{ inputs, flake, self, }: { lib, pkgs, modulesPath, config, ... }: let xrayPort = 10086; in { # TODO: # white list # torent # rate limit # ping - game and speak imports = [ self.nixosModules.hectic inputs.sops-nix.nixosModules.sops ]; #hectic.services.matrix = { # enable = true; # secretsFile = config.sops.secrets."matrix/secrets".path; # turnSecretFile = config.sops.secrets."matrix/turn-secret".path; # publicIp = "188.137.254.58"; # postgresql = { # port = 5432; # initialEnvFile = config.sops.secrets."init-postgresql".path; # }; # matrixDomain = "accord.tube"; #}; services.xray = { enable = true; settingsFile = config.sops.secrets."config".path; }; users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOn1KflaIX1RU9YS/qLb0GInmndYxx2vTLZC9OA+eXZl'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKPbIJATVyAw7F7vBZbHkCODXFo5gvDyqhuU0gnNUNH'' ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ] ++ (if pkgs.stdenv.hostPlatform.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []); boot.initrd.kernelModules = ["nvme"]; disko.devices = { disk.vda = { device = lib.mkDefault "/dev/vda"; content = { type = "gpt"; partitions = { boot = { size = "1M"; type = "EF02"; priority = 1; }; root = { size = "100%"; content = { type = "filesystem"; format = "ext4"; mountpoint = "/"; }; }; }; }; }; }; hectic = { archetype.base.enable = true; archetype.dev.enable = true; }; sops = { gnupg.sshKeyPaths = [ ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../../../sus/bfs.xray.yaml; secrets."config" = {}; secrets."init-postgresql" = {}; #secrets."matrix/secrets" = {}; #secrets."matrix/turn-secret" = { # owner = "turnserver"; # group = "turnserver"; # mode = "0400"; #}; }; networking.firewall = { enable = true; allowedTCPPorts = [ xrayPort 8443 80 443 # for acme ]; }; environment.systemPackages = with pkgs; [ xray ]; }