{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ../../modules

    ./services/ankisyncd.nix
    ./services/gitea.nix
    ./services/invidious
    ./services/libreddit.nix
    ./services/nitter.nix
    ./services/sbruder.xyz
    ./services/torrent.nix
  ];

  sbruder = {
    nginx.hardening.enable = true;
    restic.system = {
      enable = true;
      extraExcludes = [
        "/var/lib/qbittorrent/download"
      ];
    };
    wireguard.home.enable = true;
  };

  networking.hostName = "okarin";

  system.stateVersion = "21.11";

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  services.postgresqlBackup = {
    enable = true;
    startAt = [ ]; # triggered by restic system backup
    location = "/var/lib/postgresql-backup";
  };
  systemd.services.restic-backups-system = {
    after = [ "postgresqlBackup.service" ];
    wants = [ "postgresqlBackup.service" ];
  };
}