update: system update & refactor

# Breaking Changes - sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix" - flake devices declaration changes - whole flake update
2025-10-14 16:49:03 +08:00 · 2025-10-14 16:49:03 +08:00 · 6a71b601f5
commit 6a71b601f5
parent 321f740af0
116 changed files with 2576 additions and 3634 deletions
--- a/system/dev/dn-server/default.nix
+++ b/system/dev/dn-server/default.nix
@ -1,157 +1,33 @@
+{ hostname }:
 {
  pkgs,
  lib,
  inputs,
  system,
-  username,
  config,
  ...
 }:
 let
-  inherit (lib) optionalAttrs;
-  inherit (builtins) toString;
+  username = "danny";
 in
 {
+  systemConf = {
+    inherit hostname username;
+    domain = "net.dn";
+    hyprland.enable = false;
+  };
+
  imports = [
-    (import ../../modules/nvidia.nix {
-      nvidia-mode = "offload";
-      intel-bus-id = "PCI:0:2:0";
-      nvidia-bus-id = "PCI:1:0:0";
-    })
-    ./backup.nix
-    ./security.nix
-    ./sops-conf.nix
-    ./boot.nix
-    ./hardware-configuration.nix
-    ./networking.nix
-    ./services.nix
-    ./nginx.nix
-    ./step-ca.nix
-    ./atticd.nix
-    ../../modules/presets/minimal.nix
-    ../../modules/bluetooth.nix
-    ../../modules/gc.nix
-    ../../modules/mail-server
-    ../../modules/stylix.nix
-    (import ../../modules/paperless-ngx.nix {
-      domain = "paperless.net.dn";
-      passwordFile = config.sops.secrets."paperless/adminPassword".path;
-    })
-    (import ../../modules/prometheus.nix {
-      fqdn = "metrics.net.dn";
-      selfMonitor = true;
-      configureNginx = true;
-      scrapes = [
-        (optionalAttrs config.services.pdns-recursor.enable {
-          job_name = "powerdns_recursor";
-          static_configs = [
-            {
-              targets = [ "localhost:${toString config.services.pdns-recursor.api.port}" ];
-            }
-          ];
-        })
-      ];
-    })
-    (import ../../modules/actual {
-      fqdn = "actual.net.dn";
-    })
-    (import ../../modules/nextcloud.nix {
-      hostname = "nextcloud.net.dn";
-      adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
-      trusted = [ "nextcloud.daccc.info" ];
-    })
-    (import ../../modules/vaultwarden.nix {
-      domain = "bitwarden.net.dn";
-    })
-    (import ../../modules/grafana.nix {
-      domain = "grafana.net.dn";
-      passFile = config.sops.secrets."grafana/password".path;
-      smtpHost = config.mail-server.domain;
-      smtpDomain = config.mail-server.domain;
-      extraSettings = {
-        "auth.generic_oauth" =
-          let
-            OIDCBaseUrl = "https://keycloak.net.dn/realms/master/protocol/openid-connect";
-          in
-          {
-            enabled = true;
-            allow_sign_up = true;
-            client_id = "grafana";
-            client_secret = ''$__file{${config.sops.secrets."grafana/client_secret".path}}'';
-            scopes = "openid email profile offline_access roles";
-            email_attribute_path = "email";
-            login_attribute_path = "username";
-            name_attribute_path = "full_name";
-            auth_url = "${OIDCBaseUrl}/auth";
-            token_url = "${OIDCBaseUrl}/token";
-            api_url = "${OIDCBaseUrl}/userinfo";
-            role_attribute_path = "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'";
-          };
-      };
-    })
-    ../../modules/postgresql.nix
+    ./common
+    ./home
+    ./network
+    ./nix
+    ./security
+    ./services
+    ./sops
  ];

  environment.systemPackages = with pkgs; [
    openssl
  ];
-
-  mail-server = {
-    enable = true;
-    configureACME = true;
-    mailDir = "~/Maildir";
-    caFile = "" + ../../extra/ca.crt;
-    virtualMailDir = "/var/mail/vhosts";
-    domain = "net.dn";
-    rootAlias = "${username}";
-    networks = [
-      "127.0.0.0/8"
-      "10.0.0.0/24"
-    ];
-    virtual = ''
-      admin@net.dn ${username}@net.dn
-      postmaster@net.dn ${username}@net.dn
-    '';
-    openFirewall = true;
-    oauth = {
-      passwordFile = config.sops.secrets."oauth/password".path;
-    };
-    ldap = {
-      passwordFile = config.sops.secrets."ldap/password".path;
-      webEnv = config.sops.secrets."ldap/env".path;
-    };
-    rspamd = {
-      trainerSecret = config.sops.secrets."rspamd-trainer".path;
-    };
-  };
-
-  home-manager = {
-    users."${username}" = {
-      imports = [
-        ../../../home/user/config.nix
-        ../../../home/user/direnv.nix
-        ../../../home/user/environment.nix
-        ../../../home/user/nvf
-        ../../../home/user/shell.nix
-        ../../../home/user/tmux.nix
-        ../../../home/user/yazi.nix
-        {
-          home.packages = with pkgs; [
-            inputs.ghostty.packages.${system}.default
-            (python3.withPackages (
-              p: with p; [
-                pip
-              ]
-            ))
-          ];
-        }
-
-        # Git
-        (import ../../../home/user/git.nix {
-          inherit username;
-          email = "danny10132024@gmail.com";
-        })
-      ];
-    };
-  };
 }