{ tree, lib, pkgs, config, ... }: { imports = with tree; [ users.root profiles.base profiles.sshd profiles.nginx profiles.nix-gc profiles.kernels.latest ./networking.nix ./hardware.nix ./secrets.nix ] ++ (lib.forEach [ "social" "music" "quassel" "piped" "mail" ] (name: ./containers + "/${name}")) ++ (with hosts.hetzner-vm.profiles; [ vaultui gitlab-static-sites wireguard nginx-misc ]); environment.systemPackages = with pkgs; [ (pkgs.writeShellScriptBin "journalctl-vaccum-all" '' journalctl --vacuum-size=100M ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name} ''))} '') (pkgs.writeShellScriptBin "systemctl-list-failed-all" '' echo "Host: " systemctl --failed ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' echo "Container: ${name}" systemctl -M ${name} --failed ''))} '') ] ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-vaccum-${name}" '' journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name} '')) ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "systemctl-machine-${name}" '' systemctl -M ${name} $@ '')) ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-machine-${name}" '' journalctl -M ${name} $@ '')) ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "shell-enter-${name}" '' machinectl shell ${name} '')); # For Containers networking.nat = { enable = true; internalInterfaces = ["ve-+"]; externalInterface = "eth0"; }; networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedUDPPorts = [443]; home-manager.users.root = { imports = with tree; [home.base home.dev.small]; home.stateVersion = "23.05"; }; networking.hostName = "hetzner-vm"; time.timeZone = "Europe/London"; system.stateVersion = "23.05"; }