{
  config,
  lib,
  pkgs,
  ...
}:
let
  generatedAliases = pkgs.writeText "generated-aliases" (
    lib.concatStringsSep "\n" (
      lib.mapCartesianProduct
        ({ aliases, domain }: "${aliases}@${domain}  root@test.htw.stura-dresden.de")
        {
          aliases = [
            "abuse"
            "hostmaster"
            "noreply"
            "postmaster"
            "webmaster"
          ];
          domain = config.mailserver.domains;
        }
    )
  );

in
{
  imports = [
    ./hardware-configuration.nix
  ];

  networking.hostName = "git";
  networking.domain = "test.htw.stura-dresden.de";
  networking.interfaces.ens18.ipv4.addresses = [
    {
      address = "167.235.225.23";
      prefixLength = 32;
    }
  ];

  networking.interfaces.ens18.ipv6.addresses = [
    {
      address = "2a01:4f8:c012:6bd7::1";
      prefixLength = 32;
    }
  ];
  networking.defaultGateway.address = "172.31.1.1";
  networking.nameservers = [
    "9.9.9.9"
    "1.1.1.1"
  ];

  services.openssh.enable = true;
  services.forgejo = {
    enable = true;
    settings = {
      
      server = {
        PROTOCOL = "http+unix";
        HTTP_ADDR = "/var/run/forgejo.sock";
        ROOT_URL = "https://${config.networking.fqdn}";
      };
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts."git.htw.stura-dresden.de" = {
      locations."/" = {
        recommendedProxySettings = true;
        proxyWebsockets = true;
        proxyPass = "http://unix:/var/run/forgejo.sock";
      };
    };
  };

  # virtualisation.docker.enable = true;
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "cert@stura.htw-dresden.de";

  networking.firewall.allowedTCPPorts = [
    25
    80
    443
    597
  ];

  system.stateVersion = "24.11";

}