nix/hardware/alpine.nix

{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}: let
  user = config.user;
in {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ../nixos/services/anki.nix
    ../nixos/services/forgejo.nix
    ../nixos/services/vaultwarden.nix
    ../nixos/services/jellyfin.nix
    ../nixos/services/mpd.nix
    ../nixos/services/prometheus.nix
    ../nixos/services/grafana.nix
    ../nixos/services/synapse.nix
    ../nixos/services/nextcloud.nix
  ];

  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = [];
  boot.extraModulePackages = [];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/979fe496-10e8-41be-97d1-3d000cd2b384";
    fsType = "ext4";
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/D8AA-8602";
    fsType = "vfat";
  };

  fileSystems."/mnt/disk1" = {
    device = "/dev/disk/by-uuid/caba0b6c-00d2-495a-8c04-67ea584f1a63";
    fsType = "ext4";
  };

  fileSystems."/mnt/disk2" = {
    device = "/dev/disk/by-uuid/e3828580-625e-4f93-974f-9c7fed99dee2";
    fsType = "ext4";
  };

  fileSystems."/mnt/disk3" = {
    device = "/dev/disk/by-uuid/28f15a05-d550-4a41-a951-244af6140831";
    fsType = "ext4";
  };

  fileSystems."/mnt/parity1" = {
    device = "/dev/disk/by-uuid/09fc062c-1a61-4e1b-802c-60f7178bc713";
    fsType = "ext4";
  };

  environment.systemPackages = with pkgs; [
    mergerfs
    mergerfs-tools
    python3
  ];

  fileSystems."/mnt/storage" = {
    device = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
    fsType = "fuse.mergerfs";
    depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
    options = [
      "direct_io"
      "use_ino"
      "allow_other"
      "minfreespace=50G"
      "fsname=mergerfs"
      "category.create=mfs"
      "func.mkdir=epall"
    ];
  };

  swapDevices = [
    {device = "/dev/disk/by-uuid/27ad4809-211f-4ae9-90da-d17d9c1df271";}
  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
  networking.firewall.allowedTCPPorts = [53 80 443];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  system.stateVersion = "24.05"; # don't change.
  home-manager.users.${user}.imports = [
    {
      home.stateVersion = "24.05";
    }
  ];

  networking.hostName = "alpine";
  networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];

  services.snapraid = {
    enable = true;
    contentFiles = [
      "/mnt/disk1/SnapRAID.content"
      "/mnt/disk2/SnapRAID.content"
      "/mnt/disk3/SnapRAID.content"
      "/var/snapraid/SnapRAID.content"
    ];
    dataDisks = {
      d1 = "/mnt/disk1";
      d2 = "/mnt/disk2";
      d3 = "/mnt/disk3";
    };
    exclude = ["/lost+found"];
    parityFiles = [
      "/mnt/parity1/SnapRAID.parity"
    ];
  };

  virtualisation = {
    podman = {
      enable = true;
    };
  };

  services.openssh = {
    enable = true;
    openFirewall = true;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    virtualHosts = {
      "*.tristans.cloud" = {
        globalRedirect = "tristans.cloud";
      };
      "tristans.cloud" = {
        forceSSL = true;
        enableACME = true;
        root = "/srv/www/tristans.cloud";
      };
      "*.thebeanbakery.xyz" = {
        globalRedirect = "thebeanbakery.xyz";
      };
      "thebeanbakery.xyz" = {
        forceSSL = true;
        enableACME = true;
        root = "/srv/www/thebeanbakery.xyz";
      };
      "auth.tristans.cloud" = {
        forceSSL = true;
        enableACME = true;
        locations."~" = {
          proxyPass = "http://localhost:8084";
          proxyWebsockets = true;
        };
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "tristan@tristans.cloud";
  };

  services.ddclient = {
    # enable = true;
    protocol = "duckdns";
    use = "if, if=enp4s0";
    ssl = true;
    username = "";
    passwordFile = "/home/tristan/duckdnstoken";
    domains = ["tlbean"];
  };

  services.mpd = {
    musicDirectory = "/mnt/storage/media/Music";
  };

  services.grafana.settings.server = {
    domain = "monitor.tristans.cloud";
    http_port = 3001; # forgejo and grafana default to 3000
  };

  services.nextcloud.hostName = "files.tristans.cloud";

  services.forgejo.settings.server.DOMAIN = "git.tristans.cloud";
}