nixos/hosts/vm.strangervm.ts.hillion.co.uk/default.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ../../modules/common/default.nix
    ../../modules/drone/server.nix
    ./hardware-configuration.nix
  ];

  config = {
    system.stateVersion = "22.05";

    networking.hostName = "vm";
    networking.domain = "strangervm.ts.hillion.co.uk";

    boot.loader.grub = {
      enable = true;
      device = "/dev/sda";
    };

    ## Custom Services
    custom = {
      locations.autoServe = true;
      www.global.enable = true;
      services.matrix.enable = true;
      services.version_tracker.enable = true;
    };

    ## Networking
    networking.interfaces.ens18.ipv4.addresses = [{
      address = "10.72.164.3";
      prefixLength = 24;
    }];
    networking.defaultGateway = "10.72.164.1";

    networking.firewall = {
      allowedTCPPorts = lib.mkForce [
        22 # SSH
      ];
      allowedUDPPorts = lib.mkForce [ ];
      interfaces = {
        ens18 = {
          allowedTCPPorts = lib.mkForce [
            80 # HTTP 1-2
            443 # HTTPS 1-2
          ];
          allowedUDPPorts = lib.mkForce [
            443 # HTTP 3
          ];
        };
      };
    };

    ## Tailscale
    age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age;
    custom.tailscale = {
      enable = true;
      preAuthKeyFile = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path;
    };

    ## Resilio Sync (Encrypted)
    custom.resilio.enable = true;
    services.resilio.deviceName = "vm.strangervm";
    services.resilio.directoryRoot = "/data/sync";
    services.resilio.storagePath = "/data/sync/.sync";

    custom.resilio.folders =
      let
        folderNames = [
          "dad"
          "projects"
          "resources"
          "sync"
        ];
        mkFolder = name: {
          name = name;
          secret = {
            name = "resilio/encrypted/${name}";
            file = ../../secrets/resilio/encrypted/${name}.age;
          };
        };
      in
      builtins.map (mkFolder) folderNames;

    ## Backups
    services.postgresqlBackup.location = "/data/backup/postgres";
  };
}