diff --git a/host-registry.nix b/host-registry.nix
index ce95725f..e47bad6f 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -17,6 +17,7 @@ rec {
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzWhy2T7avsFf+ZS8R99kah2wPQs7MYWUP+t4VBi28a";
     pulsebert.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
+    samba = { };
     storage-ng.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
 
@@ -57,6 +58,7 @@ rec {
     };
     server7.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
+    storage = { };
 
   };
 
diff --git a/hosts/server7/containers/samba/default.nix b/hosts/server7/containers/samba/default.nix
new file mode 100644
index 00000000..071bc524
--- /dev/null
+++ b/hosts/server7/containers/samba/default.nix
@@ -0,0 +1,41 @@
+name:
+
+(import ../outer-defaults.nix name) // {
+
+  bindMounts."/srv/c3d2" = {
+    hostPath = "/srv/ceph/c3d2";
+    isReadOnly = true;
+  };
+
+  config = { config, pkgs, lib, ... }: {
+    imports = [ ../inner-defaults.nix ];
+
+    c3d2.hq.statistics.enable = true;
+
+    services.samba = {
+      enable = true;
+      enableNmbd = true;
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = storage
+        netbios name = storage
+        hosts allow = 172.20 172.22 172.22.99.146
+        hosts deny = 0.0.0.0/0
+        map to guest = Bad user
+      '';
+      shares = {
+        c3d2 = {
+          path = "/srv/c3d2";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+        };
+      };
+    };
+
+    networking.firewall.enable = false;
+  };
+
+}
diff --git a/hosts/server7/containers/storage/default.nix b/hosts/server7/containers/storage/default.nix
new file mode 100644
index 00000000..dbb28228
--- /dev/null
+++ b/hosts/server7/containers/storage/default.nix
@@ -0,0 +1,49 @@
+name:
+
+(import ../outer-defaults.nix name) // {
+
+  bindMounts."/srv/files" = {
+    hostPath = "/srv/ceph/c3d2/files";
+    isReadOnly = true;
+  };
+
+  config = { config, pkgs, lib, ... }: {
+    imports = [ ../inner-defaults.nix ];
+
+    c3d2.hq.statistics.enable = true;
+
+    services.nginx = {
+      enable = true;
+      package = pkgs.nginx.override {
+        modules = with pkgs.nginxModules; [ fancyindex ];
+      };
+      virtualHosts = {
+        "storage-ng.hq.c3d2.de".extraConfig = ''
+          server_name storage-ng.hq.c3d2.de;
+          return 301 $scheme://storage.hq.c3d2.de$request_uri;
+        '';
+
+        "storage.hq.c3d2.de" = {
+          default = true;
+          http2 = true;
+          # addSSL = true;
+          locations = {
+            "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
+            in {
+              alias = "/srv/files/";
+              extraConfig = ''
+                		auth_basic "Chaos";
+                		auth_basic_user_file ${authFile};
+                                fancyindex on;
+                                # autoindex on;
+                              '';
+            };
+          };
+        };
+      };
+    };
+
+    networking.firewall.enable = false;
+  };
+
+}
diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix
index 38a5541d..53936185 100644
--- a/hosts/storage-ng/configuration.nix
+++ b/hosts/storage-ng/configuration.nix
@@ -106,69 +106,12 @@ in {
     root = "/mnt/cephfs/c3d2/tftp";
   };
 
-  services.nginx = {
-    enable = true;
-    #modules = [ pkgs.nginxModules.nixfancyindex ];
-    package =
-      pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; };
-    virtualHosts = {
-      "storage-ng.hq.c3d2.de" = {
-        root = "/etc/nixos/www";
-        serverAliases = [ "storage" "storage2" "storageng" ];
-        http2 = true;
-        # addSSL = true;
-        locations = {
-          "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
-          in {
-            alias = "/mnt/cephfs/c3d2/files/";
-            extraConfig = ''
-              		auth_basic "Chaos";
-              		auth_basic_user_file ${authFile};
-                              fancyindex on;
-                              # autoindex on;
-                            '';
-          };
-        };
-      };
-    };
-  };
-
-  services.samba = {
-    enable = false; # samba is garbage
-    enableNmbd = true;
-    extraConfig = ''
-      workgroup = WORKGROUP
-      server string = storage
-      netbios name = storage
-      hosts allow = 172.20 172.22 172.22.99.146
-      hosts deny = 0.0.0.0/0
-      guest account = k-ot
-      map to guest = Bad user
-    '';
-    shares = {
-      c3d2 = {
-        path = "/mnt/cephfs/c3d2";
-        browseable = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "k-ot";
-        "force group" = "k-ot";
-      };
-    };
-  };
-
   /* # Open ports in the firewall.
      networking.firewall.allowedTCPPorts = [
        23
-       80
-       443
-       137 138 445 139 # samba
       ];
      networking.firewall.allowedUDPPorts = [
        69
-       137 138 445 139 # samba
       ];
   */