From 8f66c8bf92edd8c6e543a397b6a12c3600e9532f Mon Sep 17 00:00:00 2001
From: Vice <vice@nixfox.ca>
Date: Wed, 5 Mar 2025 05:44:01 -0500
Subject: [PATCH] Secrets changed, ssh key, add new noreply email

---
 hosts/kitty/firewall/default.nix              |   5 +----
 hosts/prophet/id_ed25519.pub                  |   2 +-
 .../networking/wireguard/client/default.nix   |   2 +-
 .../networking/wireguard/server/default.nix   |   2 +-
 modules/system/secrets/default.nix            | Bin 1904 -> 2066 bytes
 .../server/fileserver/nextcloud/default.nix   |   2 +-
 .../services/server/forgejo/default.nix       |   2 +-
 .../services/server/icecast/default.nix       |   4 ++--
 .../icecast/liquidsoap/nixbops/default.nix    |   2 +-
 .../icecast/liquidsoap/nixscrap/default.nix   |   2 +-
 .../server/mailserver/simplenix/default.nix   |  21 +++++++++++-------
 .../server/socialserver/mastodon/default.nix  |   2 +-
 .../socialserver/matrix/synapse/default.nix   |   2 +-
 .../services/server/vaultwarden/default.nix   |   2 +-
 14 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/hosts/kitty/firewall/default.nix b/hosts/kitty/firewall/default.nix
index d63aea09..8285faa5 100644
--- a/hosts/kitty/firewall/default.nix
+++ b/hosts/kitty/firewall/default.nix
@@ -3,7 +3,7 @@
   networking = {
     firewall.extraInputRules = ''
       ip saddr { ${config.ips.localSpan}.0/24, 10.100.0.0/24 } tcp dport 2049 accept comment "Accept NFS"
-      ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
+      ip saddr { ${config.ips.pc}, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
     '';
 
     # Nftables configuration only if server is enabled
@@ -24,9 +24,6 @@
           udp dport { 37998, 37999, 38000 } dnat to ${config.ips.vm} comment "VM Sunshine UDP"
           
           udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex"
-          
-          ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP"
-          ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP"
         }
 
         chain POSTROUTING {
diff --git a/hosts/prophet/id_ed25519.pub b/hosts/prophet/id_ed25519.pub
index c5d26955..0d58d2b8 100644
--- a/hosts/prophet/id_ed25519.pub
+++ b/hosts/prophet/id_ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtxnPjkLdUIi5mVqBHXM9rW+Mmsqx1C1XnpRusVTWhm
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j
diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix
index 34a2a40c..1783f3d1 100644
--- a/modules/system/devices/networking/wireguard/client/default.nix
+++ b/modules/system/devices/networking/wireguard/client/default.nix
@@ -6,7 +6,7 @@
     networking = {
       firewall.trustedInterfaces = [ "wgc" ];
       wg-quick.interfaces.wgc = {
-        privateKey = config.secrets.wgClientPriv;
+        privateKey = config.secrets.wg.clientKey;
         peers = [
           { # Kitty server
             publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix
index 785b5c54..13f7271d 100644
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@@ -14,7 +14,7 @@
       wireguard.interfaces.wgs = {
         ips = [ "10.100.0.1/24" ];
         listenPort = 51820;
-        privateKey = config.secrets.wgServerPriv;
+        privateKey = config.secrets.wg.serverKey;
         peers = [
           { # NixOS Config Key
             publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix
index 59687feccf41276ae9452982b80a7fb2911c92c0..77483769b1653698c50906705e1af02c97aea64c 100644
GIT binary patch
literal 2066
zcmV+t2<`U(M@dveQdv+`02pA5Ln*ZS(Tskg<%%&o)?8a8T+u1VP&2?Q_tHscV-g@V
z(f?7*GwuSQ^EoMbk-hhC#yuUM_MweqsERqY-q=!+FHmYP?r)23>1%{{qg9jPDl?6N
zmoJXw{u@D*@kjN(DNriF_y&yltkxbJ<mRa?4OENsE*?_U3}pk9eAHyB`?cF<IEU`5
zrJ#uP9LJ^V(i?5H1_Tbktbb}rrJ}#03~4R7Plcnra#SLo#K522<Yh<0m}Y|qGggQ2
zP!>9@r2N2qFhSEylOREHHyXqty_rNus`!#U$YYQ55#-hgv_NJ1HY>xITJWM)pyLX~
z%h&f=qW7(SeOpLDqdh{Kr2g^{Cv%j5SzpCXtS*dj_i$@S6`%J@v_|F@i?tzxIi5$u
zMY*lp(7Let!TGRlo9Vn<`ztqGqc7!>a%Np1A*x2Q5jX=Ubb4z_2!BDlO{`l1vtq%a
z2%yT^WI%LzuljV#;cvXUUE4BQqp<fQcW){3F?$I+Ya7)dka|#wGH2y}S&g?UY8j2q
z`25j*qfl>Rb5H9`9IphwiViFTJ>g<!OUW*#I2BPp@qsyEZ`(qnDju=N`L=<o1{2={
zue)}8rSp{G)tbPg_Bzk3SAeNcjfC*?|2Nm8J*k>eF(HEDw8#B#<?xmDv|S_aVXd1{
zSMLsNroT{oFMK9t;#+q>dq!%O4pa5V9j~D&j@N_?CRcn4Xp^}Kvig((8}YM~`ys%}
z1Kjq$Z6Iy-DlXH1)6g$)lx1<2#fB$yv>)6?D(+y#b$lauDA-<Xf@B9;Pe`89F^P&d
zT>$?o{RihZDgLBB8;%X$iIfjEv&ii~b`Ca8Ws2alV1)0k+H1Roca9lS(_dIUXH70&
zEU9}OKkmqOhh7V-^2t8hUYfJq>X>bDgBo4sd($AId@KI;sZ`e12NcrCatN|R^W-^D
zU>c$4i#s)?Qhq#Lec$Yr#^%e$=HhjPGM3*Rg0rBe58hi~aAvijals`~56lr%sqVf0
zpC<{T9!GZg^@+D`H;P`S>)e}YbN&DZmuAY4c;=`{={=fHmCqJ!W>>C~io5YmI)c#`
zz0EEZFPNXC$v?r8D9l1n4wmN1Iez61z?A%~=yg<S{c3DCNi_iGP6Z$WZ(PjW{;3Jl
z@QU8CdzZ`%+khlY*CFyy?Y(^O+Km7l8+SrZeD&*Et!htkeC`~JUmvCI2q#8{)*^^D
z(`!l>iNuf4s1@g>8jsBjU++SqMc;3DA#wgpq`JWemjIdvl3&n~HIzat!@X?U!y!SJ
z6n;4RKm8H+HQySM7JmQV=3(S>{uxOVOa(23=~Rvd!GDK0kWqeMXT=FzhX18cW^1*i
zaO!5606e)ZJ@Zc4NqvP<=!Bp4d!O;u_Y41?al<@u*AcE^Xh~4;EhhMFI)6TwI4agn
z6gA9{&I(1b*F$<`TLEvb3WaYsen`91kw-q*)nI0mJUWy5!17Dj|Ew8?#YPd$@Xbz@
zGWkxTW!$yHO_7#p37&v<HZ;1R&i5Dg%xD90;*s+jxhjcN*%TLYdVy%{#YrW4w!CPG
z=nay^<7SV+ZmnO1GG_AE5abo*8>W#J%hB0q;Aw99wXHc|c(G9hi$)r3YB`5A5Ln66
z_|gFFY8v8R^q!a#55YQeQh!tH&kyay$ly*S%m1m78~!IupA#fudRpg(UL%Mqg7pK-
zK5x8<9yqZ3g4E8K!Rm#qpBBwY_XG;C*E5GJ@UqAZE#uzP7JE!mlTWEsJ)@G%HoW@^
z{jJ0eV}Bt|W=3#(Vq5FnD8vaH0}_b<Z-i7xUFbtGMEj$)4>&V2YnT!o>5Fq+tg*2W
zMg;@9qSN|g<uys|2s)hkz05u{(no+olR6U``Fc^n6l5S$3`BMcQPDcZkMM}h?b)m(
z^_Lc={B$*Tqt{~*NeNoys=`Ygs!u1f;foRvHQ<%lza-`3aY4~0@$u^wOs_!d+P*85
zyF+5LlpDiVjy0UYMw3j3UxtT8y;|Z)*7u;D%x_qNl{$V*uu2{{Y&@lU0;$}zuU+=d
zu;rBDZ4SQ_Oa1b18AMm-Fxn#|Oo5`l)@bBeBJ<CQ2KCi2Fb?x%`gpgyKu~)j*x_sv
z_kRv-evPDEco8GkHPNm4x^PS=qUF1M`qXW3DTwT9(>?L~E)Z!<kE>#^hoy!r9*X;n
zvgv~-=5L$2g1e!=UK}`MGUi~8Rr+nfx<$kE8!$bJq$;8CR;Jm$=UV!;AGE?P4mJp$
zRScW(V<8bP`b<=HInOIv1kyH;MCa!s+wofBlTV=-=L9C`RKN~pCfjP#7|yUNM5qq?
zBjbDIA#$W)y&qG1Kf9%weE9Te3SSxqgr$d-aHQH-Hh^+A#>WT&+EkA{@g)KJCW=AQ
zWu1ac;qJ2b%=u)=m3^P(Js<K8=g@=L2}ynW{=S)*ME+4Wt;Z(lo>DtlH_V<}oL9){
z47!3Ct{*Ag0I$X8xcT3><D)j+^2`PMv9sYaN}jfHT?oOVMM#9l7nrt-zBqN)>`0wV
zD$$&da{;0Dim9j|^sPC?K9666V`V}8nWQKi5P&8#VGqm5P^q^>1(vY?RGzu(iCR;P
zX()ntvGR6VgMeg0Pv>S7Zpy>dJC&B@E=*(KroAXc0CmUf$wd72yzGN<I1jOwfv=6>
wrK=rw?a#^432xvH5FBY3!I;{AzvU}YZbmQ1+Qok>*{-<LAq7ut9%`w>`xo95=l}o!

literal 1904
zcmV-$2aoswM@dveQdv+`0H_+mS+fae$pk9c=rgY)z%OFnBA^yR4O&3o1Rvax+T&t;
zSH>O%$`ew9)8Y*_JcN{|^nLS3(OZHzm~tzH6)Uuu9h5~@fB}yuc=Sl@?z&`zY($Q~
z`~4jO5&k+dwl@}65%5hiu*h!Hd)41mNR-pjF>?<Fp^c)Bd7|VmBAG9rXawTE#Nb6J
z#=ZX8p8wn@W6Vf(MFklw)U)$z+0+tD5}+OoSG*ThR)n@sK$-w#@J1sto0YWOMOhe-
zK(AD8ADJ)ks&RKo8c~^esf|DRwVS-%4>`4m*p@V73Ot(2s#_Bit(&=`o2elSTU=)K
zCW)>G2c4wRBV@C*f}-c4r;aE=`OvEt`_mZvvJ{bFhUsq)r!+!}Yd))OY`|}GxV8BI
z6FYTBsT8CFWs=<AeiKbqPbf+QrC`{d)xof$rkPkEF?W`hQn%{#)dK{@Tsh6-XAOXj
zfm+9m-HSj@$j}OY|LcUE&EJI!?ffgz5=<^gKnK?~VH}tg!;#wB=EgvKb(r^RFhz^2
zl#|%xQRXc0B1f4`P7?*5>(NHfL|$iB>K;7SEQeR0<|Jp0a}l=9t|1;Kn{n#>PnWG*
zFJJ44QVQl)QEvXlT&#v%hYQrynDYTM${*6%kLHmd?q*D-bp0AsA3%vw4P2uonGnem
z4`GQ3+(3f_eux;3U0_<3VW8DOQKwa{PYD&zJniJsz*4p*yg9b^*)PY7OPfaqzVE)H
zzbg}e<d*f7eu-dsmzfY4*gn6pMh@&`qz8|>=fBq6sVZZBP)rb)+lhd@;9iGaU{j#6
z<>j`d#3UIT#%v~dYl9=0=`~<ZXf8}{0_V872`G3R1l?qzPGi^v)|2hACoT=a2ogQ3
zRS*(>AXO&n>^}KS*J%iicLk!X$B~qL5$poXtXxK4Nw3La+3Tj2{lHaM5q`7#iNwz*
zWizB)bV<OxUTL;Lr1k?ps48t&fP^$N^d_oE5j})pG?Jt?dse&)iFunkp)Gn;QTH1<
zi}*xrpFL{R@>eSz)6nYVS$QZV9a<FKdg~NwDMG2EtlM@;W8elir09KUz8t#FC@%4n
z5J~Z9xqFVXPs@N~0E}8VomNebC?x`xIE9Ok;z*+Y+BJLg*y5FMF#~@Ht-k8^l7?tN
zLgI;$p|3!LquHBXGoz<OV5!oG`E(8Up7d)Y2hKT$G6QN0w|j^PLQM{s0Q9*k1?V+x
z9D`%+WLGG~3s9@bhQjtY4mfb;iK-m!!JAOzH^#Rfr_NjQx!JP{ASRi%&?9yhLLs9+
zpB4ioKy4Bq<j_C>vptctIOTzc>+H%T?D65UJl+mHwyzf|aINVNM^K0JtMvO*B9HQc
z?Sm@S?VR&qmG|T5eIAJ;BN=SZD>P?IyelnB9&Wov2;VW9ck2`@ls>wrzw7y}B<d4n
z)+vvJiXve^iLFHK*cE&k^BO6W(FWslfv7go6q&q$@_2MNBN}EWKIIo&DywLe<Qr-O
z{$M4iyb8}9kRAF(<o;huL0o{;3iy|KMi+gVbK1s3am@D=|J%ls*@~>5Z)LU@g5V!v
ze6@thMxKlcNkO0wU40YLs!49Lhu71{?3`-W+7O%KwJ`Ea{O=~1{Q@MOv3VXWahP&4
za)|%3UVpN{uoZ3fFR1?;|4daoAoFRU!V%9SRGZzZ-#{pKRS>6^vG#XaLYC@Jy4v@i
zOrgV0GBR;&pKcNL+oozs3t1srJDS-Z8`_MUlc4J(Ouv!)ZMN_}?A#InsZw|SiX&kO
zJF>leRSH?|Sc=qLER%qeQ@X~HscfC@>wd*F0z;XK1n%~~L-r|@kgG1ds$%z`2f`30
zO(y)P{{<YFzi2;B+bAs26HmRX4J3Jhz>&E%`?E2h*ZY?lg@HegX`J&me)!@Cab{0Q
z{$A>7k=&tF7e1+Hnaj*@eJUrm6~_O-_<KT0&t+5S<LqJfdC)2&Lh5Iw?e?^H6w{HK
z=ynl=<@Xc#?ZT6^QN;$%QM&pTDI?e0-%IWOj%-+?NkN0~%gDr>ibty!c(y~9q|uN0
zr~>^|xF)%(gL0)=&KGE;*H`Egk+gocm_#G*HwXdum?xf}BbCm`+BbeiojljI$9y7$
z-B@_9cYO<!R+vKI`$LmMGUZSyikS?Xr^-@N3R44%s&*b!Jm>}h()qZ+(kAtx9f-+T
z^zuUf2P52MS^zs8!-?Y3$+N%nYrf~+^j^f<Fp0C_kAX77B!aHf3An3e8W-#C`1C-1
zvn~HRX;`n*Au-cMj*oc4(q_UVeIKRb&nOoZO1NjgJcIa$<cX3?>pWt)@-?|ISr4n6
zdLMr&)Y9yx&YXMX@dRJA&C6(UZ&vg7PplwBU{gvX0E?W%S)XA%<hIl?T@s;Aw3tP?
z-3B8~Rhpa^Oe)Y|nleTVMQKF=u@gy3B`=qcOjtYvv5Uy~G*)<bR6T0yvOs1Lp>h9&
qOsGO4NW;HUcG)ul^q)=GQT~_fR)#RCcJ<=wGK+LwFpbul-{rK5psvjT

diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix
index 220e2752..5ef5423d 100644
--- a/modules/system/services/server/fileserver/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/default.nix
@@ -24,7 +24,7 @@
         mail_from_address = "noreply";
         mail_smtpauth = "true";
         mail_smtpname = "noreply@nixfox.ca";
-        mail_smtppassword = config.secrets.noreplyPassword;
+        mail_smtppassword = config.secrets.mailPass.nixfoxNoReply;
         mail_smtpmode = "smtp";
         mail_smtpport = 587;
       };
diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix
index 97354025..31fcfc0a 100644
--- a/modules/system/services/server/forgejo/default.nix
+++ b/modules/system/services/server/forgejo/default.nix
@@ -19,7 +19,7 @@
           SMTP_ADDR = "mx.nixfox.ca";
           FROM = "NixFox Git <noreply@nixfox.ca>";
           USER = "noreply@nixfox.ca";
-          PASSWD = config.secrets.noreplyPassword;
+          PASSWD = config.secrets.mailPass.nixfoxNoReply;
           PROTOCOL = "smtps";
         };
         service = {
diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix
index 8f9beb4a..b05ee0fd 100644
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@@ -11,11 +11,11 @@
     hostname = "radio.nixfox.ca";
     admin = {
       user = "${config.sysusers.main}";
-      password = "${config.secrets.castAdminPass}";
+      password = "${config.secrets.cast.adminPass}";
     };
     extraConf = ''
       <authentication>
-        <source-password>${config.secrets.castSourcePass}</source-password>
+        <source-password>${config.secrets.cast.sourcePass}</source-password>
       </authentication>
       
       <location>Canada</location>
diff --git a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
index 75eab16a..f2966861 100644
--- a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="NixBops Radio",
diff --git a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
index c3025beb..ac7d6a75 100644
--- a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="Nixbops Scrap",
diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix
index f00e900f..d6512819 100644
--- a/modules/system/services/server/mailserver/simplenix/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/default.nix
@@ -21,13 +21,8 @@
 
       # Passwords made with 'mkpasswd -sm bcrypt'
       loginAccounts = {
-        "noreply@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
-          sendOnly = true;
-        };    
-
         "jimbo@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
+          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.mailHash.jimbo;
           aliases = [
             "james@nixfox.ca"
             "jimbo@bloxelcom.net"
@@ -41,7 +36,7 @@
         };
 
         "luna@lunamoonlight.xyz" = {
-          hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
+          hashedPasswordFile = pkgs.writeText "luna" config.secrets.mailHash.luna;
           aliases = [
             "luna@bloxelcom.net"
             "contact@bloxelcom.net"
@@ -50,9 +45,19 @@
         };
 
         "contact@freecorn1854.win" = {
-          hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
+          hashedPasswordFile = pkgs.writeText "corn" config.secrets.mailHash.corn;
           aliases = [ "freecorn@bloxelcom.net" ];
         };
+
+	# Noreply emails
+        "noreply@nixfox.ca" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.nixfoxNoReply;
+          sendOnly = true;
+        };
+        "noreply@bloxelcom.net" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.bloxelNoReply;
+          sendOnly = true;
+        };
       };
     };
 
diff --git a/modules/system/services/server/socialserver/mastodon/default.nix b/modules/system/services/server/socialserver/mastodon/default.nix
index 3006bf58..ed7c0b61 100644
--- a/modules/system/services/server/socialserver/mastodon/default.nix
+++ b/modules/system/services/server/socialserver/mastodon/default.nix
@@ -13,7 +13,7 @@
         authenticate = true;
         fromAddress = "NixFox Mastodon <noreply@nixfox.ca>";
         user = "noreply@nixfox.ca";
-        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
+        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.mailPass.nixfoxNoReply;
       };
     };
     environment.persistence."/persist".directories = [ "/var/lib/mastodon" ];
diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix
index 323146c4..894619e7 100644
--- a/modules/system/services/server/socialserver/matrix/synapse/default.nix
+++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix
@@ -15,7 +15,7 @@
           notif_from = "NixFox Matrix <noreply@nixfox.ca>";
           smtp_host = "mx.nixfox.ca";
           smtp_user = "noreply@nixfox.ca";
-          smtp_pass = config.secrets.noreplyPassword;
+          smtp_pass = config.secrets.mailPass.nixfoxNoReply;
           enable_tls = true;
           smtp_port = 587;
           require_transport_security = true;
diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix
index ef1dcb62..f052257b 100644
--- a/modules/system/services/server/vaultwarden/default.nix
+++ b/modules/system/services/server/vaultwarden/default.nix
@@ -17,7 +17,7 @@
         SMTP_FROM = "noreply@nixfox.ca";
         SMTP_FROM_NAME = "Vaultwarden";
         SMTP_USERNAME = "noreply@nixfox.ca";
-        SMTP_PASSWORD = config.secrets.noreplyPassword;
+        SMTP_PASSWORD = config.secrets.mailPass.nixfoxNoReply;
         SMTP_SECURITY = "starttls";
         SMTP_PORT = 587;
         SMTP_TIMEOUT = 15;