initial commit

configuration.nix

@@ -0,0 +1,60 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    ./modules/caddy.nix
+    ./modules/forgejo.nix
+    ./modules/mail.nix
+    ./modules/searx.nix
+    ./modules/matrix.nix
+    ./modules/minecraft.nix
+    ./modules/monitoring.nix
+    # Impure Secrets
+    ./secrets/secrets.nix
+  ];
+
+  # ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports)
+
+
+  # Bootloader
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.efiInstallAsRemovable = true;
+
+  # Networking
+  networking.hostName = "extremist-software";
+  networking.firewall.allowedTCPPorts = [ 80 443 25565 ]; # HTTP, HTTPS, Minecraft
+  networking.firewall.allowedUDPPorts = [ 25565 ];      # Minecraft
+
+  # Tailscale
+  services.tailscale.enable = true;
+  # We assume the user will authenticate manually or via a one-time key service
+  # For now, let's enable it and allow the user to run `tailscale up` or provision via key
+  
+  # Users
+  users.users.root.openssh.authorizedKeys.keys = [
+    # User should add their key here
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5..." 
+  ];
+
+  # SSH - Secure it
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "prohibit-password";
+  };
+
+  # System
+  system.stateVersion = "24.05";
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nixpkgs.config.allowUnfree = true; # Allow unfree packages (Minecraft, etc.)
+
+  # Time
+  time.timeZone = "UTC";
+
+  # ZRAM for limited RAM
+  zramSwap.enable = true;
+  zramSwap.memoryPercent = 50; 
+
+  # Secrets handled via ./secrets/secrets.nix import
+}