{ inputs, config, ... }: let hostname = "dnsc-vps-sm"; secretsDir = "${inputs.self}/secrets"; in { flake.nixosConfigurations.${hostname} = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = with config.flake.modules.nixos; [ inputs.agenix.nixosModules.default home-manager base server-shell git ssh cli-tools nix restic caddy vaultwarden uptime-kuma homepage actual-server memos ( { config, lib, ... }: { imports = [ ./_hardware-configuration.nix ./_networking.nix ]; networking.hostName = hostname; networking.hostId = "e5d5a602"; networking.domain = "dnsc.io"; networking.firewall = { enable = true; allowedTCPPorts = [ 22 80 443 ]; }; system.stateVersion = "24.11"; boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 systemd.services.NetworkManager-wait-online.enable = false; # Secrets for this machine age = { identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."vaultwarden/env" = { file = "${secretsDir}/vaultwarden/env.age"; }; secrets."restic/password" = { file = "${secretsDir}/restic/password.age"; }; secrets."forgejo/mail-password" = { file = "${secretsDir}/forgejo/mail-password.age"; }; }; # Custom Module Options restic.repository = "sftp:dnsc-storage:restic/dnsc-server"; restic.backupPaths = [ "/var/backup/vaultwarden" "/var/lib/vaultwarden" "/var/lib/actual-server" "/var/lib/memos" "/var/lib/uptime-kuma" ]; } ) ]; }; }