{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; boot.loader.grub.enable = true; boot.initrd.luks.devices."cryptroot" = { device = "/dev/vda3"; preLVM = true; }; boot.loader.grub.device = "/dev/vda"; networking.hostName = "vps"; networking.networkmanager.enable = true; users.users.vps = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINXz5vcBi2+yGMhxlBXmb67/euntVyLI7BdTvuCZzax zedddiezxc@gmail.com" ]; shell = pkgs.fish; packages = with pkgs; [ tree ]; }; programs.fish.enable = true; programs.fish.interactiveShellInit = '' set -g fish_greeting "" fish_vi_key_bindings set -g fish_cursor_default block ''; security.sudo.wheelNeedsPassword = false; environment.systemPackages = with pkgs; [ vim wget git ]; security.acme = { acceptTerms = true; defaults.email = "zedddie@protonmail.com"; }; services.nginx.enable = true; security.acme.certs."zedddie.rs".group = "acme"; users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { virtualHosts = { "zedddie.rs" = { forceSSL = true; enableACME = true; root = "/var/www/main"; }; "git.zedddie.rs" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; }; }; "blog.zedddie.rs" = { forceSSL = true; enableACME = true; root = "/var/www/blog"; }; "xmpp.zedddie.rs" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:5280"; }; }; }; }; services.nginx.virtualHosts."fs.zedddie.rs" = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 50M; ''; locations."/" = { proxyPass = "http://127.0.0.1:5280"; proxyWebsockets = true; extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto https; ''; }; }; services.forgejo = { package = pkgs.forgejo-lts; enable = true; database.type = "postgres"; settings = { server = { DOMAIN = "git.zedddie.rs"; ROOT_URL = "https://git.zedddie.rs/"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3000; }; service.DISABLE_REGISTRATION = true; }; }; services.prosody.xmppComplianceSuite = false; users.users.prosody.extraGroups = [ "acme" ]; services.prosody = { enable = true; admins = [ "admin@zedddie.rs" ]; ssl = { cert = "/var/lib/acme/zedddie.rs/fullchain.pem"; key = "/var/lib/acme/zedddie.rs/key.pem"; }; modules = { pep = true; }; httpFileShare = { enable = true; domain = "fs.zedddie.rs"; }; virtualHosts."zedddie.rs" = { enabled = true; domain = "zedddie.rs"; ssl = { cert = "/var/lib/acme/zedddie.rs/fullchain.pem"; key = "/var/lib/acme/zedddie.rs/key.pem"; }; }; extraModules = [ "pubsub" "adhoc" ]; extraConfig = '' http_external_url = "https://fs.zedddie.rs/" trusted_proxies = { "127.0.0.1" } ''; }; environment.shellAliases = { zix = ''nix run "git+https://codeberg.org/zedddie/zix" --extra-experimental-features "nix-command flakes" --''; }; services.openssh = { enable = true; settings.KbdInteractiveAuthentication = false; settings.PasswordAuthentication = false; settings.PermitRootLogin = "no"; }; networking.firewall.allowedTCPPorts = [ 80 443 5222 5269 ]; system.stateVersion = "25.11"; }