temp

hosts/modules/server/nextcloud.nix

@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+let
+    hostname = "cloud.anotherhadi.com";
+in
+{
+  services.nextcloud = {
+    enable = true;
+    hostName = hostname;
+    https = true;
+    config = {
+        adminUser = "jack";
+        adminpassFile = "/etc/nextcloud/adminpassFile";
+    };
+    settings = {
+        trusted_domains = [ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ];
+    };
+    nginx.recommendedHttpHeaders = true;
+  };
+  services.nginx.virtualHosts.${hostname} = {
+    forceSSL = true;
+    enableACME = true;
+  }
+}

hosts/modules/server/nginx.nix

@@ -0,0 +1,8 @@
+{config, ...}:{
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = ${config.var.git.email};
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}

hosts/modules/server/openssh.nix

@@ -0,0 +1,14 @@
+{
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = true;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 22 ];
+}

hosts/modules/server/security.nix

@@ -0,0 +1,7 @@
+{
+    networking.firewall.enable = true;
+    services.fail2ban = {
+        enable = true;
+        maxretry = 5;
+    };
+}

hosts/modules/server/vaultwarden.nix

@@ -0,0 +1,9 @@
+let
+
+in{
+    services.vaultwarden = {
+        enable = true;
+        config = ''
+        
+    }
+}