update: system update & refactor

# Breaking Changes
- sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix"
- flake devices declaration changes
- whole flake update

system/dev/dn-pre7780/services/default.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    ../../../modules/postgresql.nix
+    ./mail.nix
+    ./nginx.nix
+    ./wireguard.nix
+    # ./netbird.nix
+  ];
+}

system/dev/dn-pre7780/services/mail.nix

@@ -0,0 +1,65 @@
+{
+  config,
+  ...
+}:
+let
+  domain = "daccc.info";
+  fqdn = "mx1.daccc.info";
+in
+{
+  networking.firewall.allowedTCPPorts = [ 8080 ];
+  imports = [
+    (import ../../../modules/stalwart.nix {
+      inherit domain;
+
+      enableNginx = false;
+      dkimKey = config.sops.secrets."stalwart/dkimKey".path;
+      adminPassFile = config.sops.secrets."stalwart/adminPassword".path;
+      dbPassFile = config.sops.secrets."stalwart/db".path;
+      acmeConf = {
+        directory = "https://acme-v02.api.letsencrypt.org/directory";
+        origin = "${domain}";
+        contact = "admin@${domain}";
+        domains = [
+          domain
+          fqdn
+        ];
+        challenge = "dns-01";
+        cache = "${config.services.stalwart-mail.dataDir}/acme";
+        default = true;
+        provider = "cloudflare";
+        renew-before = "30d";
+        secret = "%{file:${config.sops.secrets."cloudflare/secret".path}}%";
+      };
+      ldapConf = {
+        type = "ldap";
+        url = "ldaps://ldap.net.dn";
+        tls.enable = true;
+        timeout = "30s";
+        base-dn = "ou=people,dc=net,dc=dn";
+        attributes = {
+          name = "uid";
+          email = "mail";
+          secret = "userPassword";
+          description = [
+            "cn"
+            "description"
+          ];
+          class = "objectClass";
+        };
+        filter = {
+          name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)))";
+          email = "(&(objectClass=inetOrgPerson)(mail=?))";
+        };
+        bind = {
+          dn = "cn=admin,dc=net,dc=dn";
+          secret = "%{file:${config.sops.secrets."stalwart/ldap".path}}%";
+          auth = {
+            method = "default";
+          };
+        };
+      };
+    })
+  ];
+
+}

system/dev/dn-pre7780/services/netbird.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  imports = [
+    (import ../expr/netbird.nix {
+      domain = "pre7780.dn";
+      coturnPassFile = config.sops.secrets."netbird/coturn/password".path;
+      idpSecret = config.sops.secrets."netbird/oidc/secret".path;
+      dataStoreEncryptionKey = config.sops.secrets."netbird/dataStoreKey".path;
+    })
+  ];
+}

system/dev/dn-pre7780/services/nginx.nix

@@ -0,0 +1,33 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [
+    443
+    80
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      validMinDays = 2;
+      webroot = null;
+      server = "https://ca.net.dn/acme/acme/directory";
+      renewInterval = "daily";
+      email = "danny@pre7780.dn";
+      dnsResolver = "10.0.0.1:53";
+      dnsProvider = "pdns";
+      dnsPropagationCheck = false;
+      environmentFile = config.sops.secrets."acme/pdns".path;
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+  };
+}

system/dev/dn-pre7780/services/wireguard.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ../../../modules/wireguard.nix
+  ];
+}