nix-config/servers/lunasa/configuration.nix

{ modulesPath, pkgs, lib, ... }: {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

  networking.hostName = "lunasa";
  zramSwap.enable = true;
  services.openssh.enable = true;
  boot.tmp.cleanOnBoot = true;
  boot.loader.grub.device = "/dev/sda";
  boot.initrd.availableKernelModules =
    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
  boot.initrd.kernelModules = [ "nvme" ];
  fileSystems."/" = {
    device = "/dev/sda1";
    fsType = "ext4";
  };

  nix = {
    package = pkgs.nixVersions.nix_2_22;

    settings = {
      auto-optimise-store = lib.mkDefault true;
      experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
    };
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXWOPpEDdVUQEFLucXbxmOhW64QXbCu6lF8vRLlKyoT"
  ];

  networking.firewall.allowedTCPPorts = [
    80
    443
    25565 # minecraft
  ];

  services.syncplay = {
    enable = true;
    motd = "START SUCKING!!!!";
  };

  services.forgejo = {
    enable = true;
    lfs.enable = true;

    settings = {
      server = {
        DOMAIN = "git.nazrin.limited";
        ROOT_URL = "https://git.nazrin.limited/";
        HTTP_PORT = 3000;
      };

      service.DISABLE_REGISTRATION = true;
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
        ENABLE_PUSH_CREATE_ORG = true;
      };

      actions = {
        enabled = true;
        DEFAULT_ACTIONS_URL = "github";
      };
    };
  };

  services.caddy = {
    enable = true;
    email = "shadows@with.al";

    virtualHosts = {
      "git.nazrin.limited" = {
        extraConfig = ''
          reverse_proxy localhost:3000
        '';
      };

      "watch.with.al" = {
        extraConfig = ''
          reverse_proxy localhost:8999
        '';
      };
    };
  };

  services.tailscale.enable = true;
  networking.nftables = {
    enable = true;
    ruleset = ''
      table ip nat {
        chain PREROUTING {
          type nat hook prerouting priority dstnat; policy accept;
          iifname "enp1s0" tcp dport 25565 dnat to 100.66.105.22:25565
        }
      }
    '';
  };
  networking.nat = {
    enable = true;
    internalInterfaces = [ "enp1s0" ];
    externalInterface = "tailscale0";
    forwardPorts = [{
      destination = "100.66.105.22:25565";
      proto = "tcp";
      sourcePort = 25565;
    }];
  };

  system.stateVersion = "23.11";
}