Server update

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>

docs/SERVER.md

@@ -1,53 +1,31 @@
 # SERVER
 
-> Update in comming. Early 2026
-
 ## Overview
 
-This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **Tailscale**. The server is designed for private, secure, and easily manageable self-hosting of various services.
+This document describes the architecture and setup of the self-hosted **NixOS server**, which is securely accessible via **a Cloudflare Tunnel**.
+The server is designed for private, secure, and easily manageable self-hosting of various services.
 
 ![server dashboard](../.github/assets/server_dashboard.png)
 
 ## **Why This Setup?**
 
-- **Private & Secure**: Services are only accessible through Tailscale, preventing exposure to the public internet.
-- **Domain-based Access**: A custom domain (`example.org`) maps to the server's Tailscale IP, making service access simple and consistent.
-- **Automatic SSL Certificates**: Using DNS-01 challenges, valid SSL certificates are generated even though the services are not publicly exposed.
-- **Modular & Declarative**: Everything is managed through NixOS modules, ensuring reproducibility and easy configuration.
+- **Private & Secure**: Services are only accessible through Cloudflare's access control, preventing exposure to the "public internet".
+- **Domain-based Access**: A custom domain maps to the server's tunnel, making service access simple and consistent.
+- **Modular & Declarative**: Everything is managed through NixOS modules (except for access control), ensuring reproducibility and easy configuration.
 
 ## **Self-Hosted Services**
 
 The server hosts several key applications:
 
-### **Core Infrastructure**
-
-- **NGINX**: Reverse proxy for routing traffic to services via `example.org`.
-
-### **Networking & Security**
-
+- **NGINX**: Reverse proxy for routing traffic to services via my domain name.
 - **AdGuard Home**: A self-hosted DNS ad blocker for network-wide ad and tracker filtering.
-
-### **Monitoring & Storage**
-
 - **Glance**: An awesome dashboard! (See the screenshot above)
-
-### **Media & Content Management**
-
 - **Arr Stack (Radarr, Sonarr, etc.)**: Automated media management tools for handling movies and TV shows. (legaly ofc)
-
-## **How It Works**
-
-1. **Domain Configuration**
-   - `example.org` is pointed to the Tailscale IP of the server. (cloudflare A record, not proxied)
-   - This allows for easy access without exposing services to the internet.
-
-2. **SSL Certificate Generation**
-   - Certificates are obtained using a **DNS-01 challenge**, verifying domain ownership without requiring public access.
-
-3. **NGINX Reverse Proxy**
-   - Routes incoming requests from `*.example.org` to the correct internal service.
-   - Ensures SSL termination and secure connections.
-
-4. **Access Control**
-   - Only devices within the Tailscale network can reach the services.
-   - Firewall rules restrict access further based on necessity.
+- **Mealie**: A self-hosted recipe manager and meal planner with a clean user interface.
+- **Stirling-PDF**: A powerful, locally hosted web application for editing, merging, and converting PDF files.
+- **CyberChef**: The "Cyber Swiss Army Knife" for data analysis, decoding, and encryption tasks.
+- **Linkding**: A simple, fast, and minimalist bookmark manager.
+- **Mazanoke**: A utility service for image processing, specialized in format conversion and downgrading/optimization.
+- **Eleakxir**: A private search engine for exploring data wells (parquet files) with a modern web interface.
+- **SSH**: Secure remote access configuration for server management. (via browser too)
+- **Security related stuff**: Cloudflared, Fail2Ban, Firewall