Update all to mycelium ips

modules/system/services/general/ssh/fail2ban/default.nix

@@ -4,7 +4,6 @@
     enable = true;
     maxretry = 5;
     bantime = "10m";
-    ignoreIP = [ "11.0.0.0/8" ];
   };
 
   environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ];

modules/system/services/server/nfs/default.nix

@@ -4,6 +4,8 @@
 
   config = lib.mkIf config.services.nfs.server.enable {
     services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = "ip saddr { 10.0.0.0/8, 11.0.0.0/8, ${config.secrets.ips.bun} } tcp dport 2049 accept";
+    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
+      ip6 saddr { ${tower}, ${midas}, ${kitty}, ${prophet} } tcp dport 2049 accept
+    '';
   };
 }

modules/system/services/server/nginx/rtmp/default.nix

@@ -23,7 +23,10 @@
         }
       '';
     };
-    networking.firewall.extraInputRules = "ip saddr { 11.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
+    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
+      ip6 saddr ${tower} tcp dport 1935 accept
+      ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
+    '';
     systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
   };
 }

modules/system/services/server/owncast/default.nix

@@ -7,7 +7,9 @@
       port = 8060;
       rtmp-port = 1945;
     };
-    networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 1945 accept";
+    networking.firewall.extraInputRules = ''
+      ip6 saddr ${tower} tcp dport 1935 accept
+    '';
     environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
   };
 }