diff --git a/hosts/kitty/firewall/default.nix b/hosts/kitty/firewall/default.nix index d63aea09..8285faa5 100644 --- a/hosts/kitty/firewall/default.nix +++ b/hosts/kitty/firewall/default.nix @@ -3,7 +3,7 @@ networking = { firewall.extraInputRules = '' ip saddr { ${config.ips.localSpan}.0/24, 10.100.0.0/24 } tcp dport 2049 accept comment "Accept NFS" - ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" + ip saddr { ${config.ips.pc}, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ''; # Nftables configuration only if server is enabled @@ -24,9 +24,6 @@ udp dport { 37998, 37999, 38000 } dnat to ${config.ips.vm} comment "VM Sunshine UDP" udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex" - - ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP" - ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP" } chain POSTROUTING { diff --git a/hosts/prophet/id_ed25519.pub b/hosts/prophet/id_ed25519.pub index c5d26955..0d58d2b8 100644 --- a/hosts/prophet/id_ed25519.pub +++ b/hosts/prophet/id_ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtxnPjkLdUIi5mVqBHXM9rW+Mmsqx1C1XnpRusVTWhm +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix index 34a2a40c..1783f3d1 100644 --- a/modules/system/devices/networking/wireguard/client/default.nix +++ b/modules/system/devices/networking/wireguard/client/default.nix @@ -6,7 +6,7 @@ networking = { firewall.trustedInterfaces = [ "wgc" ]; wg-quick.interfaces.wgc = { - privateKey = config.secrets.wgClientPriv; + privateKey = config.secrets.wg.clientKey; peers = [ { # Kitty server publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix index 785b5c54..13f7271d 100644 --- a/modules/system/devices/networking/wireguard/server/default.nix +++ b/modules/system/devices/networking/wireguard/server/default.nix @@ -14,7 +14,7 @@ wireguard.interfaces.wgs = { ips = [ "10.100.0.1/24" ]; listenPort = 51820; - privateKey = config.secrets.wgServerPriv; + privateKey = config.secrets.wg.serverKey; peers = [ { # NixOS Config Key publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 59687fec..77483769 100644 Binary files a/modules/system/secrets/default.nix and b/modules/system/secrets/default.nix differ diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index 220e2752..5ef5423d 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -24,7 +24,7 @@ mail_from_address = "noreply"; mail_smtpauth = "true"; mail_smtpname = "noreply@nixfox.ca"; - mail_smtppassword = config.secrets.noreplyPassword; + mail_smtppassword = config.secrets.mailPass.nixfoxNoReply; mail_smtpmode = "smtp"; mail_smtpport = 587; }; diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index 97354025..31fcfc0a 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -19,7 +19,7 @@ SMTP_ADDR = "mx.nixfox.ca"; FROM = "NixFox Git "; USER = "noreply@nixfox.ca"; - PASSWD = config.secrets.noreplyPassword; + PASSWD = config.secrets.mailPass.nixfoxNoReply; PROTOCOL = "smtps"; }; service = { diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 8f9beb4a..b05ee0fd 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -11,11 +11,11 @@ hostname = "radio.nixfox.ca"; admin = { user = "${config.sysusers.main}"; - password = "${config.secrets.castAdminPass}"; + password = "${config.secrets.cast.adminPass}"; }; extraConf = '' - ${config.secrets.castSourcePass} + ${config.secrets.cast.sourcePass} Canada diff --git a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix index 75eab16a..f2966861 100644 --- a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix @@ -14,7 +14,7 @@ %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)), host="127.0.0.1", port=${toString config.services.icecast.listen.port}, - password="${config.secrets.castSourcePass}", + password="${config.secrets.cast.sourcePass}", encoding = "UTF-8", name="NixBops Radio", diff --git a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix index c3025beb..ac7d6a75 100644 --- a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix @@ -14,7 +14,7 @@ %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)), host="127.0.0.1", port=${toString config.services.icecast.listen.port}, - password="${config.secrets.castSourcePass}", + password="${config.secrets.cast.sourcePass}", encoding = "UTF-8", name="Nixbops Scrap", diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index f00e900f..d6512819 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -21,13 +21,8 @@ # Passwords made with 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@nixfox.ca" = { - hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash; - sendOnly = true; - }; - "jimbo@nixfox.ca" = { - hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash; + hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.mailHash.jimbo; aliases = [ "james@nixfox.ca" "jimbo@bloxelcom.net" @@ -41,7 +36,7 @@ }; "luna@lunamoonlight.xyz" = { - hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash; + hashedPasswordFile = pkgs.writeText "luna" config.secrets.mailHash.luna; aliases = [ "luna@bloxelcom.net" "contact@bloxelcom.net" @@ -50,9 +45,19 @@ }; "contact@freecorn1854.win" = { - hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash; + hashedPasswordFile = pkgs.writeText "corn" config.secrets.mailHash.corn; aliases = [ "freecorn@bloxelcom.net" ]; }; + + # Noreply emails + "noreply@nixfox.ca" = { + hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.nixfoxNoReply; + sendOnly = true; + }; + "noreply@bloxelcom.net" = { + hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.bloxelNoReply; + sendOnly = true; + }; }; }; diff --git a/modules/system/services/server/socialserver/mastodon/default.nix b/modules/system/services/server/socialserver/mastodon/default.nix index 3006bf58..ed7c0b61 100644 --- a/modules/system/services/server/socialserver/mastodon/default.nix +++ b/modules/system/services/server/socialserver/mastodon/default.nix @@ -13,7 +13,7 @@ authenticate = true; fromAddress = "NixFox Mastodon "; user = "noreply@nixfox.ca"; - passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; + passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.mailPass.nixfoxNoReply; }; }; environment.persistence."/persist".directories = [ "/var/lib/mastodon" ]; diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix index 323146c4..894619e7 100644 --- a/modules/system/services/server/socialserver/matrix/synapse/default.nix +++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix @@ -15,7 +15,7 @@ notif_from = "NixFox Matrix "; smtp_host = "mx.nixfox.ca"; smtp_user = "noreply@nixfox.ca"; - smtp_pass = config.secrets.noreplyPassword; + smtp_pass = config.secrets.mailPass.nixfoxNoReply; enable_tls = true; smtp_port = 587; require_transport_security = true; diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index ef1dcb62..f052257b 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -17,7 +17,7 @@ SMTP_FROM = "noreply@nixfox.ca"; SMTP_FROM_NAME = "Vaultwarden"; SMTP_USERNAME = "noreply@nixfox.ca"; - SMTP_PASSWORD = config.secrets.noreplyPassword; + SMTP_PASSWORD = config.secrets.mailPass.nixfoxNoReply; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; SMTP_TIMEOUT = 15;