volpe/nix/configuration.nix

{
  inputs,
  realSrc,
  ...
}: {
  imports = [
    ./hardware-configuration.nix
    ./module.nix
  ];

  nix.settings.experimental-features = ["nix-command" "flakes"];
  nix.settings.trusted-users = ["root" "cyberian"];

  swapDevices = [
    {
      device = "/swapfile";
      size = 2 * 1024; # 2GB
    }
  ];

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  system.stateVersion = "24.11";

  users.users.cyberian = {
    isNormalUser = true;
    extraGroups = ["wheel"];
  };
  security.sudo.wheelNeedsPassword = false;

  services.qemuGuest.enable = true;
  services.acpid.enable = true;

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };

  services.volpe = {
    enable = true;
    domain = "volpe.jan-leila.com";
    extraDomains = [
      "blog.jan-leila.com"
      # command to get this value: `sudo cat /var/lib/tor/onion/volpe/hostname`
      "7qygixvjhk3mlcrvos4x4dxjlqrp5rh7ih267qewidotibskg3w3srad.onion.onion"
    ];
    enableACME = true;
    acmeEmail = "leyla@jan-leila.com";
    sourcePath = realSrc;
  };

  services.tor = {
    enable = true;
    enableGeoIP = false;
    relay.onionServices = {
      volpe = {
        version = 3;
        map = [
          {
            port = 80;
            target = {
              addr = "[::1]";
              port = 80;
            };
          }
        ];
      };
    };
    settings = {
      ClientUseIPv4 = true;
      ClientUseIPv6 = true;
      ClientPreferIPv6ORPort = true;
    };
  };

  system.autoUpgrade = {
    enable = true;
    flake = inputs.self.outPath;
    flags = ["--update-input" "nixpkgs" "--update-input" "volpe"];
    dates = "04:00";
    randomizedDelaySec = "45min";
    allowReboot = false;
  };

  services.snowflake-proxy = {
    enable = true;
    capacity = 100;
  };
}