# Define a function which returns a value which fills in all the holes left by
# ``monitoring.nix``.
{
  # A set mapping VPN IP addresses as strings to lists of hostnames as
  # strings.  The system's ``/etc/hosts`` will be populated with this
  # information.
  hostsMap

  # See ``customize-issuer.nix``.
, monitoringvpnKeyDir
, monitoringvpnIPv4

  # XXX To be removed
, publicIPv4

  # A list of VPN IP addresses as strings indicating which clients will be
  # allowed onto the VPN.
, vpnClientIPs

  # A list of VPN clients (IP addresses or hostnames) as strings indicating
  # which nodes to scrape metrics from.
, nodeExporterTargets

  # ...
, nginxExporterTargets ? []

  # A string giving the NixOS state version for the system.
, stateVersion
, ...
}: {
  deployment.targetHost = publicIPv4;
  deployment.secrets = {
    "monitoringvpn-private-key".source = "${monitoringvpnKeyDir}/server.key";
    "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
  };
  networking.hosts = hostsMap;

  services.private-storage.monitoring.vpn.server = {
    enable = true;
    ip = monitoringvpnIPv4;
    inherit vpnClientIPs;
    pubKeysPath = monitoringvpnKeyDir;
  };

  services.private-storage.monitoring.prometheus = {
    inherit nodeExporterTargets;
    inherit nginxExporterTargets;
  };

  system.stateVersion = stateVersion;
}