update documentation

.github/assets/README_template.md

@@ -45,9 +45,9 @@ It includes *home-manager*, *secrets*, and *custom theming* all in one place.
 
 ## Architecture
 
-### 🏠 home (User-level configuration)
+### 🏠 /home (User-level configuration)
 
-Contains dotfiles and settings that apply to your user environment.
+Contains **dotfiles and settings** that apply to your user environment.
 
 **Subfolders:**
 
@@ -55,16 +55,16 @@ Contains dotfiles and settings that apply to your user environment.
 - `scripts` is a folder full of bash scripts (see [SCRIPTS.md](docs/SCRIPTS.md))
 - `system` is some "desktop environment" configuration
 
-### 🐧 nixos
+### 🐧 /nixos
 
 Those are the system-level configurations. (audio, bluetooth, gpu, bootloader, ...)
 
-### 🎨 themes
+### 🎨 /themes
 
-This folder contains all system themes.
+This folder contains all system themes. Mainly [stylix](https://stylix.danth.me/) configurations.
 Check out the available themes and learn how to create your own in [THEMES.md](docs/THEMES.md)
 
-### 💻 hosts
+### 💻 /hosts
 
 This directory contains host-specific configurations.
 Each host includes:

docs/SERVER.md

@@ -1,3 +1,54 @@
 # SERVER
 
----
+## Overview  
+
+This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **Tailscale**. The server is designed for private, secure, and easily manageable self-hosting of various services.
+
+![server dashboard](../.github/assets/server_dashboard.png)
+
+## **Why This Setup?**  
+
+- **Private & Secure**: Services are only accessible through Tailscale, preventing exposure to the public internet.  
+- **Domain-based Access**: A custom domain (`example.org`) maps to the server's Tailscale IP, making service access simple and consistent.  
+- **Automatic SSL Certificates**: Using DNS-01 challenges, valid SSL certificates are generated even though the services are not publicly exposed.  
+- **Modular & Declarative**: Everything is managed through NixOS modules, ensuring reproducibility and easy configuration.  
+
+## **Self-Hosted Services**  
+
+The server hosts several key applications:  
+
+### **Core Infrastructure**  
+
+- **NGINX**: Reverse proxy for routing traffic to services via `example.org`.  
+- **Bitwarden**: A self-hosted password manager for secure credential storage.  
+- **Nextcloud**: A private cloud solution for file synchronization and collaboration.  
+
+### **Networking & Security**  
+
+- **AdGuard Home**: A self-hosted DNS ad blocker for network-wide ad and tracker filtering.  
+
+### **Monitoring & Storage**  
+
+- **Glance**: An awesome dashboard! (See the screenshot above)
+- **Hoarder**: A self-hostable bookmark-everything app (links, notes and images)
+
+### **Media & Content Management**  
+
+- **Arr Stack (Radarr, Sonarr, etc.)**: Automated media management tools for handling movies and TV shows. (legaly ofc)
+
+## **How It Works**  
+
+1. **Domain Configuration**  
+   - `example.org` is pointed to the Tailscale IP of the server. (cloudflare A record, not proxied)
+   - This allows for easy access without exposing services to the internet.  
+
+2. **SSL Certificate Generation**  
+   - Certificates are obtained using a **DNS-01 challenge**, verifying domain ownership without requiring public access.
+
+3. **NGINX Reverse Proxy**  
+   - Routes incoming requests from `*.example.org` to the correct internal service.  
+   - Ensures SSL termination and secure connections.  
+
+4. **Access Control**  
+   - Only devices within the Tailscale network can reach the services.  
+   - Firewall rules restrict access further based on necessity.