diff --git a/audiobooks.nix b/audiobooks.nix
index 7c6574d..02cb859 100644
--- a/audiobooks.nix
+++ b/audiobooks.nix
@@ -1,7 +1,8 @@
-{ ... }:
+{ config, ... }:
 
 let
   domain = "books.sondell.org";
+	# derp = "hi";
 in
 {
   # 
@@ -12,10 +13,14 @@ in
 
 
   services.nginx.virtualHosts.${domain} = {
-    default = true;
+    enableACME = true;
+    forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:8000/";
       proxyWebsockets = true;
+      # extraConfig = ''
+      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
+      # '';
     };
   };
 }
diff --git a/configuration.nix b/configuration.nix
index 2e30133..5b86ee0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -110,15 +110,11 @@
   environment.systemPackages = with pkgs; [
   #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
   #  wget
-    htop
-    cloudflared
     filebrowser
-    dufs
     git
     helix
     nil
     starship
-    tailscale
   ];
 
   programs.fish= {
diff --git a/coturn.nix b/coturn.nix
index ec5e853..6354b40 100644
--- a/coturn.nix
+++ b/coturn.nix
@@ -63,10 +63,10 @@
     group = "turnserver";
   };
   # configure synapse to point users to coturn
-  # services.matrix-synapse = with config.services.coturn; {
-  #   turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
-  #   turn_shared_secret = static-auth-secret;
-  #   turn_user_lifetime = "1h";
-  # };
+  services.matrix-synapse = with config.services.coturn; {
+    turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
+    turn_shared_secret = static-auth-secret;
+    turn_user_lifetime = "1h";
+  };
 }
 
diff --git a/filebrowser.nix b/filebrowser.nix
index 5d346c6..5cf3325 100644
--- a/filebrowser.nix
+++ b/filebrowser.nix
@@ -18,25 +18,16 @@ in
     };
   };
 
-  systemd.services.tailBrowser = with pkgs; {
-    enable = true;
-    description = "serve via tailscale filebrowser";
-    wantedBy = [ "multi-user.target" ];
-    unitConfig = {
-      After="filebrowser.target";
-    };
-    serviceConfig = {
-      ExecStart = "${tailscale}/bin/tailscale serve --http 80 localhost:8080";
-      # User= "jellyfin";
-      Type= "simple";
-    };
-  };
-
 
   services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:8080/";
       proxyWebsockets = true;
+      # extraConfig = ''
+      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
+      # '';
     };
   };
 }
diff --git a/flake.nix b/flake.nix
index 12caad0..b4b2d7c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,15 +8,14 @@
       specialArgs = attrs;
       modules = [ 
         ./configuration.nix 
-        ./audiobooks.nix 
-        ./tunnel.nix
         ./forgejo.nix 
         ./nextcloud.nix 
+        ./audiobooks.nix 
         ./jellyfin.nix 
         ./filebrowser.nix
-        ./tail.nix
         ./matrix.nix
-        # ./coturn.nix  # disabled becouse tls not solved
+        ./tail.nix
+        ./coturn.nix
       ];
 
     };
diff --git a/forgejo.nix b/forgejo.nix
index bc93c06..123bbc7 100644
--- a/forgejo.nix
+++ b/forgejo.nix
@@ -19,6 +19,7 @@ in
   };
 
   services.nginx = {
+    enable = true;
     appendHttpConfig = ''
       map $uri $forgejo_access_log {
         default 1;
@@ -28,8 +29,13 @@ in
   };
 
   services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:3000/";
+      # extraConfig = ''
+      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
+      # '';
     };
   };
 }
diff --git a/jellyfin.nix b/jellyfin.nix
index a214af7..0675dcb 100644
--- a/jellyfin.nix
+++ b/jellyfin.nix
@@ -12,9 +12,14 @@ in
 
 
   services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:8096/";
       proxyWebsockets = true;
+      # extraConfig = ''
+      #   access_log /var/log/nginx/access.log main if=$forgejo_access_log;
+      # '';
     };
   };
 }
diff --git a/matrix.nix b/matrix.nix
index 2b19a33..cc2d4c5 100644
--- a/matrix.nix
+++ b/matrix.nix
@@ -52,8 +52,8 @@ services.postgresql = {
 
   services.nginx.virtualHosts = {
     ${fqdn} = {
-      # enableACME = true;
-      # forceSSL = true;
+      enableACME = true;
+      forceSSL = true;
       locations."/".extraConfig = ''
         return 404;
       '';
@@ -65,8 +65,8 @@ services.postgresql = {
     };
 
     ${domain} = {
-      # enableACME = true;
-      # forceSSL = true;
+      enableACME = true;
+      forceSSL = true;
       locations."/" = {
         proxyPass = "http://localhost:8008";
       };
diff --git a/nextcloud.nix b/nextcloud.nix
index e3b8382..02d9610 100644
--- a/nextcloud.nix
+++ b/nextcloud.nix
@@ -17,8 +17,8 @@ in
   services = {
     nginx.virtualHosts = {
       ${domain} = {
-        # forceSSL = true;
-        # enableACME = true;
+        forceSSL = true;
+        enableACME = true;
         # Use DNS Challenege.
         # acmeRoot = null;
       };
diff --git a/tunnel.nix b/tunnel.nix
deleted file mode 100644
index 739c85e..0000000
--- a/tunnel.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{...}:
-{
-  services.nginx = {
-    enable = true;
-    clientMaxBodySize = "10g";
-    defaultHTTPListenPort = 1234;
-  };
-  services.cloudflared = {
-    enable = true;
-    tunnels = {
-      "tulpan" = {
-        credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json";
-        default = "http_status:404";
-        ingress = {
-          "*.sondell.org" = "http://localhost:1234";
-        };
-      };
-    };
-  }; 
-}