diff --git a/audiobooks.nix b/audiobooks.nix
index 7c6574d..52be9c2 100644
--- a/audiobooks.nix
+++ b/audiobooks.nix
@@ -12,6 +12,8 @@ in
 
 
   services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
     default = true;
     locations."/" = {
       proxyPass = "http://localhost:8000/";
diff --git a/configuration.nix b/configuration.nix
index 30aa309..d7553df 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -101,6 +101,11 @@
     ];
   };
 
+  users.users.root = {
+    isNormalUser = false;
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYGJCpFIiWqzy8YbfWh7+i52XVwyhUu+P0rUglVR5uV gws@nixos"];
+  };
+
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
diff --git a/filebrowser.nix b/filebrowser.nix
index 2381a7f..293f0be 100644
--- a/filebrowser.nix
+++ b/filebrowser.nix
@@ -34,6 +34,8 @@ in
 
 
   services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
     locations."/" = {
       proxyPass = "http://localhost:8080/";
       proxyWebsockets = true;
diff --git a/flake.lock b/flake.lock
index 8cd04be..4c362ce 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,37 @@
 {
   "nodes": {
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -26,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1711535911,
-        "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=",
+        "lastModified": 1712745070,
+        "narHash": "sha256-75kSMjyCD5/IliSPkBcBSBamwPYF30Ddr8Ef2XxDfiE=",
         "ref": "refs/heads/main",
-        "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331",
-        "revCount": 9,
+        "rev": "c2650ecab1c7b9b2e10d690b40e82817d257b53a",
+        "revCount": 28,
         "type": "git",
         "url": "https://git.sondell.org/glennwso/home.git"
       },
@@ -39,6 +71,29 @@
         "url": "https://git.sondell.org/glennwso/home.git"
       }
     },
+    "nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1710449465,
+        "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1711703276,
@@ -58,6 +113,7 @@
     "root": {
       "inputs": {
         "home": "home",
+        "nixos-mailserver": "nixos-mailserver",
         "nixpkgs": "nixpkgs"
       }
     },
@@ -75,6 +131,39 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 2dd0193..217f656 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,11 +2,16 @@
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
   inputs.home.url = "git+https://git.sondell.org/glennwso/home.git";
   inputs.home.inputs.nixpkgs.follows = "nixpkgs";
+  inputs.nixos-mailserver = {
+    url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+    inputs.nixpkgs.follows = "nixpkgs";
+  };
 
-  outputs = { self, nixpkgs, home }@attrs:
+  outputs = { self, nixpkgs, home, nixos-mailserver}@attrs:
   let 
     system = "x86_64-linux";
     homepage = home.packages.${system}.default;
+    mailserver = nixos-mailserver.nixosModules.default;
   in
    {
     # replace 'joes-desktop' with your hostname here.
@@ -25,7 +30,8 @@
         ./tail.nix
         ./matrix.nix
         ./coturn.nix  
-        # (import ./homepage.nix {inherit homepage;})
+        (import ./mail.nix {inherit mailserver;})
+        (import ./homepage.nix {inherit homepage;})
       ];
 
     };
diff --git a/homepage.nix b/homepage.nix
index b250c47..36c5070 100644
--- a/homepage.nix
+++ b/homepage.nix
@@ -13,13 +13,15 @@ in
       After="network-online.target";
     };
     serviceConfig = {
-      ExecStart = "${homepage}/bin/homepage -p ${port}";
+      ExecStart = "${homepage}/bin/home-prod -p ${port}";
       User= "sondell";
       Type= "simple";
     };
   };
 
   services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
     locations."/" = {
       proxyPass = "http://localhost:${port}/";
       proxyWebsockets = true;
diff --git a/jellyfin.nix b/jellyfin.nix
index a214af7..9d80b2b 100644
--- a/jellyfin.nix
+++ b/jellyfin.nix
@@ -12,6 +12,8 @@ in
 
 
   services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
     locations."/" = {
       proxyPass = "http://localhost:8096/";
       proxyWebsockets = true;
diff --git a/mail.nix b/mail.nix
new file mode 100644
index 0000000..632e706
--- /dev/null
+++ b/mail.nix
@@ -0,0 +1,51 @@
+{ mailserver , ... }:
+let
+  domain = "sondell.org";
+  fqdn =  "mail.${domain}";
+in
+{
+  imports = [
+    mailserver
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = fqdn;
+    domains = [ domain ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
+    # echo apassword | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash
+    loginAccounts = {
+      "admin@sondell.org" = {
+        hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
+        aliases = ["info@sondell.org"];
+      };
+      "glenn@sondell.org" = {
+        hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
+      };
+      "gilbert@sondell.org" = {
+        hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash";
+      };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+
+  services.roundcube = {
+     enable = true;
+     # this is the url of the vhost, not necessarily the same as the fqdn of
+     # the mailserver
+     hostName = "webmail.${domain}";
+     extraConfig = ''
+       # starttls needed for authentication, so the fqdn required to match
+       # the certificate
+       $config['smtp_server'] = "tls://${fqdn}";
+       $config['smtp_user'] = "%u";
+       $config['smtp_pass'] = "%p";
+     '';
+  };
+  
+}
diff --git a/matrix.nix b/matrix.nix
index cc2d4c5..05be83b 100644
--- a/matrix.nix
+++ b/matrix.nix
@@ -54,9 +54,9 @@ services.postgresql = {
     ${fqdn} = {
       enableACME = true;
       forceSSL = true;
-      locations."/".extraConfig = ''
-        return 404;
-      '';
+      # locations."/".extraConfig = ''
+      #   return 404;
+      # '';
       # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
       # *must not* be used here.
       locations."/_matrix".proxyPass = "http://[::1]:8008";
@@ -67,9 +67,9 @@ services.postgresql = {
     ${domain} = {
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://localhost:8008";
-      };
+      # locations."/" = {
+      #   proxyPass = "http://localhost:8008";
+      # };
       # This section is not needed if the server_name of matrix-synapse is equal to
       # the domain (i.e. example.org from @foo:example.org) and the federation port
       # is 8448.
diff --git a/nextcloud.nix b/nextcloud.nix
index f89c008..20916c6 100644
--- a/nextcloud.nix
+++ b/nextcloud.nix
@@ -66,14 +66,14 @@ in
     #   startAt = "*-*-* 01:15:00";
     # };
   };
-  # services.onlyoffice = {
-  #   enable = true;
-  #   port = 8123;
-  # };
-  # services.nginx.virtualHosts."office.sondell.org" = {
-  #   forceSSL = true;
-  #   enableACME = true;
-  #   locations."/".proxyPass = "http://localhost:8123";
-    
-  # };
+  services.onlyoffice = {
+    enable = true;
+    port = 8123;
+    hostname = "office.sondell.org";
+  };
+  services.nginx.virtualHosts."office.sondell.org" = {
+    forceSSL = true;
+    enableACME = true;
+  #   locations."/".proxyPass = "http://12:8123";
+  };
 }