server-configs/shared/platforms/hetzner.nix

{ config, lib, modulesPath, ... }:

with lib;

let
  cfg = config.mine.platforms.hetzner;

  mkIfOption = name: attrset: lib.optionalAttrs (
    builtins.hasAttr name config.mine
  ) attrset;
in {
  options.mine.platforms.hetzner= {
    enable = mkEnableOption "Enable Hetzner platform profile";
    
    network = {
      address = mkOption {
        type = types.listOf types.str;
        example = "[\"55.72.39.76/32\"";
      };
    };
  };

  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  config = mkIf cfg.enable ({
    boot = {
      loader = {
        grub.enable = true;
        grub.device = "/dev/sda";

        # TODO(eyJhb): temp, something about disko
        # https://github.com/nix-community/disko/issues/572
        # can't be removed even when the VPS does not use UEFI
        grub.efiSupport = true;
        grub.efiInstallAsRemovable = true;
      };
  
      initrd = {
        availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
      };
    };

    networking.useDHCP = false;
    systemd.network = {
      enable = true;

      networks.hetzner = {
        name = "enp1s0";

        address = cfg.network.address;

        gateway = [
          "fe80::1"
          "172.31.1.1"
        ];

        routes = [
          { Destination = "172.31.1.1"; }
          { Destination = "fe80::1"; }
        ];
        
      };
    };

    # ssh on boot
    mine.ssh-on-boot.network = let
      netmaskAddressList = (lib.take 3 (lib.splitString "." "135.181.98.1")) ++ ["255"];
      netmaskAddress = lib.concatStringsSep "." netmaskAddressList;
    in {
      address = lib.mkDefault (lib.elemAt cfg.network.address 0);
      gateway = lib.mkDefault "172.31.1.1";
      netmask = lib.mkDefault netmaskAddress;
      interface = lib.mkDefault "enp1s0";
    };
  });
}