nixcfg/hosts/vps/configuration.nix

{ pkgs, hostname, user, lib, ... }: {

  imports = [
    ./hardware-configuration.nix
  ];

  hardware.disko.enable = true;

  programs.nix-ld.enable = true;
  common.services.appimage.enable = true;


  systemd.services.arion = {
    enable = true;
    serviceConfig = {
      Restart = "on-failure";
    };
  };

  vps = {
    dufs.enable = true;
    nextcloud.enable = false;
    pairdrop.enable = true;
    syncthing.enable = true;
    vpn.enable = true;
  };

  sops = {
    age.keyFile = "/etc/nixos/sops/age/keys.txt";
    defaultSopsFile = ../../secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
  };

  services.caddy = {
    enable = true;
    extraConfig = ''
      fs.nmd.mov {
        reverse_proxy localhost:5000
      }
      vpn.nmd.mov {
        reverse_proxy localhost:51821
      }
      s.nmd.mov {
        reverse_proxy localhost:8384
      }
      drop.nmd.mov {
        reverse_proxy localhost:3000
      } 
      dot.nmd.mov {
        reverse_proxy localhost:4400
      }
    '';
  };


  networking.useDHCP = lib.mkForce false;
  services.cloud-init = {
    enable = true;
    network.enable = true;
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "yes";
      PasswordAuthentication = false;
    };
  };



  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };



  networking.hostName = "vps";




  time.timeZone = "Asia/Kuwait";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_GB.UTF-8";
    LC_IDENTIFICATION = "en_GB.UTF-8";
    LC_MEASUREMENT = "en_GB.UTF-8";
    LC_MONETARY = "en_GB.UTF-8";
    LC_NAME = "en_GB.UTF-8";
    LC_NUMERIC = "en_GB.UTF-8";
    LC_PAPER = "en_GB.UTF-8";
    LC_TELEPHONE = "en_GB.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };


  services.printing.enable = false;

  nixpkgs.config.allowUnfree = true;


  environment.systemPackages = with pkgs; [
    neovim
    git
    zsh
    arion
    sops
  ];


  networking.firewall.enable = false;
  networking.firewall.allowedTCPPorts = [
    22
    80
    443
    5000
    4400
    3000
    8384
    22000
    51821
  ];
  networking.firewall.allowedUDPPorts = [
    22000
    21027
    51820
  ];
  system.stateVersion = "24.05";

}