{ config, lib, ... }: with lib; { imports = [ ./mailserver ./webserver.nix ]; nixfiles.modules = { nsd = { enable = true; fqdn = "ns1.${config.networking.domain}"; }; unbound.enable = true; wireguard.server.enable = true; acme.enable = true; monitoring.enable = true; postgresql.enable = true; clickhouse.enable = true; git.server = { enable = true; domain = "git.${my.domain.azahi}"; }; matrix.dendrite = { enable = true; domain = my.domain.azahi; }; murmur.enable = true; radicale.enable = true; rss-bridge.enable = true; shadowsocks.enable = true; soju = { enable = true; domain = my.domain.azahi; }; vaultwarden.enable = true; ntfy.enable = true; plausible.enable = true; }; # A VPN to play old LAN games with the boys. # secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70"; # networking = mkIf config.nixfiles.modules.wireguard.server.enable { # wireguard.interfaces.wg70 = { # ips = ["10.70.0.1/16"]; # listenPort = 7070; # privateKeyFile = config.secrets."wireguard-private-key-70".path; # peers = [ # { # publicKey = "@PUBLIC_KEY@"; # allowedIPs = ["10.70.1.1/32"]; # } # { # publicKey = "@PUBLIC_KEY@"; # allowedIPs = ["10.70.1.2/32"]; # } # { # publicKey = "@PUBLIC_KEY@"; # allowedIPs = ["10.70.1.3/32"]; # } # { # publicKey = "@PUBLIC_KEY@"; # allowedIPs = ["10.70.1.4/32"]; # } # ]; # }; # firewall.allowedUDPPorts = [7070]; # }; boot = { loader.grub = { enable = true; device = "/dev/sda"; }; initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" ]; }; fileSystems = { "/" = { device = "/dev/sda2"; fsType = "xfs"; options = ["noatime"]; }; "/boot" = { device = "/dev/sda1"; fsType = "xfs"; options = ["noatime"]; }; }; swapDevices = [ { device = "/dev/sda3"; } ]; zramSwap = { enable = true; memoryPercent = 25; }; }