{pkgs,lib,...}:
{
  services.openssh = {
    enable = true;
  };

  services.jellyfin = {
    enable = true;
  };

  services.gitea = {
    enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = 8001;
	DOMAIN = "dhilton.xyz";
	ROOT_URL = "https://git.dhilton.xyz";
      };
    };
  };

  services.gitea-actions-runner.instances.home = {
    enable = true;
    url = "https://git.dhilton.xyz";
    name = "nixsrv";
    token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
    labels = ["ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" "native:host"];
  };

  services.pufferpanel = {
    enable = true;
    extraGroups =["docker"];
    extraPackages = [pkgs.jre];
    environment = {
      PUFFER_WEB_HOST = ":8002";
      PUFFER_PANEL_REGISTRATIONENABLED = "false";
    };
  };

  services.home-assistant = {
    enable = true;
    extraComponents = ["wiz" "fail2ban" "whisper" "piper" "wyoming"];
    config = {
    default_config={};
      http = {
	use_x_forwarded_for="true";
	trusted_proxies=["127.0.0.1"];
      	server_port=8003;
      };
    };
  };

  services.ntfy-sh = {
    enable = true;
    settings = { 
      listen-http = ":8004";
      auth-file = "/var/lib/ntfy.db";
      auth-default-access = "read-only";
      base-url = "https://ntfy.dhilton.xyz";
    };
  };

  services.searx = {
    enable=true;
    settings = { server.port = 8005; server.secret_key = "secretlol";};
  };

  networking.domain = "dhilton.xyz";

  services.postgresql.enable = true;

  services.akkoma.enable = true;
  services.akkoma.config = {
  ":pleroma" = {
    ":instance" = {
      name = "dhilton fedi";
      description = "dhilton akkoma server";
      email = "markers711@gmail.com";
      registration_open = false;
      };

    "Pleroma.Web.Endpoint" = {
      url.host = "fed.dhilton.xyz";
      };
    };
  };

  services.akkoma.nginx = {
    enableACME = true;
    forceSSL = true;
  };

  services.fail2ban = {
    enable=false;
  };

  virtualisation.docker = {
    enable = true;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };

  services.nginx.virtualHosts = {

    "dhilton.xyz" = {
      enableACME = true;
      forceSSL = true;
      root = "/var/www/dhilton";
    };

    "git.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8001";
	  proxyWebsockets = true;
	};
     };

    "ntfy.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8004";
	  proxyWebsockets = true;
	};
     };

    "jel.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8096";
	  proxyWebsockets = true;
	};
     };

    "puf.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8002";
	  proxyWebsockets = true;
	};
     };

    "srx.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8005";
	  proxyWebsockets = true;
	};
     };

    "hom.dhilton.xyz" = {
        addSSL = true;
        enableACME = true;
	locations."/" = {
          proxyPass = "http://127.0.0.1:8003";
	  proxyWebsockets = true;
	};
     };
  };


  security.acme = {
    acceptTerms = true;
    defaults.email = "markers711@gmail.com";
  };
}