diff --git a/.lego/certificates/wastring.com.crt b/.lego/certificates/wastring.com.crt
new file mode 100644
index 0000000..b4bd3d0
--- /dev/null
+++ b/.lego/certificates/wastring.com.crt
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIELTCCAxWgAwIBAgISBG3/TJ99rk/zB9SGDddGcNarMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yNDA0MDgxMzM1MjFaFw0yNDA3MDcxMzM1MjBaMBcxFTATBgNVBAMT
+DHdhc3RyaW5nLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGYDgoBG6UM
+gtNlAGxE66nSAHpBb/hLQgtRlSzB/hh+C+euZQ7I/c50o2Lg/PznW/hPyVrgUaAe
+SN94AN3/OTijggIhMIICHTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGKNQQ1nLOqq
+FfBHpfXc7RH4+xWFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUG
+CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3Jn
+MCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCkGA1UdEQQiMCCC
+EGdpdC53YXN0cmluZy5jb22CDHdhc3RyaW5nLmNvbTATBgNVHSAEDDAKMAgGBmeB
+DAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmAToswWwb+QDtn
+2E/D9Me9AA0tcm/h+tQXAAABjr4ilgMAAAQDAEcwRQIgSp5OYJdF2myf7mG8G6gw
+ZYEZ0D7oXBQBQIItCnprOCYCIQCcrcX1kiyv+annLcJgiHiCOw2vxx75UDx4kRS7
+08Ki6gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjr4ilrYA
+AAQDAEgwRgIhAK9A3CVJDnyPZ/VdXKU7ES6Xq6FrhijCS2Qji+7XOIF+AiEA82fk
+pXem/CCKJ6BtaYKBHyBeBlnVSDImEOH74DURIlAwDQYJKoZIhvcNAQELBQADggEB
+AFTIiTbgKDlmFA1BAbULqVdhR9GNAVH2jNofbhSd+4Zk+B5XE4KP8HOTop7yzQ+u
+fnWhakGHPwqH3i5IuF4vokShy4L1TfCihZUf4w45rNt6jpMqLoO0ytmAlDwIAn3e
+Ioru3hqm3HXetP3YwISHY31tWkAWOsib375LnIFnvAlsfMuMMg4UQnNrNcmCH1/5
+9l3b+fKxN25KlX72Uwi66bsBOpX0utavEtkGS+go1wZ28KLUF2wIKkPGjYGzDbZE
+lEXdaQn2ajvf5KAUK8kN41duQziHS9FmQjwHohjYcLHNfaJecFaAlsaesjhxVmeU
+JPBVKnmo4F4HSxTnzL1yyhg=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
diff --git a/.lego/certificates/wastring.com.issuer.crt b/.lego/certificates/wastring.com.issuer.crt
new file mode 100644
index 0000000..6626b9c
--- /dev/null
+++ b/.lego/certificates/wastring.com.issuer.crt
@@ -0,0 +1,31 @@
+
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
diff --git a/.lego/certificates/wastring.com.key b/.lego/certificates/wastring.com.key
new file mode 100644
index 0000000..11625e0
--- /dev/null
+++ b/.lego/certificates/wastring.com.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEII8qtQxul4py8fERm1RRqfg+v0Q5Ew9DBmhUa3hi+OFuoAoGCCqGSM49
+AwEHoUQDQgAE0ZgOCgEbpQyC02UAbETrqdIAekFv+EtCC1GVLMH+GH4L565lDsj9
+znSjYuD8/Odb+E/JWuBRoB5I33gA3f85OA==
+-----END EC PRIVATE KEY-----
diff --git a/config/server.nix b/config/server.nix
index 1880182..539bf5b 100644
--- a/config/server.nix
+++ b/config/server.nix
@@ -1,5 +1,5 @@
 # This is your home-manager configuration fileserver
-# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
+# Use this to configure your home environment (it replaces ~/.config/nixnix)
 {
   inputs,
   lib,
@@ -28,66 +28,65 @@
     };
   };
 
-  home.packages =  [
+  home.packages = with pkgs; [
 	# System
-	pkgs.arion
-    pkgs.wget
-    pkgs.killall
-    pkgs.gcc
-    pkgs.gnumake
-    pkgs.htop
-    pkgs.openssh
-    pkgs.xsel
-    pkgs.unzip
-    pkgs.nixops_unstable
-	pkgs.cmake
-    pkgs.networkmanager
-	pkgs.fd
-	pkgs.bat
-	unstable.lego
+	arion
+    wget
+    killall
+    gcc
+    gnumake
+    htop
+    openssh
+    xsel
+    unzip
+    nixops_unstable
+	cmake
+    networkmanager
+	fd
+	bat
 
 	#Terminal	
-    pkgs.git
-    pkgs.yt-dlp
-	pkgs.fzf
-	pkgs.ripgrep
+    git
+    yt-dlp
+	fzf
+	ripgrep
 
 	#Desktop
-    pkgs.neovim
-    pkgs.lazygit
+    neovim
+    lazygit
 
 	#Dev
-    pkgs.python3
-    pkgs.python311Packages.pip
-	pkgs.ranger
-	pkgs.python311Packages.pynvim
-	pkgs.ueberzugpp
+    python3
+    python311Packages.pip
+	ranger
+	python311Packages.pynvim
+	ueberzugpp
 
 	#LSP
-    pkgs.nil
-	pkgs.python311Packages.python-lsp-server
-	pkgs.marksman
-    pkgs.clojure-lsp
-    pkgs.omnisharp-roslyn
-    pkgs.haskell-language-server
-	pkgs.java-language-server
-	pkgs.nodePackages_latest.bash-language-server
-	pkgs.dockerfile-language-server-nodejs
-	pkgs.yaml-language-server
-	pkgs.ansible-language-server
-	pkgs.lua-language-server
-	pkgs.tree-sitter
-	pkgs.nodejs_21
-	pkgs.nodePackages_latest.vls
-	pkgs.nodePackages_latest.volar
-	pkgs.vscode-langservers-extracted
+    nil
+	python311Packages.python-lsp-server
+	marksman
+    clojure-lsp
+    omnisharp-roslyn
+    haskell-language-server
+	java-language-server
+	nodePackages_latest.bash-language-server
+	dockerfile-language-server-nodejs
+	yaml-language-server
+	ansible-language-server
+	lua-language-server
+	tree-sitter
+	nodejs_21
+	nodePackages_latest.vls
+	nodePackages_latest.volar
+	vscode-langservers-extracted
 
     #VPN
-    pkgs.openvpn
-    pkgs.networkmanagerapplet
-    pkgs.networkmanager-l2tp
-    pkgs.strongswan
-    pkgs.ansible
+    openvpn
+    networkmanagerapplet
+    networkmanager-l2tp
+    strongswan
+    ansible
   ];
   programs.home-manager.enable = true;
 
diff --git a/flake.lock b/flake.lock
index 1822f66..6e05e90 100644
--- a/flake.lock
+++ b/flake.lock
@@ -92,17 +92,33 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1711668574,
-        "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=",
-        "owner": "nixos",
+        "lastModified": 1712439257,
+        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
+        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1712437997,
+        "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
         "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
@@ -113,23 +129,7 @@
         "home-manager": "home-manager",
         "nix-gaming": "nix-gaming",
         "nixpkgs": "nixpkgs_2",
-        "unstable": "unstable"
-      }
-    },
-    "unstable": {
-      "locked": {
-        "lastModified": 1712439257,
-        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "nixpkgs-unstable": "nixpkgs-unstable"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 5597a45..4d06b71 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,8 +3,8 @@
 
   inputs = {
     # Nixpkgs
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
-    unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+	nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     # Home manager
     home-manager.url = "github:nix-community/home-manager/release-23.11";
@@ -18,11 +18,18 @@
   outputs = {
     self,
     nixpkgs,
-    unstable,
     home-manager,
+	nixpkgs-unstable,
     ...
   } @ inputs: let
     inherit (self) outputs;
+	system = "x86_64-linux";
+	overlay-unstable = final: prev: {
+        unstable = import nixpkgs-unstable {
+			inherit system;
+          config.allowUnfree = true;
+        };
+      };
   in {
     # NixOS configuration entrypoint
     # Available through 'nixos-rebuild --flake .#your-hostname'
@@ -41,7 +48,11 @@
       };
       server = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs outputs;};
-        modules = [./maskiner/server/configuration.nix];
+		inherit system;
+        modules = [
+			({nixpkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
+			./maskiner/server/configuration.nix
+		];
       };
     };
 
diff --git a/maskiner/server/configuration.nix b/maskiner/server/configuration.nix
index dc8c24a..820ca5f 100644
--- a/maskiner/server/configuration.nix
+++ b/maskiner/server/configuration.nix
@@ -25,6 +25,7 @@
 
 	environment.systemPackages = with pkgs; [
 	  mergerfs
+		unstable.lego
 	];
 	fileSystems."/data" = {
 	  fsType = "fuse.mergerfs";
diff --git a/moduler/common/nginx.nix b/moduler/common/nginx.nix
index aab57a6..10009b8 100644
--- a/moduler/common/nginx.nix
+++ b/moduler/common/nginx.nix
@@ -1,26 +1,49 @@
 
 { pkgs, lib, ... }:
 {
-  security.acme = {
-    acceptTerms = true;
-    email = "fredrik@wastring.com";
+networking.firewall = {
+    allowedTCPPorts = [ 80 443 ];
+  };
+virtualisation.oci-containers = {
+    containers = {
+      "gitea" = {
+        image = "gitea/gitea:1.15.6-rootless";
+        ports = [ "3030:3000" ];
+      };
+    };
   };
-   
   services.nginx = {
     enable = true;
+
+    # Use recommended settings
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-	virtualHosts."wastring.com" = { default = true; useACMEHost = "wastring.com"; addSSL = true; locations."/".proxyPass = "http://172.17.0.1:3030/";  };
-    };
 
-  # security.acme.certs."wastring.com" = {
-  # 		group = "nginx";
-		# domain = "wastring.com";
-		# dnsProvider = "gandiv5";
-		# dnsResolver = "1.1.1.1:53";
-		# dnsPropagationCheck = true;
-		# credentialsFile = "/home/fw/credentials";
-  #   };
+    # Only allow PFS-enabled ciphers with AES256
+    # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    # Add any further config to match your needs, e.g.:
+    virtualHosts = let
+      base = locations: {
+        inherit locations;
+
+        addSSL = true;
+		sslCertificateKey = "/home/fw/nix-config/.lego/certificates/wastring.com.key";
+		sslCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.crt";
+		# sslTrustedCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.issuer.crt";
+      };
+      proxy = port: base {
+        "/" = {
+			proxyPass = "http://172.17.0.1:" + toString(port) + "/";
+			proxyWebsockets = true;
+		};
+      };
+    in {
+      # Define example.com as reverse-proxied service on 127.0.0.1:3000
+      "git.wastring.com" = proxy 3030 // { default = true; };
+    };
+};
+  
 }