{ config, pkgs, ... }:

let
  data = import ../../data.nix;
in
{
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect

    ../modules/common.nix
    ../modules/nix.nix
    ../modules/nginx.nix

    ./services/mailserver.nix
    ./services/gitea.nix
  ];

  boot.cleanTmpDir = true;
  zramSwap.enable = true;
  networking.hostName = "magenta";

  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;

  security.acme = {
    acceptTerms = true;
    defaults.email = "dmitriy@pleshevski.ru";
  };

  services.fail2ban = {
    enable = true;
    bantime-increment = {
      enable = true;
      factor = "4";
      maxtime = "48h";
    };
  };
}