{ config, inputs, lib, this, ... }: with lib; { imports = [ ./mailserver.nix ./webserver.nix ]; secrets.wireguard-private-key-manwe.file = "${inputs.self}/secrets/wireguard-private-key-manwe"; nixfiles.modules = { nsd = { enable = true; fqdn = "ns1.${config.networking.domain}"; }; unbound.enable = true; wireguard = { privateKeyFile = config.secrets.wireguard-private-key-manwe.path; server.enable = true; }; acme.enable = true; monitoring.enable = true; gotify.enable = true; matrix.dendrite = { enable = true; domain = my.domain.azahi; }; radicale.enable = true; rss-bridge.enable = true; shadowsocks.enable = true; soju = { enable = true; domain = my.domain.azahi; }; vaultwarden.enable = true; }; services.prometheus = { # TODO Make this generic. scrapeConfigs = with my.configurations; with config.services.prometheus.exporters; [ { job_name = "endlessh-go"; static_configs = [ { targets = with config.services.endlessh-go.prometheus; [ "${manwe.hostname}:${toString port}" "${varda.hostname}:${toString port}" "${yavanna.hostname}:${toString port}" ]; } ]; } { job_name = "nginx"; static_configs = [ { targets = with nginx; [ "${manwe.hostname}:${toString port}" "${varda.hostname}:${toString port}" "${yavanna.hostname}:${toString port}" ]; } ]; } { job_name = "node"; static_configs = [ { targets = with node; [ "${manwe.hostname}:${toString port}" "${varda.hostname}:${toString port}" "${yavanna.hostname}:${toString port}" ]; } ]; } { job_name = "postgres"; static_configs = [ { targets = with postgres; ["${manwe.hostname}:${toString port}"]; } ]; } { job_name = "unbound"; static_configs = [ { targets = with unbound; ["${manwe.hostname}:${toString port}"]; } ]; } { job_name = "wireguard"; static_configs = [ { targets = with wireguard; ["${manwe.hostname}:${toString port}"]; } ]; } ]; }; networking = let interface = "eth0"; in { interfaces.${interface} = { ipv4.addresses = [ { inherit (this.ipv4) address; prefixLength = 22; } ]; ipv6.addresses = [ { inherit (this.ipv6) address; prefixLength = 64; } ]; }; defaultGateway = { inherit interface; address = this.ipv4.gateway; }; defaultGateway6 = { inherit interface; address = this.ipv6.gateway; }; nat.externalInterface = interface; }; boot = { loader.grub = { enable = true; device = "/dev/sda"; }; initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; }; fileSystems = { "/boot" = { device = "/dev/sda1"; fsType = "xfs"; options = ["noatime"]; }; "/" = { device = "/dev/sda2"; fsType = "xfs"; options = ["noatime"]; }; }; swapDevices = [{device = "/dev/sda3";}]; }