{ config, lib, pkgs, ... }: let endpoint = "116.203.26.228"; in { networking = { domain = ".vapor.systems"; hostName = "mail"; dhcpcd.enable = false; interfaces.eth0 = { ipv4 = { addresses = [ { address = "116.203.26.228"; prefixLength = 32; } ]; routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; }; ipv6 = { addresses = [ { address = "2a01:4f8:1c1c:3ce7::1"; prefixLength = 64; } { address = "fe80::9000:6ff:fe53:14ce"; prefixLength = 64; } ]; routes = [ { address = "fe80::1"; prefixLength = 128; } ]; }; }; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; }; pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwt+/sB77NZnjwqgwtkcqKsIYyMnYh5qlqYoY9dLEd"; wireguard = { enable = true; inherit endpoint; v4 = { address = "10.10.0.6"; }; v6 = { address = "6"; }; publicKey = "lk0mN1R5Uf5iwvWe/4mOmrMap7xtsieQaJSHcXQ7+VY="; allowedIPs = [ ]; }; services.kopia = { enable = true; instances = { b2 = { enable = true; environmentFile = config.secrets.b2.dest; repository.b2.bucket = "mail-vapor-systems"; snapshots = { schedule = "daily"; paths = [ "/var/lib/stalwart-mail" ]; }; policy = [{ retention = { keepLatest = 5; keepDaily = 30; keepWeekly = 4; keepMonthly = 3; keepAnnual = 0; }; }]; }; }; }; secrets = { b2 = { source = ../../secrets/backup/mail.vapor.systems.env; dest = "/etc/secrets/b2.env"; }; }; deploy = { host = endpoint; sshUser = "audron"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; # System state version system.stateVersion = "25.05"; }