{ config, lib, ... }: {
  # Generated by nixos-infect
  networking.domain = "";
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi"
  ];

  # Generated by nixos-infect
  networking = {
    nameservers = [ "8.8.8.8" ];
    defaultGateway = "172.31.1.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "eth0";
    };
    dhcpcd.enable = false;
    usePredictableInterfaceNames = lib.mkForce false;
    interfaces = {
      eth0 = {
        ipv4.addresses = [{
          address = "178.156.207.225";
          prefixLength = 32;
        }];
        ipv6.addresses = [
          {
            address = "2a01:4ff:f0:7ccc::1";
            prefixLength = 64;
          }
          {
            address = "fe80::9000:6ff:fe59:7a8b";
            prefixLength = 64;
          }
        ];
        ipv4.routes = [{
          address = "172.31.1.1";
          prefixLength = 32;
        }];
        ipv6.routes = [{
          address = "fe80::1";
          prefixLength = 128;
        }];
      };

    };
  };
  services.udev.extraRules = ''
    ATTR{address}=="92:00:06:59:7a:8b", NAME="eth0"
  '';

  # User-generated
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];

  security.acme = {
    acceptTerms = true;
    defaults.email = "lucas@priime.dev";
    certs = {
      "priime.dev" = {
        webroot = "/var/lib/acme/priime.dev";
        email = "lucas@priime.dev";
        group = "nginx";
        extraDomainNames = [ "www.priime.dev" ];
      };
      "files.priime.dev" = {
        webroot = "/var/lib/acme/files.priime.dev";
        email = "lucas@priime.dev";
        group = "nginx";
      };
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "priime.dev" = {
        default = true;
        forceSSL = true;
        useACMEHost = "priime.dev";
        serverAliases = [ "www.priime.dev" ];
        acmeRoot = "/var/lib/acme/priime.dev";
        locations."/" = {
          root = "/var/www/site";
          index = "index.html";
          tryFiles = "$uri $uri.html $uri/ /404.html";
        };
      };
      "files.priime.dev" = {
        forceSSL = true;
        useACMEHost = "files.priime.dev";
        acmeRoot = "/var/lib/acme/files.priime.dev";
        locations."/" = {
          root = "/var/lib/files.priime.dev";
          extraConfig = ''
            autoindex on;
            autoindex_exact_size off;
            autoindex_localtime on;
          '';
        };
      };
      "git.priime.dev" = {
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          client_max_body_size 512M;
        '';
        locations."/".proxyPass = "http://localhost:3000";
      };
    };
  };
}