diff --git a/modules/system/services/server/fileserver/nfs/default.nix b/modules/system/services/server/fileserver/nfs/default.nix index 092fbf85..fb39ff17 100644 --- a/modules/system/services/server/fileserver/nfs/default.nix +++ b/modules/system/services/server/fileserver/nfs/default.nix @@ -15,6 +15,7 @@ family = "inet"; content = '' chain input { + type filter hook input priority filter; policy drop; ip saddr 10.0.0.0/8 tcp dport 2049 accept comment "Accept NFS" } ''; diff --git a/modules/system/services/server/mailserver/go-autoconfig/default.nix b/modules/system/services/server/mailserver/go-autoconfig/default.nix index 332a63d2..b1b567a2 100644 --- a/modules/system/services/server/mailserver/go-autoconfig/default.nix +++ b/modules/system/services/server/mailserver/go-autoconfig/default.nix @@ -1,20 +1,25 @@ -{ config, ... }: +{ config, lib, ... }: { imports = [ ./nginx ]; - services.go-autoconfig = { - enable = config.services.mailserver.enable; - settings = { - service_addr = ":1323"; - domain = "autoconfig.nixfox.ca"; - imap = { - server = "mx.nixfox.ca"; - port = 143; - }; - smtp = { - server = "mx.nixfox.ca"; - port = 587; + config = lib.mkIf config.services.mailserver.enable { + services = { + go-autoconfig = { + enable = true; + settings = { + service_addr = ":1323"; + domain = "autoconfig.nixfox.ca"; + imap = { + server = "mx.nixfox.ca"; + port = 143; + }; + smtp = { + server = "mx.nixfox.ca"; + port = 587; + }; + }; }; + cloudflare-dyndns.domains = [ config.services.go-autoconfig.settings.domain ]; }; }; } diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index 1736def2..45e7a975 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -28,6 +28,7 @@ "jimbo@bloxelcom.net" "bun@nixfox.ca" + #"vice@nixfox.ca" "bun@bloxelcom.net" "yara@nixfox.ca" @@ -61,8 +62,10 @@ }; }; - # Rspamd port from earlier to avoid overlap - services.redis.servers.rspamd.port = config.mailserver.redis.port; + services = { + redis.servers.rspamd.port = config.mailserver.redis.port; + cloudflare-dyndns.domains = [ config.mailserver.fqdn ]; + }; environment.persistence."/persist".directories = [ "/var/vmail" diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix index db02609a..2618d9d2 100644 --- a/modules/system/services/server/nginx/rtmp/default.nix +++ b/modules/system/services/server/nginx/rtmp/default.nix @@ -29,6 +29,7 @@ family = "inet"; content = '' chain input { + type filter hook input priority 0; policy drop; ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept comment "Accept RTMP" } ''; diff --git a/modules/system/services/server/owncast/default.nix b/modules/system/services/server/owncast/default.nix index 70476d00..0ce2d750 100644 --- a/modules/system/services/server/owncast/default.nix +++ b/modules/system/services/server/owncast/default.nix @@ -11,6 +11,7 @@ family = "inet"; content = '' chain input { + type filter hook input priority filter; policy drop; ip saddr 10.0.0.0/8 tcp dport 1945 accept comment "Accept RTMP" } ''; diff --git a/modules/system/services/server/socialserver/matrix/coturn/default.nix b/modules/system/services/server/socialserver/matrix/coturn/default.nix index f5766ebb..6f98c201 100644 --- a/modules/system/services/server/socialserver/matrix/coturn/default.nix +++ b/modules/system/services/server/socialserver/matrix/coturn/default.nix @@ -27,11 +27,9 @@ turn_user_lifetime = "1h"; }; - # Sync the IP to Cloudflare cloudflare-dyndns.domains = [ config.services.coturn.realm ]; }; - # Open coturn ports networking.firewall = { allowedUDPPorts = [ 3478