{ pkgs, ... }:
let
  rootDomain = "lgm.6dcdb488.nip.io";
  gtnhDomain = "gtnh.${rootDomain}";
  akkoDomain = "akko.testdrive.${rootDomain}";
  iceDomain = "ice.testdrive.${rootDomain}";
in
{
  imports = [
    ./hardware-configuration.nix
    
    
  ];

  programs.fish.enable = true;

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.hostName = "lgm-vps1";
  networking.domain = "contaboserver.net";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  services.openssh = {
    enable = true;
    ports = [ 37163 ];
    settings.PermitRootLogin = "no";
    settings.PasswordAuthentication = false;
  };

  services.endlessh-go = {
    enable = true;
    openFirewall = true;
    port = 22;
  };

  users.users.nginx.extraGroups = [ "acme" ];

  services.nginx = {
    enable = true;
    virtualHosts.${gtnhDomain} = {
      # addSSL = true;
      forceSSL = true;
      # enableACME = true;
      useACMEHost = "lgm.6dcdb488.nip.io";
      root = "/var/www/gtnh";
    };
    virtualHosts.${akkoDomain} = {
      # addSSL = true;
      forceSSL = true;
      # enableACME = true;
      useACMEHost = "lgm.6dcdb488.nip.io";
      root = "/var/www/todo";
    };
    virtualHosts.${iceDomain} = {
      # addSSL = true;
      forceSSL = true;
      # enableACME = true;
      useACMEHost = "lgm.6dcdb488.nip.io";
      root = "/var/www/todo";
    };
    virtualHosts."acmechallenge.${rootDomain}" = {
      # Catchall vhost, will redirect users to HTTPS for all vhosts
      serverAliases = [ "*.${rootDomain}" ];
      locations."/.well-known/acme-challenge" = {
        root = "/var/lib/acme/.challenges";
      };
      locations."/" = {
        return = "301 https://$host$request_uri";
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "lgmrszd@disroot.org";
    certs.${rootDomain} = {
      group = "nginx";
      webroot = "/var/lib/acme/.challenges";
      extraDomainNames = [
        gtnhDomain
        akkoDomain
        iceDomain
      ];
    };
  };


  programs.mosh.enable = true;

  environment.systemPackages = with pkgs; [
    git
    vim
  ];
  
  users.users.lgm = {
    isNormalUser = true;
    description = "lgm";
    extraGroups = [ "wheel""docker"];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
  };

  system.stateVersion = "23.11";
}