diff --git a/flake.lock b/flake.lock
index 9da0e30f..ac7daee3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -40,11 +40,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1614901575,
-        "narHash": "sha256-aGKpOBH/3REMxsyGddq7Jd+uhCAj5hfHIFr3otJUZXo=",
+        "lastModified": 1614993322,
+        "narHash": "sha256-JcC7oPS8qCmk+abBGUzNvgV2B9XACcNSjc0pfX0ldoA=",
         "ref": "master",
-        "rev": "990543b60319b1d09d13c3e7506188a69f690c8e",
-        "revCount": 79,
+        "rev": "30c7719adc2615e87e3b38596384ecec24347883",
+        "revCount": 81,
         "type": "git",
         "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
       },
diff --git a/flake.nix b/flake.nix
index 6cf607cc..49fb9c71 100644
--- a/flake.nix
+++ b/flake.nix
@@ -140,6 +140,9 @@
             ./lib/lxc-container.nix
             ./hosts/containers/matemat
             "${yammat}/nixos-module.nix"
+            ({ ... }: {
+              nixpkgs.overlays = [ secrets.overlays.matemat ];
+            })
           ];
           system = "x86_64-linux";
         };
diff --git a/hosts/containers/matemat/default.nix b/hosts/containers/matemat/default.nix
index 87524ae3..185a9c30 100644
--- a/hosts/containers/matemat/default.nix
+++ b/hosts/containers/matemat/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 {
   c3d2 = {
     isInHq = true;
@@ -19,7 +19,13 @@
       default = true;
       forceSSL = true;
       enableACME = true;
-      locations."/".proxyPass = "http://localhost:3000";
+      locations."/" = {
+        proxyPass = "http://localhost:3000";
+        extraConfig = ''
+          auth_basic secured;
+          auth_basic_user_file ${pkgs.matemat-auth};
+        '';
+      };
     };
   };
   security.acme = {