{ pkgs, ... }: { imports = [ ./hardware-configuration.nix ../../modules ./services/bang-evaluator.nix ./services/buchborgen.nix ./services/coturn.nix ./services/element-web.nix ./services/gitea.nix ./services/grafana.nix ./services/grocy.nix ./services/hedgedoc.nix ./services/invidious ./services/libreddit.nix ./services/matrix ./services/murmur.nix ./services/nitter.nix ./services/password-hash-self-service.nix ./services/prometheus.nix ./services/sbruder.xyz ./services/schabernack.nix ]; sbruder = { nginx.hardening.enable = true; restic.system = { enable = true; }; wireguard.home.enable = true; }; networking.hostName = "renge"; system.stateVersion = "21.11"; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."sbruder.de" = { enableACME = true; forceSSL = true; root = pkgs.sbruder.contact; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.postgresqlBackup = { enable = true; startAt = [ ]; # triggered by restic system backup location = "/var/lib/postgresql-backup"; }; systemd.services.restic-backups-system = { after = [ "postgresqlBackup.service" ]; wants = [ "postgresqlBackup.service" ]; }; }