refactor: many changes

example/configuration.nix

@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    # Import the main module
+    ../modules/cloonar-assistant
+
+    # Include your hardware-configuration.nix and other custom modules
+    ./hardware-configuration.nix
+    # ...
+  ];
+
+  sops.defaultSopsFile = ./secrets.yaml;
+
+  # --- Configure Cloonar Assistant Options ---
+  cloonar-assistant = {
+    # Required: Define the first two octets for your internal networks
+    networkPrefix = "10.42"; # Example: Results in 10.42.96.0/24, 10.42.97.0/24, etc.
+
+    # Required: Define the domain name for local services and DDNS
+    domain = "home.example.com"; # Example
+
+    # Required: Define the network interface connected to the WAN/Internet
+    firewall.interfaces.wan = "eth0"; # Example
+
+    # Required: Define the network interface for internal VLANs
+    # Set to null if you only have one interface (WAN)
+    firewall.interfaces.internal = null; # Example
+
+    # Enable VPN Server
+    vpn.enable = true;
+    vpn.privateKeyFile = "/path/to/your/wireguard_private_key"; # Store securely!
+    vpn.clients = [
+      { 
+        name = "myphone";
+        publicKey = "...";
+        allowedIPs = [ "${config.cloonar-assistant.networkPrefix}.98.2/32" ];
+      }
+    ];
+
+    # Enable Dynamic DNS Updates
+    updns-client.enable = true;
+    updns-client.key = "your-updns-key"; # Key provided by updns-client.cloonar.com
+    updns-client.secretFile = "/path/to/your/updns_secret"; # Store securely!
+
+    # Enable setup mode (allows WAN access for initial setup - disable for production)
+    setup = false;
+
+    # ... other options can be configured as needed.
+  };
+
+  # --- Other System Configuration ---
+  networking.hostName = "myrouter"; # Example hostname
+
+  # Ensure necessary packages for fetching are available if not using flakes
+  environment.systemPackages = [ pkgs.nix ];
+
+  system.stateVersion = "23.11"; # Set to your NixOS version
+}

example/hardware-configuration.nix

@@ -0,0 +1,46 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.loader.systemd-boot = {
+    enable = true;
+    configurationLimit = 5;
+  };
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+	fileSystems."/boot" = {
+		device = "/dev/disk/by-label/boot";
+		fsType = "vfat";
+	};
+
+  boot.kernelParams = [
+    "tpm_tis.interrupts=0"
+  ];
+
+  boot.initrd = {
+    luks.devices.root = {
+      device = "/dev/disk/by-label/root";
+
+      allowDiscards = true;
+
+      keyFile = "/dev/zero";
+      keyFileSize = 1;
+    };
+  };
+
+	fileSystems."/" = {
+		device = "/dev/mapper/root";
+		fsType = "ext4";
+	};
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

example/secrets.yaml

@@ -0,0 +1,34 @@
+hello: ENC[AES256_GCM,data:TBaGXwx/14vVACdJEkaCzh7vUbz4qt+UTgRC/lx07BDOpfn5qU7iVlcygoM7bw==,iv:9wPWbD+gqwc/V6Fb6PJDd/uqhMWzyS5iAyYeIgcGDL8=,tag:M1+2LNuSEKcTKdyc8N4qYg==,type:str]
+example_key: ENC[AES256_GCM,data:dzPkbNkMZIxBwC34uA==,iv:E9QAYMyK41ivCTgZbnqapVA94nimTGK3pMuAtVGoDEA=,tag:TACnRUxHssf12vDgxXwWFQ==,type:str]
+#ENC[AES256_GCM,data:t7yKBwiyR308q/L+1IG27Q==,iv:TraZXiXP8/3xLxtxzH4H6s/hmJuDmIMBnC9OefKoQ40=,tag:Rs6VCBZDVmuD+6w3Lmqtjg==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:ogLj4WGKhiSv8pyBlKQ=,iv:NTm56BY6Cq/GkFsm0MUKERprqFKbuZqboD3xKT5UvWI=,tag:313/jWFs71v5Oegm1rwUbw==,type:str]
+    - ENC[AES256_GCM,data:qNkbU2m4bDBwFYmJcso=,iv:ZoKmDp/Qa9omGBcpfKKIDhM/vyqrXTLy0Z3106CXX7c=,tag:R7aYLK1gt/18r4s3K4/FnA==,type:str]
+example_number: ENC[AES256_GCM,data:/tSOtRzuyL1COw==,iv:a8UsDlda41qt++4fAV6GvY+yO3mo+0mNdMgkFT9Jd74=,tag:GbDrOCNNPLW7roGLDtU9Sg==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:QEO7nFs=,iv:DD2UVhTtg8spaHGsXSi+keFUGiIF1Jd12KSwnX56C5k=,tag:MBRNjjCEDbvHKgXUOlwtKQ==,type:bool]
+    - ENC[AES256_GCM,data:dBdohUs=,iv:5DCn9JzK6lMmkhOlNrXLE9hP3rnwavPI3wULLAvOkg0=,tag:0rwH3CRu2XZvxmxe/2Jw/g==,type:bool]
+sops:
+    age:
+        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWFhvYVFHNHZiRzhIbSsv
+            ZlFlYkJvK2Q3cDFmYlE3TlhsR1RYRnkvOFc0CldnekxmbXVpUUhLc1BPWU5oeEM0
+            T3ZPNFVXYkYyTnFGRUVNVGRDeGx5akkKLS0tIHgrZ2M4SlhWZEtBc01ycHRsNmpl
+            RFRabFBzaEU0WW02cGRJOU52ai9vdXMKq6IVYKnK04G+jZrQRotr14Sod9nBXkSC
+            THSJ2o78nWZu2itGJOqn3O8TUJo3jXOhJVWOka4HlT2b49IjNYcg4A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMjY4NTd3NUY1WElQbW42
+            OWlFM1A4Vmd0Yy8yR2FwL3grNWJYVzBYaHpBCjZvQ3dOKy9ZcHR1bGRnNDBCYkxN
+            TkU3RG45MW8wblc3V3A2WDZrSEdXYVkKLS0tIGNKRUUrK0VycVl4Z04xOVpMMmFq
+            WXg4NUJwSThJT1JHU3ErU0pWdGJZSjAKZxFJSvuuDcarCWK8Prgopfix4Q6HVQ7F
+            SvUqD3AX3h+48T7v0LPYau46hbaAkbDNFEmLvgCDxxGmOj6UMH5ASA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-05T20:17:52Z"
+    mac: ENC[AES256_GCM,data:XN9hYAP1sZDxx/FDjuLaSKE37gPbe8PNcxJwogWeJeq5Ht/kyQC7stKOTna6aTnXenvjzPJCvbeEeeVETM3nPv0zc5g6kHw+PDxtB6R5j47BuYX9uUAmr0m1nWbLIUqz3k5X7cPR4xmB7hYiojyTQVvwmWXf15I0m6qAVfb+HwU=,iv:CQ/X1CIMg+KEQGjwH19h9akwR1WJIPLMSYX+g0boGQI=,tag:neYchyyQP5cii7uzZJog2w==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2