamer.loadBalancer.servers = [
+          {
+            url = "http://localhost:3006/";
+          }
+        ];
+
+        routers.restreamer = {
+          rule = "Host(`stream.m3tam3re.com`)";
+          tls = {
+            certResolver = "godaddy";
+          };
+          service = "restreamer";
+          entrypoints = ["websecure"];
+        };
+      };
+
+      tcp = {
+        services = {
+          rtmp-service.loadBalancer.servers = [
+            {
+              address = "localhost:1935";
+            }
+          ];
+          rtmps-service.loadBalancer.servers = [
+            {
+              address = "localhost:1945";
+            }
+          ];
+        };
+
+        routers = {
+          rtmp = {
+            rule = "HostSNI(`*`)"; # Changed to accept all SNI
+            service = "rtmp-service";
+            entryPoints = ["rtmp"];
+          };
+          rtmps = {
+            rule = "HostSNI(`stream.m3tam3re.com`)";
+            service = "rtmps-service";
+            entryPoints = ["rtmps"];
+            tls = {
+              certResolver = "godaddy";
+              passthrough = false;
+            };
+          };
+        };
       };
-      service = "restreamer";
-      entrypoints = "websecure";
     };
   };
+
+  # Firewall configuration
+  networking.firewall = {
+    allowedTCPPorts = [80 443 1935 1945];
+  };
 }
diff --git a/hosts/m3-atlas/services/mysql.nix b/hosts/m3-atlas/services/mysql.nix
index c2b605d..0bcd657 100644
--- a/hosts/m3-atlas/services/mysql.nix
+++ b/hosts/m3-atlas/services/mysql.nix
@@ -9,9 +9,6 @@
     initialScript = pkgs.writeText "initial-script.sql" ''
       CREATE USER 'ghost'@'10.89.%' IDENTIFIED BY 'ghost';
       GRANT ALL PRIVILEGES ON ghost.* TO 'ghost'@'10.89.%';
-
-      CREATE USER 'matomo'@'10.89.%' IDENTIFIED BY 'password';
-      GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'10.89.%';
     '';
   };
   services.mysqlBackup = {
diff --git a/hosts/m3-atlas/services/traefik.nix b/hosts/m3-atlas/services/traefik.nix
index e6a6604..a54df2a 100644
--- a/hosts/m3-atlas/services/traefik.nix
+++ b/hosts/m3-atlas/services/traefik.nix
@@ -26,6 +26,12 @@
             scheme = "https";
           };
         };
+        rtmp = {
+          address = ":1935";
+        };
+        rtmps = {
+          address = ":1945";
+        };
         websecure = {address = ":443";};
       };
     };