diff --git a/configurations/host/waffentrager/services/auth/default.nix b/configurations/host/waffentrager/services/auth/default.nix
index 616a9a2..e133ac9 100644
--- a/configurations/host/waffentrager/services/auth/default.nix
+++ b/configurations/host/waffentrager/services/auth/default.nix
@@ -3,61 +3,12 @@ let
   cfg = config.waffentragerService.auth;
 in
 {
-  options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
   imports =
     [
       ./samba.nix
     ];
-  config = lib.mkIf cfg.enable
+  config = 
     {
-      waffentragerService.elements.enable = true;
-      waffentragerService.nginx.enable = true;
-
-
-      security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
-
-      systemd.services.resolvconf.enable = false;
-      networking.hosts = {
-        "${materusArg.ips.wireguard.waffentrager}" = [
-          materusArg.waffentrager.samba.domain
-          "${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
-          materusArg.waffentrager.samba.netbiosName
-        ];
-      };
-      environment.etc = {
-        resolvconf = {
-          text = ''
-            search ${materusArg.waffentrager.samba.domain}
-            nameserver ${materusArg.waffentrager.samba.dnsIp}
-            nameserver 9.9.9.9
-          '';
-        };
-      };
-
-      systemd.timers.rsync-acme = {
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnBootSec = "1min";
-          OnUnitActiveSec = "1h";
-          Unit = "rsync-acme.service";
-        };
-      };
-
-      systemd.services.rsync-acme = {
-        description = "Sync acme for samba";
-        path = [ pkgs.rsync ];
-        requires = [ "var-lib-mnt_acme.mount" ];
-        after = [ "var-lib-mnt_acme.mount" ];
-        serviceConfig.Type = "oneshot";
-        serviceConfig.RemainAfterExit = false;
-        script = ''
-          rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
-          rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
-          rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
-        '';
-      };
-
-
 
     };
 }
diff --git a/configurations/host/waffentrager/services/auth/samba.nix b/configurations/host/waffentrager/services/auth/samba.nix
index fb18aac..8bfa6e9 100644
--- a/configurations/host/waffentrager/services/auth/samba.nix
+++ b/configurations/host/waffentrager/services/auth/samba.nix
@@ -1,10 +1,11 @@
 { materusArg, config, lib, pkgs, ... }:
 {
   
+  options.waffentragerService.auth.samba.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable samba AD";
 
   config =
     let
-      cfg = config.waffentragerService.auth;
+      cfg = config.waffentragerService.auth.samba;
       sambaCfg = config.services.samba;
       servicePath = materusArg.waffentrager.samba.servicePath;
       smbToString = x:
@@ -86,6 +87,51 @@
             ${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
         '';
       };
+      environment.etc = {
+        resolvconf = {
+          text = ''
+            search ${materusArg.waffentrager.samba.domain}
+            nameserver ${materusArg.waffentrager.samba.dnsIp}
+            nameserver 9.9.9.9
+          '';
+        };
+      };
+      networking.hosts = {
+        "${materusArg.ips.wireguard.waffentrager}" = [
+          materusArg.waffentrager.samba.domain
+          "${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
+          materusArg.waffentrager.samba.netbiosName
+        ];
+      };
+      systemd.timers.rsync-acme = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnBootSec = "1min";
+          OnUnitActiveSec = "1h";
+          Unit = "rsync-acme.service";
+        };
+      };
+
+      systemd.services.rsync-acme = {
+        description = "Sync acme for samba";
+        path = [ pkgs.rsync ];
+        requires = [ "var-lib-mnt_acme.mount" ];
+        after = [ "var-lib-mnt_acme.mount" ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = false;
+        script = ''
+          rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
+          rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
+          rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
+        '';
+      };
+      waffentragerService.elements.enable = true;
+      waffentragerService.nginx.enable = true;
+
+
+      security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
+
+      systemd.services.resolvconf.enable = false;
     };
 
 }
diff --git a/configurations/host/waffentrager/services/default.nix b/configurations/host/waffentrager/services/default.nix
index e1e5fa7..f6ab806 100644
--- a/configurations/host/waffentrager/services/default.nix
+++ b/configurations/host/waffentrager/services/default.nix
@@ -16,5 +16,5 @@
   waffentragerService.gitea.enable = true;
   waffentragerService.nginx.enable = true;
   waffentragerService.nextcloud.enable = true;
-  waffentragerService.auth.enable = true;
+  
 }
\ No newline at end of file