{ system = "x86_64-linux"; nixpkgsStable = true; domain = "infra.zaphyra.eu"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFimeRkXE4Oa+IFpVBBMkIReDwjtRMQkTZY7HTGXN2yy"; hardware = { cpuVendor = "intel"; allowHibernation = false; }; networking = { ip4IsPrivate = false; ip4Address = "152.89.106.158"; ip4PrefixLength = 22; defaultGateway4 = "152.89.104.1"; ip6IsPrivate = false; ip6Address = "2a03:4000:39:e9a::1"; ip6PrefixLength = 64; defaultGateway6 = "fe80::1"; }; configuration = { inputs, config, pkgs, ... }: { boot.initrd.systemd.emergencyAccess = true; sops.secrets = { "resticEnv/novus" = { sopsFile = inputs.self.sopsSecrets.common; }; }; modules = { filesystem = { impermanence.system.enable = true; impermanence.home.enable = true; rootDisk = { enable = true; encrypt = true; type = "zfs"; path = "/dev/vda"; reservedSpace = "500M"; parts = { nix = true; }; swap = { enable = true; size = "2G"; }; }; }; presets = { base.enable = true; netcup.enable = true; zaphyra = { enable = true; syncthing.enable = false; dnsServer.enable = true; mailServer.enable = true; mautrixBridges.signal.enable = true; mautrixBridges.whatsapp.enable = true; mautrixBridges.telegram.enable = true; }; }; services = { resticBackup.targets = { novus = { repository = "rest:https://restic.novus.infra.zaphyra.eu"; environmentFile = config.sops.secrets."resticEnv/novus".path; }; }; }; websites = { "prometheus.infra.zaphyra.eu".enable = true; "grafana.infra.zaphyra.eu".enable = true; "zaphyra.eu".enable = true; "katja.wtf".enable = true; "git.zaphyra.eu".enable = true; "bikemap.zaphyra.eu".enable = true; "dav.zaphyra.eu".enable = true; "gts.zaphyra.eu".enable = true; "grapevine.zaphyra.eu".enable = true; "vault.zaphyra.eu".enable = true; "oeffi.zaphyra.eu".enable = true; "things.zaphyra.eu".enable = true; }; users.zaphyra.enable = true; }; system.stateVersion = "25.05"; home-manager.users.zaphyra.home.stateVersion = "25.05"; }; }