Secrets changed, ssh key, add new noreply email

hosts/kitty/firewall/default.nix

@@ -3,7 +3,7 @@
   networking = {
     firewall.extraInputRules = ''
       ip saddr { ${config.ips.localSpan}.0/24, 10.100.0.0/24 } tcp dport 2049 accept comment "Accept NFS"
-      ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
+      ip saddr { ${config.ips.pc}, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
     '';
 
     # Nftables configuration only if server is enabled
@@ -24,9 +24,6 @@
           udp dport { 37998, 37999, 38000 } dnat to ${config.ips.vm} comment "VM Sunshine UDP"
           
           udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex"
-          
-          ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP"
-          ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP"
         }
 
         chain POSTROUTING {

hosts/prophet/id_ed25519.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtxnPjkLdUIi5mVqBHXM9rW+Mmsqx1C1XnpRusVTWhm
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j

modules/system/devices/networking/wireguard/client/default.nix

@@ -6,7 +6,7 @@
     networking = {
       firewall.trustedInterfaces = [ "wgc" ];
       wg-quick.interfaces.wgc = {
-        privateKey = config.secrets.wgClientPriv;
+        privateKey = config.secrets.wg.clientKey;
         peers = [
           { # Kitty server
             publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";

modules/system/devices/networking/wireguard/server/default.nix

@@ -14,7 +14,7 @@
       wireguard.interfaces.wgs = {
         ips = [ "10.100.0.1/24" ];
         listenPort = 51820;
-        privateKey = config.secrets.wgServerPriv;
+        privateKey = config.secrets.wg.serverKey;
         peers = [
           { # NixOS Config Key
             publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";

modules/system/services/server/fileserver/nextcloud/default.nix

@@ -24,7 +24,7 @@
         mail_from_address = "noreply";
         mail_smtpauth = "true";
         mail_smtpname = "noreply@nixfox.ca";
-        mail_smtppassword = config.secrets.noreplyPassword;
+        mail_smtppassword = config.secrets.mailPass.nixfoxNoReply;
         mail_smtpmode = "smtp";
         mail_smtpport = 587;
       };

modules/system/services/server/forgejo/default.nix

@@ -19,7 +19,7 @@
           SMTP_ADDR = "mx.nixfox.ca";
           FROM = "NixFox Git <noreply@nixfox.ca>";
           USER = "noreply@nixfox.ca";
-          PASSWD = config.secrets.noreplyPassword;
+          PASSWD = config.secrets.mailPass.nixfoxNoReply;
           PROTOCOL = "smtps";
         };
         service = {

modules/system/services/server/icecast/default.nix

@@ -11,11 +11,11 @@
     hostname = "radio.nixfox.ca";
     admin = {
       user = "${config.sysusers.main}";
-      password = "${config.secrets.castAdminPass}";
+      password = "${config.secrets.cast.adminPass}";
     };
     extraConf = ''
       <authentication>
-        <source-password>${config.secrets.castSourcePass}</source-password>
+        <source-password>${config.secrets.cast.sourcePass}</source-password>
       </authentication>
       
       <location>Canada</location>

modules/system/services/server/icecast/liquidsoap/nixbops/default.nix

@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="NixBops Radio",

modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix

@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="Nixbops Scrap",

modules/system/services/server/mailserver/simplenix/default.nix

@@ -21,13 +21,8 @@
 
       # Passwords made with 'mkpasswd -sm bcrypt'
       loginAccounts = {
-        "noreply@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
-          sendOnly = true;
-        };    
-
         "jimbo@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
+          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.mailHash.jimbo;
           aliases = [
             "james@nixfox.ca"
             "jimbo@bloxelcom.net"
@@ -41,7 +36,7 @@
         };
 
         "luna@lunamoonlight.xyz" = {
-          hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
+          hashedPasswordFile = pkgs.writeText "luna" config.secrets.mailHash.luna;
           aliases = [
             "luna@bloxelcom.net"
             "contact@bloxelcom.net"
@@ -50,9 +45,19 @@
         };
 
         "contact@freecorn1854.win" = {
-          hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
+          hashedPasswordFile = pkgs.writeText "corn" config.secrets.mailHash.corn;
           aliases = [ "freecorn@bloxelcom.net" ];
         };
+
+	# Noreply emails
+        "noreply@nixfox.ca" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.nixfoxNoReply;
+          sendOnly = true;
+        };
+        "noreply@bloxelcom.net" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.bloxelNoReply;
+          sendOnly = true;
+        };
       };
     };
 

modules/system/services/server/socialserver/mastodon/default.nix

@@ -13,7 +13,7 @@
         authenticate = true;
         fromAddress = "NixFox Mastodon <noreply@nixfox.ca>";
         user = "noreply@nixfox.ca";
-        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
+        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.mailPass.nixfoxNoReply;
       };
     };
     environment.persistence."/persist".directories = [ "/var/lib/mastodon" ];

modules/system/services/server/socialserver/matrix/synapse/default.nix

@@ -15,7 +15,7 @@
           notif_from = "NixFox Matrix <noreply@nixfox.ca>";
           smtp_host = "mx.nixfox.ca";
           smtp_user = "noreply@nixfox.ca";
-          smtp_pass = config.secrets.noreplyPassword;
+          smtp_pass = config.secrets.mailPass.nixfoxNoReply;
           enable_tls = true;
           smtp_port = 587;
           require_transport_security = true;

modules/system/services/server/vaultwarden/default.nix

@@ -17,7 +17,7 @@
         SMTP_FROM = "noreply@nixfox.ca";
         SMTP_FROM_NAME = "Vaultwarden";
         SMTP_USERNAME = "noreply@nixfox.ca";
-        SMTP_PASSWORD = config.secrets.noreplyPassword;
+        SMTP_PASSWORD = config.secrets.mailPass.nixfoxNoReply;
         SMTP_SECURITY = "starttls";
         SMTP_PORT = 587;
         SMTP_TIMEOUT = 15;