{pkgs,lib,...}:
{

  
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443 22 ];
  };

  services.openssh = {
    enable = true;
  };

  services.jellyfin = {
    enable = true;
  };

  services.gitea = {
    enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = 8001;
	DOMAIN = "dhilton.xyz";
	ROOT_URL = "https://git.dhilton.xyz";
	ENABLE_PUSH_CREATE_USER = true;
      };
    };
  };

  services.gitea-actions-runner.instances.home = {
    enable = true;
    url = "https://git.dhilton.xyz";
    name = "nixsrv";
    token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
    labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"];
  };

  services.home-assistant = {
    enable = true;
    extraComponents = ["wiz" "fail2ban"];
    config = {
    default_config={};
    "automation ui" = "!include automations.yaml";
      http = {
	use_x_forwarded_for="true";
	trusted_proxies=["127.0.0.1"];
      	server_port=8003;
      };
    };
  };


  services.ntfy-sh = {
    enable = true;
    settings = { 
      listen-http = ":8004";
      auth-file = "/var/lib/ntfy.db";
      auth-default-access = "read-only";
      base-url = "https://ntfy.dhilton.xyz";
    };
  };

  services.searx = {
    enable=true;
    settings = { server.port = 8005; server.secret_key = "secretlol";};
  };

  services.fail2ban = {
    enable=true;
  };

  virtualisation.docker = {
    enable = true;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };

  services.nginx.virtualHosts = {

    "dhilton.xyz" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/dhilton";
    };

    "git.dhilton.xyz" = {
        enableACME = true;
        forceSSL = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8001";
	  proxyWebsockets = true;
	};
     };

    "ntfy.dhilton.xyz" = {
        forceSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8004";
	  proxyWebsockets = true;
	};
     };

    "jel.dhilton.xyz" = {
        forceSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8096";
	  proxyWebsockets = true;
	};
     };

    "puf.dhilton.xyz" = {
        forceSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8002";
	  proxyWebsockets = true;
	};
     };

    "srx.dhilton.xyz" = {
        forceSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8005";
	  proxyWebsockets = true;
	};
     };

    "hom.dhilton.xyz" = {
        forceSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8003";
	  proxyWebsockets = true;
	};
     };
  };


  security.acme = {
    acceptTerms = true;
    defaults.email = "markers711@gmail.com";
  };
}