diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index dd2ddf7..0acb74f 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,5 +1,11 @@
-# Matrix (Conduwuit)
-we2.ee {
+# CONDUWUIT
+we2.ee, we2.ee:8448 {
+    log {
+        output stdout
+        format console
+        level INFO
+    }
+
     # About redirect
     handle /about {
         redir https://sij.law/we2ee/ permanent
@@ -20,13 +26,21 @@ we2.ee {
         redir https://sij.law/anysync/ permanent
     }
 
-    # Handle Matrix-style room redirects (MUST come before user redirects!)
+
+    # Block leaving the mandatory announcements room
+    handle /_matrix/client/v3/rooms/!H8Eys4SOa7C5CxBY3O:we2.ee/leave {
+        header Content-Type "application/json"
+        respond 403 {
+            body `{"errcode":"M_FORBIDDEN","error":"Leaving the announcements room is not permitted"}`
+        }
+    }
+
+    # Handle Matrix-style room redirects
     @matrix_local_room {
         path_regexp ^/@@([^:]+)$
     }
     redir @matrix_local_room https://matrix.to/#/%23{re.1}:we2.ee permanent
 
-    # Handle Matrix-style room redirects with custom domains
     @matrix_remote_room {
         path_regexp ^/@@([^:]+):([^/]+)$
     }
@@ -38,22 +52,26 @@ we2.ee {
     }
     redir @matrix_local_user https://matrix.to/#/@{re.1}:we2.ee permanent
 
-    # Handle Matrix-style user redirects with custom domains
     @matrix_remote_user {
         path_regexp ^/@([^:]+):([^/]+)$
     }
     redir @matrix_remote_user https://matrix.to/#/@{re.1}:{re.2} permanent
 
+    # Maubot (separate bot runner)
+    handle /_matrix/maubot/* {
+        reverse_proxy localhost:29316
+    }
+
     # Handle Conduwuit homeserver
     handle /_matrix/* {
-        reverse_proxy localhost:8448
+        reverse_proxy localhost:8008
     }
 
     # Handle federation
     handle /.well-known/matrix/server {
         header Access-Control-Allow-Origin "*"
         header Content-Type "application/json"
-        respond `{"m.server": "we2.ee"}`
+        respond `{"m.server": "we2.ee:8448"}`
     }
 
     # Handle client discovery
@@ -61,8 +79,8 @@ we2.ee {
         header Access-Control-Allow-Origin "*"
         header Content-Type "application/json"
         respond `{
-            "m.homeserver": {"base_url": "https://we2.ee"},
-            "org.matrix.msc3575.proxy": {"url": "https://we2.ee"}
+            "m.homeserver": {"base_url": "https://we2.ee/"},
+            "org.matrix.msc3575.proxy": {"url": "https://we2.ee/"}
         }`
     }
 
@@ -121,4 +139,12 @@ txt.we2.ee {
     tls {
         dns cloudflare {env.CLOUDFLARE_API_TOKEN}
     }
+}
+
+# Cinny
+cinny.we2.ee {
+    reverse_proxy localhost:3004
+    tls {
+        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+    }
 }
\ No newline at end of file