Made it work

modules/common.nix

@@ -1,23 +1,22 @@
 { pkgs, ... }:
 
 {
-	imports = [
-		./modules/smalls/bootmode.nix
-	];
-
+	# Basic services
 	services.locate.enable  = true;
 	services.printing.enable = true;
 
-	# nix fun
+	# Nix fun
 	nixpkgs.config.allowUnfree = true;
 	nix.settings.experimental-features = ["flakes" "nix-command"];
 	time.timeZone = "Europe/Berlin";
 
+	programs.nix-ld.enable = true;
+
 	environment = {
 		sessionVariables = {
 			NIXOS_OZONE_WL = "1";
 			QTWEBENGINE_CHROMIUM_FLAGS="--blink-settings=darkModeEnabled=true";
-			QT_QPA_PLATFORMTHEME = "qt6ct"; # kvantum for dolphin and qt for sioyek??
+			QT_QPA_PLATFORMTHEME = "qt6ct";
 			WLR_NO_HARDWARE_CURSORS= "1";
 			QT_STYLE_OVERRIDE = "kvantum";
 			QT_QPA_PLATFORM="xcb";
@@ -31,16 +30,14 @@
 			lazygit
 			unzip
 
-			# everywhere support
+			# Everywhere support
 			starship
 			zoxide
 			kdePackages.qtsvg
 
-			# add sync support
+			# Add sync support
 			rsync
 			flock
-
-			# curl for scripting
 			curl
 		];
 		pathsToLink = [
@@ -55,32 +52,15 @@
 	};
 
 	fonts.packages = with pkgs; [
-	   nerd-fonts.fira-code
-	   nerd-fonts.droid-sans-mono
-		noto-fonts
-		noto-fonts-cjk-sans
-		noto-fonts-emoji
-		fira-code
-		fira-code-symbols
+		nerd-fonts.fira-code
 	];
 
-
 	i18n.defaultLocale = "en_US.UTF-8";
 	console = {
 		font = "Lat2-Terminus16";
 		keyMap = "us";
 	};
 
-	services.displayManager.ly = {
-		enable = true;
-		settings = {
-			clock = "%c";
-			box_title = "HahnComp";
-			clear_password = true;
-			default_input = "password";
-		};
-	};
-
 	programs.zsh = {
 		enable = true;
 		autosuggestions.enable = true;
@@ -96,13 +76,4 @@
 			];
 		};
 	};
-
-	# In case of gui usage
-	programs = {
-		hyprland.enable = true;
-		hyprlock.enable = true;
-		nix-ld.enable = true;
-		firefox.enable = true;
-	};
-
 }

modules/hardware/battery.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ config, lib, ... }:
 
 let
 	inherit (lib) mkOption types;
@@ -8,22 +8,8 @@ in
 	options.batMode = mkOption {
 		type = types.enum [ "single" "double" ];
 		default = "single";
-		description = "Select 'single' for one battery and 'double' for dual setup";
 	};
 
-	# Dont run a tandem with tlp
-	#options.services.auto-cpufreq.enable = true;
-	#options.services.auto-cpufreq.settings = {
-	#	battery = {
-	#		governor = "powersave";
-	#		turbo = "never";
-	#	};
-	#	charger = {
-	#		governor = "performance";
-	#		turbo = "auto";
-	#	};
-	#};
-
 	config = {
 		powerManagement.powertop.enable = true;
 		services.upower = {
@@ -34,7 +20,6 @@ in
 			percentageCritical = 20;
 			percentageAction = 10;
 
-			#percentageAction = "PowerOff";
 			criticalPowerAction = "PowerOff"; # This can destroy work
 			usePercentageForPolicy = true;
 		};
@@ -42,33 +27,20 @@ in
 		services.tlp = if config.batMode == "single" then {
 			enable = true;
 			settings = {
-				#Optional helps save long term battery health
-				# Going almost full because the other bat is also charged
-				# 0 NEW first
 				START_CHARGE_THRESH_BAT0 = 65;
 				STOP_CHARGE_THRESH_BAT0 = 85;
 
 				CPU_SCALING_GOVERNOR_ON_AC = "performance";
-				#CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-
-				#CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
 				CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
 
 				CPU_MIN_PERF_ON_AC = 0;
 				CPU_MAX_PERF_ON_AC = 100;
 				CPU_MIN_PERF_ON_BAT = 0;
 				CPU_MAX_PERF_ON_BAT = 65;
-
-
 			};
 		} else {
 			enable = true;
 			settings = {
-				# Have to keep it this way or
-				# Otherwise the buil in stop at 5% stops worky
-				# The problem is here that only the second battery gets seen from the charging cap
-				# Workaround. Just charge the battery when you use it and then turn manually the battery off
-				# I mean it is the state you generate now that you can use on any laptop. so
 				CPU_SCALING_GOVERNOR_ON_AC = "performance";
 				CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
 
@@ -80,11 +52,11 @@ in
 				CPU_MIN_PERF_ON_BAT = 0;
 				CPU_MAX_PERF_ON_BAT = 75;
 
-				# 0 NEW first
+				# 0 is first
 				START_CHARGE_THRESH_BAT0 = 60;
 				STOP_CHARGE_THRESH_BAT0 = 85;
 
-				# 1 OLD second
+				# 1 is second
 				START_CHARGE_THRESH_BAT1 = 60;
 				STOP_CHARGE_THRESH_BAT1 = 85;
 			};

modules/hardware/bootmode.nix

@@ -1,28 +0,0 @@
-{ config, lib, ... }:
-
-let
-  inherit (lib) mkOption types;
-in
-{
-  options.bootMode = mkOption {
-    type = types.enum [ "uefi" "legacy" ];
-    default = "uefi";
-    description = "Select boot mode: 'uefi' or 'legacy'.";
-  };
-
-  config = {
-    boot.consoleLogLevel = 0;
-    boot.kernelParams = [ "quiet" "udev.log_level=3" ];
-
-    boot.loader = if config.bootMode == "uefi" then {
-      efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
-      timeout = 0;
-    } else {
-      grub.enable = true;
-      grub.device = "/dev/sda"; # <- replace with actual target disk
-      timeout = 0;
-    };
-  };
-}
-

modules/hardware/gaming.nix

@@ -1,20 +0,0 @@
-{ pkgs, ... }:
-
-{
-	########## TEsting
-	
-	# Load nvidia driver for Xorg and Wayland
-	services.steam.enable = true;
-	services.xserver.videoDrivers = ["nvidia"];
-
-	# Enable OpenGL
-	# Optional nvidia
-	hardware.graphics = {
-		enable = true;
-	};
-
-	hardware.nvidia = {
-		modesetting.enable = true;
-		open = false;
-	};
-};

modules/hardware/nvidia.nix

@@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+	hardware.graphics = {
+		enable = true;
+	};
+	services.xserver.videoDrivers = ["nvidia"];
+	nixpkgs.config.cudaSupport = true;
+	hardware.enableAllFirmware = true;
+	hardware.nvidia = {
+		modesetting.enable = true;
+		powerManagement.enable = false;
+		open = false;
+		nvidiaSettings = true;
+		package = config.boot.kernelPackages.nvidiaPackages.stable;
+	};
+}

modules/hardware/virt.nix

@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-{
-  # Enable common container config files in /etc/containers
-	#  virtualisation.containers.enable = true;
-	#  virtualisation = {
-	#    podman = {
-	#      enable = true;
-	#	 dockerSocket.enable = true;
-	#      dockerCompat = true;
-	#      defaultNetwork.settings.dns_enabled = true;
-	#    };
-	#  };
-	#
-	#  # Useful other development tools
-	#  environment.systemPackages = with pkgs; [
-	#    dive # look into docker image layers
-	#    podman-tui # status of containers in the terminal
-	#    docker-compose # start group of containers for dev
-	#  ];
-	virtualisation.docker.enable = true;
-}

modules/hardware/workstation.nix

@@ -1,58 +0,0 @@
-{ pkgs, ... }:
-
-{
-	# Experiments with services
-	systemd = {
-		timers."sync-manage-hourly" = {
-			enable = false;
-			wantedBy = [ "timers.target" ];
-			timerConfig = {
-				OnBootSec = "10s";              # Start 10 seconds after boot
-				OnUnitActiveSec = "1h";         # Repeat every hour
-				Unit = "sync-manage.service";   # Points to the service unit
-			};
-		};
-		services = { 
-			"shutdown-script" = {
-				enable = false;
-				description = "Run custom script on shutdown";
-				after = [ "shutdown.target" ];  # Ensure it runs during shutdown
-				script = "/home/jonas/projects/scripts/check_git.sh";  # Specify the path to your script
-				serviceConfig = {
-					Type = "oneshot";
-					User = "jonas";  # Run as jonas
-					WorkingDirectory = "/home/jonas";  # Set working directory to jonas' home
-					execStop = "/home/jonas/projects/scripts/check_git.sh";  # Specify the path to your script
-					# To ensure the script finishes before the system powers off
-					TimeoutStopSec = "30";  # You can adjust this if necessary
-				};
-				# To ensure the script finishes before the system powers off
-			};
-			"sync-manage" = {
-				script = ''
-					# Run the script from jonas' home directory
-					/home/jonas/projects/scripts/sync_manage.sh
-				'';
-				serviceConfig = {
-					Type = "oneshot";
-					User = "jonas";  # Run as jonas
-					WorkingDirectory = "/home/jonas";  # Set working directory to jonas' home
-				};
-			};
-			"sync-manage-shutdown" = {
-				enable = false;
-				script = ''
-					# Check if the system is connected to Wi-Fi
-					/home/jonas/projects/scripts/sync_manage.sh
-				'';
-				serviceConfig = {
-					Type = "oneshot";
-					User = "jonas";  # Run as jonas
-					ExecStop = "/usr/bin/true";
-					RemainAfterExit = true;
-				};
-			};
-		};
-	};
-}
-

modules/hardware/xremap.nix

@@ -0,0 +1,39 @@
+{ inputs, ... }:
+
+{
+	imports = [
+		inputs.xremap-flake.nixosModules.default
+	];
+
+	services.xremap = {
+		withHypr = true;
+		userName = "jonas";
+		config = {
+			modmap = [
+				{
+					name = "Capslock to esc and ctrl";
+					remap = {
+						"CAPSLOCK" = {
+							"alone" = "ESC";
+							"held" = "CTRL_L";
+						};
+						"ESC" = "CAPSLOCK";
+					};
+				}
+				{
+					name = "Switch super and alt";
+					remap = {
+						"SUPER_L" = {
+							"alone" = "ALT_L";
+							"held" = "ALT_L";
+						};
+						"ALT_L" = {
+							"alone" = "SUPER_L";
+							"held" = "SUPER_L";
+						};
+					};
+				}
+			];
+		};
+	};
+}

modules/other/xremap.nix

@@ -1,64 +0,0 @@
-{ pkgs, inputs, ... }:
-
-{
-	imports = [
-		inputs.xremap-flake.nixosModules.default
-	];
-
-	services.xremap = {
-		withHypr = true;
-		userName = "jonas";
-		config = {
-		#--------------- INFO -----------------
-		# For the MOD2- part, the following prefixes can be used (also case-insensitive):
-		# Shift: SHIFT-
-		# Control: C-
-		# Alt: M-
-		# Windows: SUPER-
-		# You can use multiple prefixes like C-M-Shift-a.
-		# You may also suffix them with _L or _R (case-insensitive) so that remapping is triggered only on a left or right modifier, e.g. Ctrl_L-a.
-		#
-		# KEYS: https://github.com/emberian/evdev/blob/2d020f11b283b0648427a2844b6b980f1a268221/src/scancodes.rs#L26-L572
-			modmap = [
-				{
-					name = "Capslock -> Esc and Ctrl";
-					remap = {
-						"CAPSLOCK" = {
-							"alone" = "ESC";
-							"held" = "CTRL_L";
-							"alone_timeout_millis"= 1000;
-						};
-						"ESC" = "CAPSLOCK";
-						# Disable this
-						"CTRL_L" = {
-							"alone" = "RESERVED";
-							"held" = "RESERVED";
-						};
-					};
-				}
-				{
-					name = "Switch Super and Alt";
-					remap = {
-						"SUPER_L" = {
-							"alone" = "ALT_L";
-							"held" = "ALT_L";
-						};
-						"ALT_L" = {
-							"alone" = "SUPER_L";
-							"held" = "SUPER_L";
-						};
-					};
-				}
-			];
-			#keymap = [
-			#	{
-					#name = "Remove the key next to z on a german keyboard";
-					#remap = {
-					#"103ND" = "RESERVED";
-					#};
-					# For the cutting key KEY_SYSRQ RIGHTALT for altGR
-			#	}
-			#];
-		};
-	};
-}

modules/server/collabora.nix

@@ -1,55 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-	# setup collabora config declaratively
-	systemd.services.nextcloud-config-collabora = let
-		inherit (config.services.nextcloud) occ;
-
-		wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
-		public_wopi_url = "https://cool.hahn1.one";
-		wopi_allowlist = lib.concatStringsSep "," [
-			"127.0.0.1"
-			"::1"
-		];
-	in {
-		wantedBy = ["multi-user.target"];
-		after = ["nextcloud-setup.service" "coolwsd.service"];
-		requires = ["coolwsd.service"];
-		script = ''
-			${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-			${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-			${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-			${occ}/bin/nextcloud-occ richdocuments:setup
-			'';
-		serviceConfig = {
-			Type = "oneshot";
-			User = "nextcloud";
-		};
-	};
-
-	# setup the collabora server
-	services.collabora-online = {
-		enable = true;
-		port = 9980; # default
-		settings = {
-			# Rely on reverse proxy for SSL
-			ssl = {
-				enable = false;
-				termination = true;
-
-				# this is for dev purposes
-				# can be enabled in production when there is a real certificate
-				ssl_verification = true;
-			};
-
-			# Listen on loopback interface only, and accept requests from ::1
-			net = {
-				listen = "loopback";
-				post_allow.host = ["::1"];
-			};
-
-			# Set FQDN of server
-			server_name = "cool.hahn1.one";
-		};
-	};
-}

modules/server/ddclient.nix

@@ -1,16 +0,0 @@
-{ pkgs, config, lib, inputs,  ...}:
-
-{
-
-	imports =
-		[
-			#inputs.sops-nix.nixosModules.sops
-		];
-
-	# also one can access the path and then cat it
-	services.ddclient = {
-		enable = true;
-		configFile = config.sops.templates."ddclient-temp".path;
-	};
-
-}

modules/server/default.nix

@@ -1,20 +0,0 @@
-{ pkgs, config, lib, inputs,  ...}:
-let
-	thisDir = ./.;
-	nixFiles = builtins.attrNames (builtins.readDir thisDir);
-	moduleFiles = builtins.filter (name: builtins.match ".*\\.nix" name != null && name != "default.nix") nixFiles;
-	modules = builtins.map (name: thisDir + "/${name}") moduleFiles;
-in {
-	# Import all the old modules
-	imports = modules;
-
-
-	############ TEMP Module inputs
-
-
-	# Got from here https://nixos.wiki/wiki/OpenLDAP#Setting_up_a_server_with_SSL_certs_via_ACME
-
-
-
-}
-

modules/server/email.nix

@@ -0,0 +1,25 @@
+{ ... }: {
+	imports = [
+		(builtins.fetchTarball {
+			url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
+			sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85";
+		})
+	];
+
+	mailserver = {
+		enable = true;
+		fqdn = "mail.hahn1.one";
+		domains = [ "hahn1.one" ];
+
+		# A list of all login accounts. To create the password hashes, use
+		# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+		loginAccounts = {
+			"jonas@hahn1.one" = {
+				hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
+				aliases = ["postmaster@hahn1.one" "j@hahn1.one"];
+			};
+		};
+
+		certificateScheme = "acme-nginx";
+	};
+}

modules/server/monitor.nix

@@ -1,144 +0,0 @@
-  # MONITORING: services run on loopback interface
-  #             nginx reverse proxy exposes services to network
-
-{ config, lib, pkgs, ... }:
-
-let 
-	grafana_port = 7000;
-in {
-	# Logging metrics
-	# Disable loki
-	services.loki = {
-		enable = false;
-		configuration = {
-			server.http_listen_port = 3100;
-			auth_enabled = false;
-
-			ingester = {
-				lifecycler = {
-					address = "127.0.0.1";
-					ring = {
-						kvstore = {
-							store = "inmemory";
-						};
-						replication_factor = 1;
-					};
-				};
-				chunk_idle_period = "1h";
-				max_chunk_age = "1h";
-				chunk_target_size = 999999;
-				chunk_retain_period = "30s";
-			};
-
-			schema_config = {
-				configs = [{
-					store = "tsdb";
-					object_store = "filesystem";
-					schema = "v13";
-					index = {
-						prefix = "index_";
-						period = "24h";
-					};
-				}];
-			};
-
-			storage_config = {
-				tsdb_shipper = {
-					active_index_directory = "/var/lib/loki/tsdb-shipper-active";
-					cache_location = "/var/lib/loki/tsdb-shipper-cache";
-					cache_ttl = "24h";
-				};
-
-				filesystem = {
-					directory = "/var/lib/loki/chunks";
-				};
-			};
-
-			limits_config = {
-				reject_old_samples = true;
-				reject_old_samples_max_age = "168h";
-			};
-
-
-			table_manager = {
-				retention_deletes_enabled = false;
-				retention_period = "0s";
-			};
-
-			compactor = {
-				working_directory = "/var/lib/loki";
-				compactor_ring = {
-					kvstore = {
-						store = "inmemory";
-					};
-				};
-			};
-		};
-	};
-
-	# Disable
-	services.promtail = {
-		enable = false;
-		configuration = {
-			server = {
-				http_listen_port = 3031;
-				grpc_listen_port = 0;
-			};
-			positions = {
-				filename = "/tmp/positions.yaml";
-			};
-			clients = [{
-				url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
-			}];
-			scrape_configs = [{
-				job_name = "journal";
-				journal = {
-					max_age = "12h";
-					labels = {
-						job = "systemd-journal";
-						host = "misox";
-					};
-				};
-				relabel_configs = [{
-					source_labels = [ "__journal__systemd_unit" ];
-					target_label = "unit";
-				}];
-			}];
-		};
-	};
-
-	# System metrics
-	services.prometheus = {
-		enable = true;
-		exporters = {
-			node = {
-				enable = true;
-				enabledCollectors = [ "systemd" "tcpstat" "processes" "interrupts" ];
-				port = 9100;
-			};
-		};
-		#globalConfig.scrape_interval = "1m";
-		scrapeConfigs = [{
-			job_name = "node";
-			static_configs = [{
-				targets = [
-					"localhost:${toString config.services.prometheus.exporters.node.port}"
-				];
-			}];
-		}];
-	};
-
-	# Dashboard
-	services.grafana = {
-		enable = true;
-		settings = {
-			server = {
-				http_addr = "127.0.0.1";
-				http_port = 3000;
-				domain = "grafana.misox";
-				#root_url = "http://misox:${toString grafana_port}/";
-			};
-		};
-	};
-}
-

modules/server/networking.nix

@@ -1,50 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-	networking.hostName = "misox"; # Define your hostname.
-
-
-	#	networking.interfaces.eno1 = {
-
-		# Assign a static IPv6 address (same as your example)
-		#		ipv6.addresses = [
-		#			{
-		#				address = "2003:ca:7f20:cf00:dd2d:ebde:44e6:7eca";  # Static IPv6 address
-		#				prefixLength = 64;  # Prefix length (usually 64)
-		#			}
-		#		];
-		#
-		# Enable temporary addresses (privacy addresses) as well
-		#ipv6.useTempAddresses = true;
-	#};
-
-	# The ping behind fritzbox still does not work
-	networking.enableIPv6 = true;
-	networking.firewall.allowedTCPPorts = [
-		# Opening ssh and the web
-		22
-
-		80
-		443
-
-
-		############
-		# Jonas Stuff
-
-		# LifeDash Deploy
-		8000  
-	];
-
-
-
-	# Rewrite for local host support
-	# to make this global you need to confifure a custom dns
-	networking.hosts = {
-		"127.0.0.1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"];
-		"::1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"];
-		#"127.0.0.1" = ["nextcloud.misox" "default.misox" "grafana.misox" "collabora.misox"];
-		#"::1" = ["nextcloud.misox" "grafana.misox" "default.misox" "collabora.misox"];
-	};
-
-	networking.networkmanager.wifi.powersave = false;
-}

modules/server/nginx.nix

@@ -1,107 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-	security.acme = {
-		acceptTerms = true;
-		defaults.email = "jonashahn1@gmx.net";
-		#defaults.dnsProvider = "route53";
-		#defaults.dnsResolver = "2606:4700:4700::1111";
-		certs = {
-			"cloud.hahn1.one" = {
-				webroot = "/var/lib/acme/.challenges";
-				group = "nginx";
-			};
-		};
-	};
-	users.users.nginx.extraGroups = [ "acme" ];
-
-	# Setting the port for nextcloud
-	services.nginx = let
-		# support for local vars
-		mkDevCert = name: commonName:
-			pkgs.runCommandLocal "${name}-dev-cert" { buildInputs = [ pkgs.openssl ]; } ''
-			mkdir -p $out
-			openssl req -x509 -newkey rsa:4096 -keyout $out/key.pem -out $out/cert.pem -days 3650 -nodes \
-			-subj "/CN=${commonName}"
-			'';
-
-		# dev certs
-		# collaboraCert = mkDevCert "collabora-misox-cert" "collabora.misox";
-		# nextCert = mkDevCert "nextcloud-misox-cert" "nextcloud.misox";
-		# defCert = mkDevCert "default-misox-cert" "misox";
-
-		# default domain to use in the configuration
-		domain = "hahn1.one";
-	in {
-		# enable nginx
-		enable = true;
-		recommendedProxySettings = true;
-		recommendedOptimisation = true;
-		recommendedGzipSettings = true;
-
-		# setup virtual hosts
-		virtualHosts = {
-			# Expose nextcloud
-			# this is how to setup a dev cert route with ssl
-			#"${config.services.nextcloud.hostName}" = {
-			#	enableACME = false;
-			#	forceSSL = true;
-
-			#	sslCertificate = "${nextCert}/cert.pem";
-			#	sslCertificateKey = "${nextCert}/key.pem";
-			#};
-
-			"${config.services.nextcloud.hostName}" = {
-				enableACME = true;
-				addSSL = true;
-			};
-
-			"grafana.${domain}" = {
-				enableACME = true;
-				addSSL = true;
-
-				# this is to create a default listener
-				#listen = [{ addr = "0.0.0.0"; port = grafana_port;}];
-				locations."/" = {
-					proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
-					proxyWebsockets = true;
-				};
-			};
-			"acmechallenge.${domain}" = {
-				# Catchall vhost, will redirect users to HTTPS for all vhosts
-				serverAliases = [ "*.example.com" ];
-				locations."/.well-known/acme-challenge" = {
-					root = "/var/lib/acme/.challenges";
-				};
-				locations."/" = {
-					return = "301 https://$host$request_uri";
-				};
-			};
-			"cool.${domain}" = {
-				enableACME = true;
-				addSSL = true;
-
-
-				locations."/" = {
-					proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
-					proxyWebsockets = true;
-				};
-			};
-			# This is the last and therefor occupies the http://misox?
-			# NO!
-			"${domain}" = {
-				default = true;
-				enableACME = true;
-				addSSL = true;
-
-				locations."/" = {
-					root = "${pkgs.nginx}/html";
-					index = "index.html";
-				};
-
-			};
-		};
-	};
-
-}
-

modules/server/services.nix

@@ -1,114 +0,0 @@
-{ pkgs, config, lib, inputs,  ...}:
-
-{
-	# figure out how this works
-	services.openldap = {
-		enable = true;
-
-		/* enable plain connections only */
-		urlList = [ "ldap:///" ];
-
-
-		settings = {
-			attrs = {
-				olcLogLevel = "conns config";
-			};
-
-			children = {
-				"cn=schema".includes = [
-					"${pkgs.openldap}/etc/schema/core.ldif"
-					"${pkgs.openldap}/etc/schema/cosine.ldif"
-					"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
-				];
-
-				"olcDatabase={1}mdb".attrs = {
-					objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
-
-					olcDatabase = "{1}mdb";
-					olcDbDirectory = "/var/lib/openldap/data";
-
-					olcSuffix = "dc=example,dc=com";
-
-					/* your admin account, do not use writeText on a production system */
-					olcRootDN = "cn=admin,dc=example,dc=com";
-					olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
-
-					olcAccess = [
-						/* custom access rules for userPassword attributes */
-						''{0}to attrs=userPassword
-				by self write
-				by anonymous auth
-				by * none''
-
-						/* allow read on anything else */
-						''{1}to *
-				by * read''
-					];
-				};
-			};
-		};
-	};
-
-	# Enable all the old services on gullfoss
-	services.postgresql = {
-		enable = true;
-		ensureDatabases = [ "mydatabase" ];
-		authentication = pkgs.lib.mkOverride 10 ''
-	  #type database  DBuser  auth-method
-	  local all       all     trust
-		'';
-	};
-
-	# TODO: need to configure this
-	services.samba = {
-		enable = true;
-		openFirewall = true;
-		settings = {
-			global = {
-				"workgroup" = "WORKGROUP";
-				"server string" = "smbnix";
-				"netbios name" = "smbnix";
-				"security" = "user";
-				#"use sendfile" = "yes";
-				#"max protocol" = "smb2";
-				# note: localhost is the ipv6 localhost ::1
-				"hosts allow" = "192.168.0. 127.0.0.1 localhost";
-				"hosts deny" = "0.0.0.0/0";
-				"guest account" = "nobody";
-				"map to guest" = "bad user";
-			};
-			"public" = {
-				"path" = "/mnt/Shares/Public";
-				"browseable" = "yes";
-				"read only" = "no";
-				"guest ok" = "yes";
-				"create mask" = "0644";
-				"directory mask" = "0755";
-				"force user" = "username";
-				"force group" = "groupname";
-			};
-			"private" = {
-				"path" = "/mnt/Shares/Private";
-				"browseable" = "yes";
-				"read only" = "no";
-				"guest ok" = "no";
-				"create mask" = "0644";
-				"directory mask" = "0755";
-				"force user" = "username";
-				"force group" = "groupname";
-			};
-		};
-	};
-
-	services.samba-wsdd = {
-		enable = true;
-		openFirewall = true;
-	};
-
-	services.cron = {
-		enable = true;
-		systemCronJobs = [
-			"*/5 * * * *      root    date >> /tmp/cron.log"
-		];
-	};
-}

modules/services/mail.nix

@@ -1,21 +0,0 @@
-{ config, ... }: {
-  services.postfix = {
-    enable = true;
-    relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
-    sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
-    sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
-    config = {
-      transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
-      local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
-    };
-  };
-  services.mailman = {
-    enable = true;
-    serve.enable = true;
-    hyperkitty.enable = true;
-    webHosts = ["lists.example.org"];
-    siteOwner = "mailman@example.org";
-  };
-  services.nginx.virtualHosts."lists.example.org".enableACME = true;
-	#networking.firewall.allowedTCPPorts = [ 25 80 443 ];
-}

modules/services/realmail.nix

@@ -1,51 +0,0 @@
-{ config, pkgs, ... }: {
-  imports = [
-    (builtins.fetchTarball {
-      # Pick a release version you are interested in and set its hash, e.g.
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz";
-      # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
-      # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
-      sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85";
-    })
-  ];
-
-	mailserver = {
-		enable = true;
-		fqdn = "mail.hahn1.one";
-		domains = [ "hahn1.one" ];
-
-		# A list of all login accounts. To create the password hashes, use
-		# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
-		loginAccounts = {
-			"jonas@hahn1.one" = {
-				# mail4jonas
-				hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
-				aliases = ["postmaster@hahn1.one" "j@hahn1.one"];
-			};
-			"security@hahn1.one" = {
-				# mail4jonas
-				hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C";
-				aliases = ["sec@hahn1.one"];
-			};
-			"christiane@hahn1.one" = {
-				# mail4jonas
-				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
-				aliases = ["ch@hahn1.one"];
-			};
-			"horst@hahn1.one" = {
-				# mail4jonas
-				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
-				aliases = ["ho@hahn1.one"];
-			};
-			"theo@hahn1.one" = {
-				# mail4jonas
-				hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q";
-				aliases = ["th@hahn1.one"];
-			};
-		};
-
-		# Use Let's Encrypt certificates. Note that this needs to set up a stripped
-		# down nginx and opens port 80.
-		certificateScheme = "acme-nginx";
-	};
-}