{ pkgs, ... }: let rootDomain = "lgmrszd.xyz"; gtnhDomain = "gtnh.${rootDomain}"; discDomain = "discource.testdrive.${rootDomain}"; akkoDomain = "akko.testdrive.${rootDomain}"; iceDomain = "ice.testdrive.${rootDomain}"; in { imports = [ ./hardware-configuration.nix ]; programs.fish.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "lgm-vps1"; networking.domain = "contaboserver.net"; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.openssh = { enable = true; ports = [ 37163 ]; settings.PermitRootLogin = "no"; settings.PasswordAuthentication = false; }; services.endlessh-go = { enable = true; openFirewall = true; port = 22; }; users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { enable = true; virtualHosts.${rootDomain} = { # addSSL = true; forceSSL = true; default = true; enableACME = true; root = "/var/www/todo"; }; virtualHosts.${gtnhDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/gtnh"; }; virtualHosts.${discDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; virtualHosts.${akkoDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; virtualHosts.${iceDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; }; security.acme = { acceptTerms = true; defaults.email = "lgmrszd@disroot.org"; certs.${rootDomain} = { extraDomainNames = [ gtnhDomain akkoDomain iceDomain discDomain ]; }; }; programs.mosh.enable = true; environment.systemPackages = with pkgs; [ git vim ]; users.users.lgm = { isNormalUser = true; description = "lgm"; extraGroups = [ "wheel""docker"]; shell = pkgs.fish; openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos'']; }; system.stateVersion = "23.11"; }