nix/hosts/caddy/default.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  tailscaleMagicDNS = "neon-dory.ts.net";
in
{

  age.secrets = {
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
  };

  my = {
    utils.commons.enable = true;

    services = {

      media-mgr = {
        proxy = {
          enable = true;
          domain = "tegola.pro";
          host = "arr.internal";
        };
      };

      nextcloud = {
        proxy = {
          enable = true;
          domain = "tegola.pro";
          host = "nextcloud.internal";
        };
      };

    };

    monitoring = {
      prometheus = {
        proxy = {
          domain = "tegola.pro";
          host = "metrics.internal";
        };
      };
      grafana = {
        proxy = {
          domain = "tegola.pro";
          host = "metrics.internal";
        };
      };
    };

    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = tailscaleMagicDNS;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };

      caddy.enable = true;
    };

    virtualisation = {
      proxmox.enable = true;
    };
  };

  time.timeZone = "Europe/Rome";

  # Extra packages
  environment.systemPackages = with pkgs; [ ];

  services = {
    openssh.enable = true;

    prometheus.exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
    };
  };

  networking = {
    firewall.allowedTCPPorts = [ 9100 ];
    nameservers = [ "192.168.1.2" ];
  };

  system.stateVersion = "24.05";
}