nixfiles/hosts/hetzner-vm/hetzner-vm.nix

{
  tree,
  lib,
  pkgs,
  config,
  ...
}: {
  imports = with tree;
    [
      users.root

      profiles.base
      profiles.sshd
      profiles.nginx
      profiles.nix-gc
      profiles.kernels.latest

      ./networking.nix
      ./hardware.nix
      ./secrets.nix
    ]
    ++ (lib.forEach [
      "social"
      "storage"
      "music"
      "quassel"
      "piped"
      "mail"
    ] (name: ./containers + "/${name}"))
    ++ (with hosts.hetzner-vm.profiles; [
      vaultui
      gitlab-static-sites
      wireguard
      nginx-misc
    ]);

  environment.systemPackages = with pkgs;
    [
      (pkgs.writeShellScriptBin "journalctl-vaccum-all" ''
        journalctl --vacuum-size=100M
        ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
          journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
        ''))}
      '')
      (pkgs.writeShellScriptBin "systemctl-list-failed-all" ''
        echo "Host: "
        systemctl --failed
        ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
          echo "Container: ${name}"
          systemctl -M ${name} --failed
        ''))}
      '')
    ]
    ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-vaccum-${name}" ''
      journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
    ''))
    ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "systemctl-machine-${name}" ''
      systemctl -M ${name} $@
    ''))
    ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-machine-${name}" ''
      journalctl -M ${name} $@
    ''))
    ++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "shell-enter-${name}" ''
      machinectl shell ${name}
    ''));

  # For Containers
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "eth0";
  };

  networking.firewall.allowedTCPPorts = [80 443];
  networking.firewall.allowedUDPPorts = [443];

  home-manager.users.root = {
    imports = with tree; [home.base home.dev.small];
    home.stateVersion = "23.05";
  };

  networking.hostName = "hetzner-vm";
  time.timeZone = "Europe/London";

  system.stateVersion = "23.05";
}