{config, ...}: {
  imports = [
    ./networking.nix # network configuration that just works
    ./hardware.nix
  ];

  sils = {
    gallery = {
      enable = true;
      domain = "gallery.s-schoeffel.de";
    };
  };

  vhack = {
    back = {
      enable = true;
      domain = "issues.foss-syndicate.org";
      settings = {
        scan_path = "${config.services.gitolite.dataDir}/repositories";
        project_list = "${config.services.gitolite.dataDir}/projects.list";
      };
    };
    backup = {
      enable = true;
      privateSshKey = ./secrets/backup/backupssh.age;
      privatePassword = ./secrets/backup/backuppass.age;
      user = "u384702-sub3";
    };
    dns = {
      enable = true;
      openFirewall = true;
      interfaces = [
        "185.16.61.132"
        "2a03:4000:a:106::1"
      ];
      zones = import ../../../zones {};
    };
    etesync = {
      enable = true;
      secretFile = ./secrets/etesync/secret_file.age;
    };
    fail2ban.enable = true;
    git-server = {
      enable = true;
      domain = "git.foss-syndicate.org";
      gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
    };
    invidious-router = {
      enable = true;
      domain = "invidious-router.vhack.eu";
      extraDomains = [
        "video.fosswelt.org"
        "invidious-router.sils.li"
      ];
    };
    mail = {
      enable = true;
      fqdn = "mail.foss-syndicate.org";
    };
    stalwart-mail = {
      enable = true;
      fqdn = "mail.vhack.eu";
      admin = "admin@vhack.eu";
      security = {
        dkimKeys = let
          loadKey = name: {
            dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}/public");
            dkimPrivateKeyPath = ./secrets/dkim + "/${name}/private.age";
            keyAlgorithm = "ed25519-sha256";
          };
        in {
          "mail.vhack.eu" = loadKey "vhack.eu";
        };
        verificationMode = "strict";
      };
      openFirewall = true;
      principals = [
        {
          class = "individual";
          name = "soispha";
          secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
          email = [
            "soispha@vhack.eu"
            "abuse@vhack.eu"
            "postmaster@vhack.eu"
            "admin@vhack.eu"
          ];
        }
      ];
    };
    nginx = {
      enable = true;
      redirects = {
        "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server";
        "source.vhack.eu" = "https://source.foss-syndicate.org";
      };
    };
    nixconfig.enable = true;
    openssh.enable = true;
    persist = {
      enable = true;
      directories = [
        "/var/log"
      ];
    };
    redlib.enable = true;
    rust-motd.enable = true;
    users.enable = true;
  };

  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.hostName = "server2";
  networking.domain = "vhack.eu";

  system.stateVersion = "24.11";
}