{
  config,
  lib,
  this,
  ...
}:
with lib; {
  imports = [
    ./mailserver.nix
    ./webserver.nix
  ];

  nixfiles.modules = {
    nsd = {
      enable = true;
      fqdn = "ns1.${config.networking.domain}";
    };
    unbound.enable = true;

    wireguard.server.enable = true;

    acme.enable = true;

    monitoring.enable = true;

    gotify.enable = true;
    matrix.dendrite = {
      enable = true;
      domain = my.domain.azahi;
    };
    radicale.enable = true;
    rss-bridge.enable = true;
    shadowsocks.enable = true;
    soju = {
      enable = true;
      domain = my.domain.azahi;
    };
    vaultwarden.enable = true;
  };

  networking = let
    interface = "eth0";
  in {
    interfaces.${interface} = {
      ipv4.addresses = [
        {
          inherit (this.ipv4) address;
          prefixLength = 22;
        }
      ];

      ipv6.addresses = [
        {
          inherit (this.ipv6) address;
          prefixLength = 64;
        }
      ];
    };

    defaultGateway = {
      inherit interface;
      address = this.ipv4.gateway;
    };

    defaultGateway6 = {
      inherit interface;
      address = this.ipv6.gateway;
    };

    nat.externalInterface = interface;
  };

  boot = {
    loader.grub = {
      enable = true;
      device = "/dev/sda";
    };

    initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
  };

  fileSystems = {
    "/boot" = {
      device = "/dev/sda1";
      fsType = "xfs";
      options = ["noatime"];
    };

    "/" = {
      device = "/dev/sda2";
      fsType = "xfs";
      options = ["noatime"];
    };
  };

  swapDevices = [
    {
      device = "/dev/sda3";
    }
  ];

  zramSwap = {
    enable = true;
    memoryPercent = 25;
  };
}