95 files changed, 189 insertions, 8 deletions

diff --git a/modules/core/default.nix b/modules/core/default.nix
new file mode 100644
index 0000000..44da8e2
--- /dev/null
+++ b/modules/core/default.nix
@@ -0,0 +1,11 @@
+{
+  imports = [
+    ./hardware
+    ./networking
+    ./nix
+    ./security
+    ./software
+    ./variables
+    ./virtualisation
+  ];
+}
diff --git a/modules/hardware/bluetooth.nix b/modules/core/hardware/bluetooth.nix
index 9737504..9737504 100644
--- a/modules/hardware/bluetooth.nix
+++ b/modules/core/hardware/bluetooth.nix
diff --git a/modules/hardware/cpu.nix b/modules/core/hardware/cpu.nix
index 1ac3a27..1ac3a27 100644
--- a/modules/hardware/cpu.nix
+++ b/modules/core/hardware/cpu.nix
diff --git a/modules/hardware/default.nix b/modules/core/hardware/default.nix
index 167e7c7..167e7c7 100644
--- a/modules/hardware/default.nix
+++ b/modules/core/hardware/default.nix
diff --git a/modules/hardware/tpm.nix b/modules/core/hardware/tpm.nix
index b84551e..b84551e 100644
--- a/modules/hardware/tpm.nix
+++ b/modules/core/hardware/tpm.nix
diff --git a/modules/hardware/usb.nix b/modules/core/hardware/usb.nix
index f697761..f697761 100644
--- a/modules/hardware/usb.nix
+++ b/modules/core/hardware/usb.nix
diff --git a/modules/hardware/yubikey.nix b/modules/core/hardware/yubikey.nix
index 6bd4a5c..6bd4a5c 100644
--- a/modules/hardware/yubikey.nix
+++ b/modules/core/hardware/yubikey.nix
diff --git a/modules/networking/caddy.nix b/modules/core/networking/caddy.nix
index efba3f6..efba3f6 100644
--- a/modules/networking/caddy.nix
+++ b/modules/core/networking/caddy.nix
diff --git a/modules/networking/default.nix b/modules/core/networking/default.nix
index c26099c..c26099c 100644
--- a/modules/networking/default.nix
+++ b/modules/core/networking/default.nix
diff --git a/modules/networking/dhcpcd.nix b/modules/core/networking/dhcpcd.nix
index f46b657..f46b657 100644
--- a/modules/networking/dhcpcd.nix
+++ b/modules/core/networking/dhcpcd.nix
diff --git a/modules/networking/firewall/default.nix b/modules/core/networking/firewall/default.nix
index 074f398..074f398 100644
--- a/modules/networking/firewall/default.nix
+++ b/modules/core/networking/firewall/default.nix
diff --git a/modules/networking/firewall/fail2ban.nix b/modules/core/networking/firewall/fail2ban.nix
index 6311b14..6311b14 100644
--- a/modules/networking/firewall/fail2ban.nix
+++ b/modules/core/networking/firewall/fail2ban.nix
diff --git a/modules/networking/i2p.nix b/modules/core/networking/i2p.nix
index 8bca73e..8bca73e 100644
--- a/modules/networking/i2p.nix
+++ b/modules/core/networking/i2p.nix
diff --git a/modules/networking/ipv6.nix b/modules/core/networking/ipv6.nix
index 274c1ae..274c1ae 100644
--- a/modules/networking/ipv6.nix
+++ b/modules/core/networking/ipv6.nix
diff --git a/modules/networking/loopback.nix b/modules/core/networking/loopback.nix
index 62e745e..62e745e 100644
--- a/modules/networking/loopback.nix
+++ b/modules/core/networking/loopback.nix
diff --git a/modules/networking/networkmanager.nix b/modules/core/networking/networkmanager.nix
index 7ef0e04..7ef0e04 100644
--- a/modules/networking/networkmanager.nix
+++ b/modules/core/networking/networkmanager.nix
diff --git a/modules/networking/optimise.nix b/modules/core/networking/optimise.nix
index c6f2bec..c6f2bec 100644
--- a/modules/networking/optimise.nix
+++ b/modules/core/networking/optimise.nix
diff --git a/modules/networking/resolved.nix b/modules/core/networking/resolved.nix
index 82effbe..82effbe 100644
--- a/modules/networking/resolved.nix
+++ b/modules/core/networking/resolved.nix
diff --git a/modules/networking/tor.nix b/modules/core/networking/tor.nix
index dfbfb3a..dfbfb3a 100644
--- a/modules/networking/tor.nix
+++ b/modules/core/networking/tor.nix
diff --git a/modules/networking/upnp.nix b/modules/core/networking/upnp.nix
index 998592a..998592a 100644
--- a/modules/networking/upnp.nix
+++ b/modules/core/networking/upnp.nix
diff --git a/modules/networking/vpn/default.nix b/modules/core/networking/vpn/default.nix
index 92a11b0..92a11b0 100644
--- a/modules/networking/vpn/default.nix
+++ b/modules/core/networking/vpn/default.nix
diff --git a/modules/networking/vpn/pia.nix b/modules/core/networking/vpn/pia.nix
index d52dbf8..d52dbf8 100644
--- a/modules/networking/vpn/pia.nix
+++ b/modules/core/networking/vpn/pia.nix
diff --git a/modules/networking/vpn/tailscale.nix b/modules/core/networking/vpn/tailscale.nix
index 21f471a..21f471a 100644
--- a/modules/networking/vpn/tailscale.nix
+++ b/modules/core/networking/vpn/tailscale.nix
diff --git a/modules/nix/default.nix b/modules/core/nix/default.nix
index 6b605ee..6b605ee 100644
--- a/modules/nix/default.nix
+++ b/modules/core/nix/default.nix
diff --git a/modules/nix/extended.nix b/modules/core/nix/extended.nix
index 4e924cd..4e924cd 100644
--- a/modules/nix/extended.nix
+++ b/modules/core/nix/extended.nix
diff --git a/modules/nix/nh.nix b/modules/core/nix/nh.nix
index 5b54192..5b54192 100644
--- a/modules/nix/nh.nix
+++ b/modules/core/nix/nh.nix
diff --git a/modules/security/apparmor.nix b/modules/core/security/apparmor.nix
index 170838c..170838c 100644
--- a/modules/security/apparmor.nix
+++ b/modules/core/security/apparmor.nix
diff --git a/modules/security/audit.nix b/modules/core/security/audit.nix
index 9922213..9922213 100644
--- a/modules/security/audit.nix
+++ b/modules/core/security/audit.nix
diff --git a/modules/security/default.nix b/modules/core/security/default.nix
index 7a571a9..7a571a9 100644
--- a/modules/security/default.nix
+++ b/modules/core/security/default.nix
diff --git a/modules/security/doas.nix b/modules/core/security/doas.nix
index af717ca..af717ca 100644
--- a/modules/security/doas.nix
+++ b/modules/core/security/doas.nix
diff --git a/modules/security/kernel.nix b/modules/core/security/kernel.nix
index 62b2f28..62b2f28 100644
--- a/modules/security/kernel.nix
+++ b/modules/core/security/kernel.nix
diff --git a/modules/security/pam.nix b/modules/core/security/pam.nix
index b7eb426..b7eb426 100644
--- a/modules/security/pam.nix
+++ b/modules/core/security/pam.nix
diff --git a/modules/security/pki.nix b/modules/core/security/pki.nix
index b804fc5..b804fc5 100644
--- a/modules/security/pki.nix
+++ b/modules/core/security/pki.nix
diff --git a/modules/security/polkit.nix b/modules/core/security/polkit.nix
index 786d1a0..786d1a0 100644
--- a/modules/security/polkit.nix
+++ b/modules/core/security/polkit.nix
diff --git a/modules/security/sudo.nix b/modules/core/security/sudo.nix
index 6623b71..6623b71 100644
--- a/modules/security/sudo.nix
+++ b/modules/core/security/sudo.nix
diff --git a/modules/software/aagl.nix b/modules/core/software/aagl.nix
index b164edb..b164edb 100644
--- a/modules/software/aagl.nix
+++ b/modules/core/software/aagl.nix
diff --git a/modules/software/access/default.nix b/modules/core/software/access/default.nix
index 7db7629..7db7629 100644
--- a/modules/software/access/default.nix
+++ b/modules/core/software/access/default.nix
diff --git a/modules/software/access/gnupg.nix b/modules/core/software/access/gnupg.nix
index e60da30..e60da30 100644
--- a/modules/software/access/gnupg.nix
+++ b/modules/core/software/access/gnupg.nix
diff --git a/modules/software/access/mosh.nix b/modules/core/software/access/mosh.nix
index c9af5bf..c9af5bf 100644
--- a/modules/software/access/mosh.nix
+++ b/modules/core/software/access/mosh.nix
diff --git a/modules/software/access/ssh.nix b/modules/core/software/access/ssh.nix
index 665532f..665532f 100644
--- a/modules/software/access/ssh.nix
+++ b/modules/core/software/access/ssh.nix
diff --git a/modules/software/boot/default.nix b/modules/core/software/boot/default.nix
index 9fe77a0..9fe77a0 100644
--- a/modules/software/boot/default.nix
+++ b/modules/core/software/boot/default.nix
diff --git a/modules/software/boot/grub.nix b/modules/core/software/boot/grub.nix
index 3932713..3932713 100644
--- a/modules/software/boot/grub.nix
+++ b/modules/core/software/boot/grub.nix
diff --git a/modules/software/boot/systemd-boot.nix b/modules/core/software/boot/systemd-boot.nix
index b51a896..b51a896 100644
--- a/modules/software/boot/systemd-boot.nix
+++ b/modules/core/software/boot/systemd-boot.nix
diff --git a/modules/software/default.nix b/modules/core/software/default.nix
index f0de576..f0de576 100644
--- a/modules/software/default.nix
+++ b/modules/core/software/default.nix
diff --git a/modules/software/desktop/default.nix b/modules/core/software/desktop/default.nix
index bd2c811..bd2c811 100644
--- a/modules/software/desktop/default.nix
+++ b/modules/core/software/desktop/default.nix
diff --git a/modules/software/desktop/gtk.nix b/modules/core/software/desktop/gtk.nix
index 4357e75..4357e75 100644
--- a/modules/software/desktop/gtk.nix
+++ b/modules/core/software/desktop/gtk.nix
diff --git a/modules/software/desktop/xdg-portal.nix b/modules/core/software/desktop/xdg-portal.nix
index 72bcb97..72bcb97 100644
--- a/modules/software/desktop/xdg-portal.nix
+++ b/modules/core/software/desktop/xdg-portal.nix
diff --git a/modules/software/encryption.nix b/modules/core/software/encryption.nix
index 53a24bb..53a24bb 100644
--- a/modules/software/encryption.nix
+++ b/modules/core/software/encryption.nix
diff --git a/modules/software/gaming.nix b/modules/core/software/gaming.nix
index 675aee9..675aee9 100644
--- a/modules/software/gaming.nix
+++ b/modules/core/software/gaming.nix
diff --git a/modules/software/input.nix b/modules/core/software/input.nix
index 2d9f651..2d9f651 100644
--- a/modules/software/input.nix
+++ b/modules/core/software/input.nix
diff --git a/modules/software/locale.nix b/modules/core/software/locale.nix
index 8ebd49b..8ebd49b 100644
--- a/modules/software/locale.nix
+++ b/modules/core/software/locale.nix
diff --git a/modules/software/multimedia/audio/default.nix b/modules/core/software/multimedia/audio/default.nix
index f4e7f0a..f4e7f0a 100644
--- a/modules/software/multimedia/audio/default.nix
+++ b/modules/core/software/multimedia/audio/default.nix
diff --git a/modules/software/multimedia/audio/pipewire.nix b/modules/core/software/multimedia/audio/pipewire.nix
index 2824176..2824176 100644
--- a/modules/software/multimedia/audio/pipewire.nix
+++ b/modules/core/software/multimedia/audio/pipewire.nix
diff --git a/modules/software/multimedia/audio/wireplumber.nix b/modules/core/software/multimedia/audio/wireplumber.nix
index 970396f..970396f 100644
--- a/modules/software/multimedia/audio/wireplumber.nix
+++ b/modules/core/software/multimedia/audio/wireplumber.nix
diff --git a/modules/software/multimedia/default.nix b/modules/core/software/multimedia/default.nix
index 7bf261a..7bf261a 100644
--- a/modules/software/multimedia/default.nix
+++ b/modules/core/software/multimedia/default.nix
diff --git a/modules/software/multimedia/video/default.nix b/modules/core/software/multimedia/video/default.nix
index 31cdfd5..31cdfd5 100644
--- a/modules/software/multimedia/video/default.nix
+++ b/modules/core/software/multimedia/video/default.nix
diff --git a/modules/software/multimedia/video/graphics.nix b/modules/core/software/multimedia/video/graphics.nix
index 13da295..13da295 100644
--- a/modules/software/multimedia/video/graphics.nix
+++ b/modules/core/software/multimedia/video/graphics.nix
diff --git a/modules/software/multimedia/video/libva.nix b/modules/core/software/multimedia/video/libva.nix
index d420495..d420495 100644
--- a/modules/software/multimedia/video/libva.nix
+++ b/modules/core/software/multimedia/video/libva.nix
diff --git a/modules/software/multimedia/video/nvidia.nix b/modules/core/software/multimedia/video/nvidia.nix
index c133bc2..c133bc2 100644
--- a/modules/software/multimedia/video/nvidia.nix
+++ b/modules/core/software/multimedia/video/nvidia.nix
diff --git a/modules/software/multimedia/video/vulkan.nix b/modules/core/software/multimedia/video/vulkan.nix
index be37e0e..be37e0e 100644
--- a/modules/software/multimedia/video/vulkan.nix
+++ b/modules/core/software/multimedia/video/vulkan.nix
diff --git a/modules/software/programs.nix b/modules/core/software/programs.nix
index a1025fb..a1025fb 100644
--- a/modules/software/programs.nix
+++ b/modules/core/software/programs.nix
diff --git a/modules/software/services/adb.nix b/modules/core/software/services/adb.nix
index d106ead..d106ead 100644
--- a/modules/software/services/adb.nix
+++ b/modules/core/software/services/adb.nix
diff --git a/modules/software/services/ananicy.nix b/modules/core/software/services/ananicy.nix
index bdc9bbd..bdc9bbd 100644
--- a/modules/software/services/ananicy.nix
+++ b/modules/core/software/services/ananicy.nix
diff --git a/modules/software/services/dbus.nix b/modules/core/software/services/dbus.nix
index 8b25bf9..8b25bf9 100644
--- a/modules/software/services/dbus.nix
+++ b/modules/core/software/services/dbus.nix
diff --git a/modules/software/services/default.nix b/modules/core/software/services/default.nix
index 4b9ccf6..4b9ccf6 100644
--- a/modules/software/services/default.nix
+++ b/modules/core/software/services/default.nix
diff --git a/modules/software/services/libinput.nix b/modules/core/software/services/libinput.nix
index 643f814..643f814 100644
--- a/modules/software/services/libinput.nix
+++ b/modules/core/software/services/libinput.nix
diff --git a/modules/software/services/logrotate.nix b/modules/core/software/services/logrotate.nix
index 2dedf2e..2dedf2e 100644
--- a/modules/software/services/logrotate.nix
+++ b/modules/core/software/services/logrotate.nix
diff --git a/modules/software/services/ollama.nix b/modules/core/software/services/ollama.nix
index d737250..d737250 100644
--- a/modules/software/services/ollama.nix
+++ b/modules/core/software/services/ollama.nix
diff --git a/modules/software/services/printing.nix b/modules/core/software/services/printing.nix
index f7a38de..f7a38de 100644
--- a/modules/software/services/printing.nix
+++ b/modules/core/software/services/printing.nix
diff --git a/modules/software/services/xserver.nix b/modules/core/software/services/xserver.nix
index f1833a4..f1833a4 100644
--- a/modules/software/services/xserver.nix
+++ b/modules/core/software/services/xserver.nix
diff --git a/modules/software/shell.nix b/modules/core/software/shell.nix
index 0b3508f..0b3508f 100644
--- a/modules/software/shell.nix
+++ b/modules/core/software/shell.nix
diff --git a/modules/software/systemd.nix b/modules/core/software/systemd.nix
index c475d96..c475d96 100644
--- a/modules/software/systemd.nix
+++ b/modules/core/software/systemd.nix
diff --git a/modules/software/users.nix b/modules/core/software/users.nix
index ab3fe03..ab3fe03 100644
--- a/modules/software/users.nix
+++ b/modules/core/software/users.nix
diff --git a/modules/variables/default.nix b/modules/core/variables/default.nix
index 8315ceb..8315ceb 100644
--- a/modules/variables/default.nix
+++ b/modules/core/variables/default.nix
diff --git a/modules/variables/electron.nix b/modules/core/variables/electron.nix
index 62e7c72..62e7c72 100644
--- a/modules/variables/electron.nix
+++ b/modules/core/variables/electron.nix
diff --git a/modules/variables/fcitx.nix b/modules/core/variables/fcitx.nix
index 0ac550f..0ac550f 100644
--- a/modules/variables/fcitx.nix
+++ b/modules/core/variables/fcitx.nix
diff --git a/modules/variables/mozilla.nix b/modules/core/variables/mozilla.nix
index e85d27c..e85d27c 100644
--- a/modules/variables/mozilla.nix
+++ b/modules/core/variables/mozilla.nix
diff --git a/modules/variables/nvidia.nix b/modules/core/variables/nvidia.nix
index 3d50fdf..3d50fdf 100644
--- a/modules/variables/nvidia.nix
+++ b/modules/core/variables/nvidia.nix
diff --git a/modules/variables/opengl.nix b/modules/core/variables/opengl.nix
index 1edce45..1edce45 100644
--- a/modules/variables/opengl.nix
+++ b/modules/core/variables/opengl.nix
diff --git a/modules/variables/qt.nix b/modules/core/variables/qt.nix
index cedf6a0..cedf6a0 100644
--- a/modules/variables/qt.nix
+++ b/modules/core/variables/qt.nix
diff --git a/modules/variables/wayland.nix b/modules/core/variables/wayland.nix
index ee21d52..ee21d52 100644
--- a/modules/variables/wayland.nix
+++ b/modules/core/variables/wayland.nix
diff --git a/modules/variables/wlroots.nix b/modules/core/variables/wlroots.nix
index 25aaf4d..25aaf4d 100644
--- a/modules/variables/wlroots.nix
+++ b/modules/core/variables/wlroots.nix
diff --git a/modules/virtualisation/default.nix b/modules/core/virtualisation/default.nix
index 97aa4b9..97aa4b9 100644
--- a/modules/virtualisation/default.nix
+++ b/modules/core/virtualisation/default.nix
diff --git a/modules/virtualisation/docker.nix b/modules/core/virtualisation/docker.nix
index c35beb6..c35beb6 100644
--- a/modules/virtualisation/docker.nix
+++ b/modules/core/virtualisation/docker.nix
diff --git a/modules/virtualisation/libvirtd.nix b/modules/core/virtualisation/libvirtd.nix
index 556135b..556135b 100644
--- a/modules/virtualisation/libvirtd.nix
+++ b/modules/core/virtualisation/libvirtd.nix
diff --git a/modules/virtualisation/qemu.nix b/modules/core/virtualisation/qemu.nix
index 849ead1..849ead1 100644
--- a/modules/virtualisation/qemu.nix
+++ b/modules/core/virtualisation/qemu.nix
diff --git a/modules/default.nix b/modules/default.nix
index b15985c..8143eba 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,12 +1,6 @@
 {
   imports = [
-    ./hardware
-    ./networking
-    ./nix
-    ./security
-    ./software
-    ./variables
-    ./virtualisation
-    ./options.nix
+    ./core
+    ./options
   ];
 }
diff --git a/modules/options.nix b/modules/options/default.nix
index bd831dc..bd831dc 100644
--- a/modules/options.nix
+++ b/modules/options/default.nix
diff --git a/modules/server/default.nix b/modules/server/default.nix
new file mode 100644
index 0000000..c81450d
--- /dev/null
+++ b/modules/server/default.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../core/networking/vpn/tailscale.nix
+    ../core/nix
+    ./networking
+    ./system.nix
+    ./systemd.nix
+    ./users.nix
+    ./virtualisation.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    fastfetch
+    vim
+  ];
+}
diff --git a/modules/server/networking/caddy.nix b/modules/server/networking/caddy.nix
new file mode 100644
index 0000000..aae8fb7
--- /dev/null
+++ b/modules/server/networking/caddy.nix
@@ -0,0 +1,28 @@
+{
+  services.caddy = {
+    enable = true;
+
+    virtualHosts = {
+      "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
+      "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
+      "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
+
+      "fuwn.me".extraConfig = ''
+        reverse_proxy localhost:8084
+
+        header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
+
+        @blocked {
+          path /proxy/illegaldrugs.net/cgi-bin/news.php*
+          path /proxy/scholasticdiversity.us.to/scriptures/*
+          path /proxy/jsreed5.org/oeis/*
+        }
+        respond @blocked 403
+
+        @no_forwarded_for not header X-Forwarded-For *
+        request_header @no_forwarded_for X-Forwarded-For {remote_host}
+        respond /whoami {header.X-Forwarded-For} 200
+      '';
+    };
+  };
+}
diff --git a/modules/server/networking/default.nix b/modules/server/networking/default.nix
new file mode 100644
index 0000000..c71b072
--- /dev/null
+++ b/modules/server/networking/default.nix
@@ -0,0 +1,14 @@
+{
+  imports = [ ./caddy.nix ];
+  services.openssh.enable = true;
+
+  networking = {
+    hostName = "himeji";
+    domain = "";
+
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}
diff --git a/modules/server/system.nix b/modules/server/system.nix
new file mode 100644
index 0000000..a779da1
--- /dev/null
+++ b/modules/server/system.nix
@@ -0,0 +1,4 @@
+{
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+}
diff --git a/modules/server/systemd.nix b/modules/server/systemd.nix
new file mode 100644
index 0000000..acdcef4
--- /dev/null
+++ b/modules/server/systemd.nix
@@ -0,0 +1,27 @@
+{ secrets, ... }:
+let
+  containerEngine = "podman";
+in
+{
+  systemd.services.tailscale-up = {
+    after = [ "tailscaled.service" ];
+    requires = [ "tailscaled.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      ExecStart = "/run/current-system/sw/bin/tailscale up --authkey ${secrets.tailscale_authentication_key}";
+      Restart = "on-failure";
+    };
+  };
+
+  systemd.services.ghcr-login = {
+    after = [ "${containerEngine}.service" ];
+    requires = [ "${containerEngine}.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      ExecStart = "/run/current-system/sw/bin/${containerEngine} login ghcr.io -u ${secrets.ghcr.username} -p ${secrets.ghcr.token}";
+      Restart = "on-failure";
+    };
+  };
+}
diff --git a/modules/server/users.nix b/modules/server/users.nix
new file mode 100644
index 0000000..338b510
--- /dev/null
+++ b/modules/server/users.nix
@@ -0,0 +1,10 @@
+{ secrets, ... }:
+{
+  users.users.root = {
+    initialHashedPassword = secrets.initial_hashed_password;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBm/ydlGJiKWMxH6v9SFN3vo/ZkX6eQ+uCmH32gnCkUW"
+    ];
+  };
+}
diff --git a/modules/server/virtualisation.nix b/modules/server/virtualisation.nix
new file mode 100644
index 0000000..3d8effe
--- /dev/null
+++ b/modules/server/virtualisation.nix
@@ -0,0 +1,76 @@
+{ secrets, ... }:
+let
+  containerEngine = "podman";
+in
+{
+  virtualisation = {
+    containers.enable = true;
+    docker.enable = containerEngine == "docker";
+
+    podman = {
+      enable = containerEngine == "podman";
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+    oci-containers = {
+      backend = containerEngine;
+
+      containers = {
+        september = {
+          image = "fuwn/september";
+          autoStart = true;
+          ports = [ "8084:80" ];
+
+          environment = {
+            CONDENSE_LINKS_AT_HEADINGS = "## Quick Links,# Fuwn[.me],## Footer";
+            EMBED_IMAGES = "2";
+            HEAD = ''<script async src="https://us.umami.is/script.js" data-website-id="fb2fa218-bbfc-419f-8b70-4f0b937df064"></script><link rel="icon" type="image/x-icon" href="https://avatars.githubusercontent.com/u/99055925?s=200&v=4">'';
+            MATHJAX = "true";
+            PLAIN_TEXT_ROUTE = "*.xml,*.txt";
+            PRIMARY_COLOUR = "#DCC6BD";
+          };
+        };
+
+        momoka = {
+          image = "fuwn/momoka";
+          autoStart = true;
+          ports = [ "70:70" ];
+        };
+
+        gigi = {
+          image = "fuwn/gigi";
+          autoStart = true;
+          ports = [ "79:79" ];
+          volumes = [ "/mnt/docker/gigi:/gigi/.gigi" ];
+        };
+
+        mayu = {
+          image = "fuwn/mayu";
+          autoStart = true;
+          ports = [ "8098:3000" ];
+          volumes = [ "/mnt/docker/mayu:/mayu/data" ];
+        };
+
+        locus = {
+          image = "ghcr.io/gemrest/locus";
+          autoStart = true;
+          ports = [ "1965:1965" ];
+          volumes = [ "/mnt/docker/locus:/locus/.locus" ];
+
+          environment = {
+            FINNHUB_TOKEN = secrets.finnhub_token;
+            HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif";
+          };
+        };
+
+        bin = {
+          image = "quxfoo/wastebin";
+          autoStart = true;
+          ports = [ "8090:8088" ];
+          volumes = [ "/mnt/docker/bin:/root/db" ];
+        };
+      };
+    };
+  };
+}