update: system update & refactor

# Breaking Changes
- sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix"
- flake devices declaration changes
- whole flake update

system/dev/dn-server/common/backup.nix

@@ -0,0 +1,92 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkIf;
+  backupAt = "*-*-* 03:00:00";
+  backupPath = "/mnt/backup_dn";
+  backupScript = pkgs.writeShellScript "backup-nextcloud.sh" ''
+    nextcloudPath="${config.services.nextcloud.datadir}"
+
+    if [ ! -d "$nextcloudPath" ]; then
+      echo "nextcloud path not found: $nextcloudPath"
+      exit 1
+    fi
+
+    backupPath="${backupPath}"
+    nextcloudBakPath="$backupPath"
+
+    if [ ! -d "$backupPath" ]; then
+      echo "Backup device is not mounted: $backupPath"
+      exit 1
+    fi
+
+    echo "Start syncing..."
+    ${pkgs.rsync}/bin/rsync -rh --delete "$nextcloudPath" "$nextcloudBakPath"
+    echo "Data dir backup completed."
+  '';
+in
+{
+  fileSystems."/mnt/backup_dn" = {
+    device = "/dev/disk/by-uuid/FBD9-F625";
+    fsType = "exfat";
+    options = [
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=600"
+      "nofail"
+      "user"
+      "x-gvfs-show"
+      "gid=1000"
+      "uid=1000"
+      "dmask=000"
+      "fmask=000"
+    ];
+  };
+
+  # ==== Advance Backup ==== #
+  # services.pgbackrest = {
+  #   enable = true;
+  #   repos.localhost.path = "${backupPath}/postgresql";
+  # };
+
+  services.postgresqlBackup = {
+    enable = true;
+    startAt = backupAt;
+    pgdumpOptions = "--no-owner";
+    databases = [
+      "nextcloud"
+      "vaultwarden"
+      "paperless"
+    ];
+    location = "${backupPath}/postgresql";
+  };
+
+  systemd = mkIf config.services.nextcloud.enable {
+    timers = {
+      "nextcloud-backup" = {
+        enable = true;
+        description = "Nextcloud backup";
+        timerConfig = {
+          OnCalendar = backupAt;
+          Persistent = true;
+          OnUnitActiveSec = "1d";
+          AccuracySec = "1h";
+          Unit = "nextcloud-backup.service";
+        };
+        wantedBy = [ "timers.target" ];
+      };
+    };
+
+    services."nextcloud-backup" = {
+      enable = true;
+      serviceConfig = {
+        User = "nextcloud";
+        ExecStart = "${backupScript}";
+      };
+    };
+  };
+}

system/dev/dn-server/common/boot.nix

@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages;
+
+  boot.loader.systemd-boot.enable = true;
+
+  # Enable F keys in some wireless keyboard (Ex. neo65)
+  boot.extraModprobeConfig = ''
+    options hid_apple fnmode=2
+  '';
+
+  boot.initrd.systemd.enable = true;
+  boot.initrd.kernelModules = [
+    "i915"
+  ];
+  boot.swraid.enable = true;
+  boot.swraid.mdadmConf = ''
+    MAILADDR smitty
+    ARRAY /dev/md126 metadata=1.2 name=stuff:0
+    UUID=b75dc506-8f7c-4557-8b2f-adb5f1358dbc
+  '';
+
+  fileSystems."/mnt/ssd" = {
+    device = "/dev/disk/by-uuid/4E21-0000";
+    fsType = "exfat";
+    options = [
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=600"
+      "nofail"
+      "user"
+      "x-gvfs-show"
+      "gid=1000"
+      "uid=1000"
+      "dmask=000"
+      "fmask=000"
+    ];
+  };
+}

system/dev/dn-server/common/default.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    ../../../modules/presets/minimal.nix
+    ../../../modules/bluetooth.nix
+    ../../../modules/gc.nix
+    ../../../modules/stylix.nix
+    ../../../modules/postgresql.nix
+    ./backup.nix
+    ./boot.nix
+    ./hardware-configuration.nix
+    ./networking.nix
+    ./nvidia.nix
+  ];
+}

system/dev/dn-server/common/hardware-configuration.nix

@@ -0,0 +1,55 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "vmd"
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+    "rtsx_pci_sdmmc"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

system/dev/dn-server/common/networking.nix

@@ -0,0 +1,12 @@
+{ lib, ... }:
+with lib;
+{
+  networking = {
+    networkmanager = {
+      enable = true;
+      insertNameservers = mkForce [ "127.0.0.1" ];
+    };
+    enableIPv6 = true;
+    firewall.enable = true;
+  };
+}

system/dev/dn-server/common/nvidia.nix

@@ -0,0 +1,9 @@
+{
+  imports = [
+    (import ../../../modules/nvidia.nix {
+      nvidia-mode = "offload";
+      intel-bus-id = "PCI:0:2:0";
+      nvidia-bus-id = "PCI:1:0:0";
+    })
+  ];
+}