{ privateFiles ? ./. }:
{
  network = {
    description = "Immae's network";
    enableRollback = true;
  };

  eldiron = { config, pkgs, mylibs, myconfig, ... }:
  {
    nixpkgs.overlays = builtins.attrValues (import ../overlays);
    _module.args = {
      pkgsNext = import <nixpkgsNext> {};
      pkgsPrevious = import <nixpkgsPrevious> {};
      mylibs = import ../libs.nix { inherit pkgs; };
      myconfig = {
        inherit privateFiles;
        env = import "${privateFiles}/environment.nix";
      };
    };

    boot.kernelPackages = pkgs.linuxPackages_latest;

    networking = {
      firewall.enable = true;
      # 176.9.151.89 declared in nixops -> infra / tools
      interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
        (n: ips: { address = ips.ip4; prefixLength = 32; })
        (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.eldiron.ips);
      interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
        (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
        myconfig.env.servers.eldiron.ips);
    };

    imports = [
      ./modules/ssh
      ./modules/certificates.nix
      ./modules/gitolite
      ./modules/databases
      ./modules/mpd
      ./modules/websites
      ./modules/mail
      ./modules/ftp
      ./modules/pub
      ./modules/task
      ./modules/irc
      ./modules/buildbot
      ./modules/dns
      ./modules/secrets
    ];
    services.myGitolite.enable = true;
    services.myDatabases.enable = true;
    services.myWebsites.production.enable = true;
    services.myWebsites.integration.enable = true;
    services.myWebsites.tools.enable = true;
    services.pure-ftpd.enable = true;
    services.irc.enable = true;
    services.pub.enable = true;
    services.myTasks.enable = true;
    services.buildbot.enable = true;

    services.journald.extraConfig = ''
      MaxLevelStore="warning"
      MaxRetentionSec="1year"
      '';

    deployment = {
      targetEnv = "hetzner";
      hetzner = {
        robotUser = myconfig.env.hetzner.user;
        robotPass = myconfig.env.hetzner.pass;
        mainIPv4 = myconfig.env.servers.eldiron.ips.main.ip4;
        partitions = ''
          clearpart --all --initlabel --drives=sda,sdb

          part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda
          part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb

          part raid.1 --grow --ondisk=sda
          part raid.2 --grow --ondisk=sdb

          raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2
        '';
      };
    };

    users.users.root.packages = [
      pkgs.telnet
      pkgs.htop
      pkgs.iftop
    ];

    environment.systemPackages = [
      pkgs.vim
    ];

    services.cron = {
      enable = true;
      systemCronJobs = [
        ''
          # The star after /var/lib/* avoids deleting all folders in case of problem
          0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null
        ''
      ];
    };

    # This value determines the NixOS release with which your system is
    # to be compatible, in order to avoid breaking some software such as
    # database servers. You should change this only after NixOS release
    # notes say you should.
    system.stateVersion = "18.09"; # Did you read the comment?
  };
}