diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix
index 285abcd..b7e1e3e 100644
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@@ -1,16 +1,23 @@
 { pkgs, lib, ... }:
 
 let
-  domain = "media.giugl.io";
+  domain = "plex.giugl.io";
   network = import ./network.nix;
+  port = 32400;
 in
 {
+  architect.firewall = {
+    openTCP = [ 32400 3005 8324 32469 ];
+    openUDP = [ 1900 5353 32410 32412 32413 32414 ];
+  };
+
   services.plex = {
     enable = true;
     package = pkgs.unstablePkgs.plex;
-    dataDir = "/plex";
+    #    dataDir = "/plex";
   };
 
+
   services.nginx = {
     enable = true;
     # give a name to the virtual host. It also becomes the server name.
@@ -19,10 +26,6 @@ in
       enableACME = true;
       http2 = true;
       extraConfig = ''
-          allow 10.3.0.0/24;
-          allow 10.0.0.0/24;
-          deny all;
-
         #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
           send_timeout 100m;
 
@@ -77,8 +80,10 @@ in
         # Buffering off send to the client as soon as the data is received from Plex.
           proxy_redirect off;
           proxy_buffering off;
+
+          add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
       '';
-      locations."/" = { proxyPass = "http://127.0.0.1:32400"; };
+      locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
     };
   };