{ modulesPath, pkgs, lib, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; networking.hostName = "lunasa"; zramSwap.enable = true; services.openssh.enable = true; boot.tmp.cleanOnBoot = true; boot.loader.grub.device = "/dev/sda"; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; nix = { package = pkgs.nixVersions.nix_2_22; settings = { auto-optimise-store = lib.mkDefault true; experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXWOPpEDdVUQEFLucXbxmOhW64QXbCu6lF8vRLlKyoT" ]; networking.firewall.allowedTCPPorts = [ 80 443 1935 # the RTMP port for OwnCast 6667 # irc plaintext 25565 # minecraft ]; services.owncast = { enable = true; port = 8001; }; services.ergochat = { enable = true; settings = { accounts = { authentication-enabled = true; multiclient = { allowed-by-default = true; always-on = "opt-out"; auto-away = "opt-out"; enabled = true; }; registration = { allow-before-connect = true; bcrypt-cost = 4; email-verification = { enabled = false; }; enabled = true; throttling = { duration = "10m"; enabled = true; max-attempts = 30; }; }; }; channels = { default-modes = "+ntC"; registration = { enabled = true; }; }; datastore = { autoupgrade = true; path = "/var/lib/ergo/ircd.db"; }; history = { autoreplay-on-join = 0; autoresize-window = "3d"; channel-length = 2048; chathistory-maxmessages = 100; client-length = 256; enabled = true; restrictions = { expire-time = "1w"; grace-period = "1h"; query-cutoff = "none"; }; retention = { allow-individual-delete = false; enable-account-indexing = false; }; tagmsg-storage = { default = false; whitelist = [ "+draft/react" "+react" ]; }; znc-maxmessages = 2048; }; limits = { awaylen = 390; channellen = 64; identlen = 20; kicklen = 390; nicklen = 32; topiclen = 390; }; network = { name = "linacastellane"; }; server = { casemapping = "permissive"; check-ident = false; enforce-utf = true; enforce-utf8 = true; forward-confirm-hostnames = false; ip-cloaking = { enabled = false; }; ip-limits = { count = false; throttle = false; }; listeners = { ":6667" = { }; "127.0.0.1:8067" = { websocket = true; }; }; lookup-hostnames = false; max-sendq = "1M"; name = "chat.lina.cool"; relaymsg = { enabled = false; }; }; oper-classes = { "chat-moderator" = { title = "Chat Moderator"; capabilities = [ "kill" "ban" "nofakelag" "relaymsg" "vhosts" "sajoin" "samode" "snomasks" "roleplay" ]; }; "server-admin" = { title = "Server Admin"; extends = "chat-moderator"; capabilities = [ "rehash" "accreg" "chanreg" "history" "defcon" "massmessage" ]; }; }; opers = { admin = { class = "server-admin"; password = "$2a$04$uSnmJ2i4AVYR.z/kpCirsuNQGpFLUzsmIogK6qvc9mvf8UMDKjTPG"; }; }; }; }; services.caddy = { enable = true; email = "shadows@with.al"; virtualHosts = { "live.lina.cool" = { extraConfig = '' encode gzip reverse_proxy 127.0.0.1:8001 ''; }; "irc.lina.cool" = { extraConfig = '' handle /websocket { reverse_proxy 127.0.0.1:8067 } ''; }; }; }; services.tailscale.enable = true; networking.nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; iifname "enp1s0" tcp dport 25565 dnat to 100.66.105.22:25565 } } ''; }; networking.nat = { enable = true; internalInterfaces = [ "enp1s0" ]; externalInterface = "tailscale0"; forwardPorts = [{ destination = "100.66.105.22:25565"; proto = "tcp"; sourcePort = 25565; }]; }; system.stateVersion = "23.11"; }