{ config, inputs, lib, ... }: with lib; { imports = [ ./mailserver.nix ./webserver.nix ]; nixfiles.modules = { nsd = { enable = true; fqdn = "ns1.${config.networking.domain}"; }; unbound.enable = true; wireguard.server.enable = true; acme.enable = true; monitoring.enable = true; postgresql.enable = true; git.server = { enable = true; domain = "git.${my.domain.azahi}"; }; gotify.enable = true; matrix.dendrite = { enable = true; domain = my.domain.azahi; }; murmur.enable = true; radicale.enable = true; rss-bridge.enable = true; shadowsocks.enable = true; soju = { enable = true; domain = my.domain.azahi; }; vaultwarden.enable = true; }; # To play old LAN games with the boys. secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70"; networking = mkIf config.nixfiles.modules.wireguard.server.enable { wireguard.interfaces.wg70 = { ips = ["10.70.0.1/16"]; listenPort = 7070; privateKeyFile = config.secrets."wireguard-private-key-70".path; peers = [ { publicKey = "@PUBLIC_KEY@"; allowedIPs = ["10.70.1.1/32"]; } { publicKey = "@PUBLIC_KEY@"; allowedIPs = ["10.70.1.2/32"]; } { publicKey = "@PUBLIC_KEY@"; allowedIPs = ["10.70.1.3/32"]; } { publicKey = "@PUBLIC_KEY@"; allowedIPs = ["10.70.1.4/32"]; } ]; }; firewall.allowedUDPPorts = [7070]; }; boot = { loader.grub = { enable = true; device = "/dev/sda"; }; initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" ]; }; fileSystems = { "/" = { device = "/dev/sda2"; fsType = "xfs"; options = ["noatime"]; }; "/boot" = { device = "/dev/sda1"; fsType = "xfs"; options = ["noatime"]; }; }; swapDevices = [ { device = "/dev/sda3"; } ]; zramSwap = { enable = true; memoryPercent = 25; }; }