feat: refactoring + system types

modules/tf/acme.nix

@@ -0,0 +1,23 @@
+{ config, meta, lib, target, ... }: with lib;
+let
+  home = meta.deploy.targets.home.tf;
+in lib.mkIf (target != "home") {
+  acme = {
+    enable = true;
+        account = {
+          register = lib.mkDefault false;
+          emailAddress = "kat@inskip.me";
+          accountKeyPem = home.resources.acme_private_key.importAttr "private_key_pem";
+        };
+        challenge = {
+          defaultProvider = "rfc2136";
+          configs.rfc2136 = {
+            RFC2136_NAMESERVER = config.variables.katdns-address.ref;
+            RFC2136_TSIG_KEY = config.variables.katdns-name.ref;
+            RFC2136_TSIG_SECRET = config.variables.katdns-key.ref;
+            RFC2136_TSIG_ALGORITHM = "hmac-sha512";
+          };
+        };
+    };
+
+}

modules/tf/gcroot.nix

@@ -0,0 +1,3 @@
+{ config, ... }: {
+  deploy.gcroot.enable = true;
+}

modules/tf/katdns.nix

@@ -0,0 +1,31 @@
+{ config, lib, ... }:  with lib; {
+  variables.katdns-address = {
+    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f address";
+    type = "string";
+    sensitive = true;
+  };
+  variables.katdns-name = {
+    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f username";
+    type = "string";
+    sensitive = true;
+  };
+  variables.katdns-key = {
+    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f password";
+    type = "string";
+    sensitive = true;
+  };
+
+  providers.katdns = {
+    type = "dns";
+    inputs.update = {
+      server = config.variables.katdns-address.ref;
+      key_name = config.variables.katdns-name.ref;
+      key_secret = config.variables.katdns-key.ref;
+      key_algorithm = "hmac-sha512";
+    };
+  };
+
+  dns.zones = genAttrs [ "inskip.me." "kittywit.ch." "dork.dev." "gensokyo.zone." ] (_: {
+    provider = "dns.katdns";
+  });
+}