better up purge and mail secrets

hosts/falkenstein-1/default.nix

@@ -39,6 +39,8 @@
     helix
     lsof
     python3
+    crowdsec
+    crowdsec-firewall-bouncer
   ];
   programs.git = {
     enable = true;

hosts/falkenstein-1/modules/mail/default.nix

@@ -6,9 +6,6 @@ let
   rspamd-domain = "rspamd.${domain}";
 in
 {
-  sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
-  sops.secrets."rspamd".owner = config.users.users.rspamd.name;
-
   networking.firewall.allowedTCPPorts = [
     25 # insecure SMTP
     465
@@ -160,7 +157,9 @@ in
       enable = true;
       postfix.enable = true;
       locals = {
-        "worker-controller.inc".source = config.sops.secrets."rspamd".path;
+        "worker-controller.inc".text = ''
+          password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
+        '';
         "redis.conf".text = ''
           read_servers = "127.0.0.1";
           write_servers = "127.0.0.1";

hosts/falkenstein-1/modules/purge/default.nix

@@ -3,14 +3,14 @@ let
   domain = "purge.rfive.de";
 in
 {
-  sops.secrets."purge/environment".owner = "purge";
+  sops.secrets."purge/token".owner = "purge";
   services.purge = {
     enable = true;
     discord = {
       clientId = "941041925216157746";
       publicKey = "d2945f6130d9b4a8dda8c8bf52db5dee127a82f89c6b8782e84aa8f45f61d402";
+      tokenFile = config.sops.secrets."purge/token".path;
     };
-    environmentFile = config.sops.secrets."purge/environment".path;
   };
   services.nginx.virtualHosts."${domain}" = {
     enableACME = true;