nix-config/hosts/vps1/default.nix

{ config, lib, self, ... }:

{
  imports = [
    self.inputs.authentik-nix.nixosModules.default
    ./hardware-configuration.nix
    ../server.nix
  ];

  nixpkgs.hostPlatform = "x86_64-linux";

  networking = {
    hostId = "08bf6db3";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22    # SSH
      ];
    };
  };

  users = {
    users = {
      jellyfin = {
        isSystemUser = true;
        group = "jellyfin";
        shell = "/bin/sh";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
        ];
      };
      root = {
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
        ];
      };
    };
    groups = {
      jellyfin = { };
    };
  };

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  age.secrets."files/services/authentik/envfile" = {
    file = "${self.inputs.secrets}/files/services/authentik/envfile.age";
  };

  services.authentik = {
    enable = true;
    environmentFile = config.age.secrets."files/services/authentik/envfile".path;
    settings = {
      disable_startup_analytics = true;
      disable_update_check = true;
    };
    nginx = {
      enable = true;
      enableACME = true;
      host = "auth.vimium.com";
    };
  };

  modules = rec {
    databases.postgresql.enable = true;
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home"
          "/var/lib"
          "/var/www"
        ];
        repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
      };
      coturn = {
        enable = true;
        realm = "turn.vimium.com";
        matrixIntegration = true;
      };
      gitea.enable = true;
      headscale.enable = true;
      matrix = {
        enable = true;
        bridges = {
          signal = true;
          whatsapp = true;
        };
        usePostgresql = databases.postgresql.enable;
      };
      nginx.enable = true;
      photoprism.enable = true;
    };
  };

  system.stateVersion = "22.11";
}