{ config, pkgs, secret, ... }:

{
	imports = [
		./hardware-configuration.nix
		./nginx.nix
	];
	networking = {
		hostName = "mio";
		interfaces.ens18 = {
			useDHCP = false;
			ipv4.addresses = [{
				address = "66.78.40.227";
				prefixLength = 24;
			}];
		};
		defaultGateway = "66.78.40.1";
		nameservers = ["1.1.1.1"];
	};
	
	services.openssh.enable = true;
	boot.tmp.cleanOnBoot = true;
	zramSwap.enable = true;

	system.stateVersion = "25.05";
	services.yggdrasil.persistentKeys = true;

	marzban = {
		env = {
			UVICORN_HOST = "mio.project-a.space";
			UVICORN_PORT = secret.marzban.port;
			SUDO_USERNAME = secret.marzban.sudo-username;
			SUDO_PASSWORD = secret.marzban.sudo-password;
			DOCS = true;
		};
		cert = true;
		domain = "mio.project-a.space";
		xray = import ../common/xray.nix {
			server-domain = "mio.project-a.space";
			port = secret.marzban.vless-port;
			dest = secret.marzban.dest;
			privateKey = secret.marzban.privateKey;
			shortId = secret.marzban.shortId;
			spiderX = secret.marzban.spiderX;
			sni = secret.marzban.sni;
		};
	};

	networking.firewall.allowedTCPPorts = [ secret.marzban.port secret.marzban.vless-port ];
}