{ pkgs, configs, ... }:
let
  Host = "vps1.tail807ea.ts.net";
in
{
  imports = [ ./gandicloud.nix ];

  environment.systemPackages = with pkgs; [
    neovim curl htop bottom fastfetch
    tailscale git 
  ];

  # Firewall 
  networking.firewall = {
    allowedTCPPorts = [ 80 443 ];
    allowedUDPPorts = [ 80 443 ];
  };

  # tailscale
  services.tailscale.enable = true;
  
  # fail2ban/ssh
  services.fail2ban.enable = true;
  services.openssh.listenAddresses = [
  {
    addr = "100.96.189.104";
    port = 22;
  }
  ];
  
  # nginx reverse proxy
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "audiobooks.geokkjer.eu" = {
        default = false;
        enableACME = true;
        addSSL = true;
        locations."/" = {
          proxyPass = "http://apps:8000";
          proxyWebsockets = true;
        };
      };
      "git.geokkjer.eu" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://apps:3000";
      };
    };
  };
  # acme let's encrypt
  security.acme = {
    acceptTerms = true;
    defaults = {
    email = "geokkjer@gmail.com";
    };
  };
}