From 8f66c8bf92edd8c6e543a397b6a12c3600e9532f Mon Sep 17 00:00:00 2001
From: Vice <vice@nixfox.ca>
Date: Wed, 5 Mar 2025 05:44:01 -0500
Subject: [PATCH] Secrets changed, ssh key, add new noreply email

---
 hosts/kitty/firewall/default.nix              |   5 +----
 hosts/prophet/id_ed25519.pub                  |   2 +-
 .../networking/wireguard/client/default.nix   |   2 +-
 .../networking/wireguard/server/default.nix   |   2 +-
 modules/system/secrets/default.nix            | Bin 1904 -> 2066 bytes
 .../server/fileserver/nextcloud/default.nix   |   2 +-
 .../services/server/forgejo/default.nix       |   2 +-
 .../services/server/icecast/default.nix       |   4 ++--
 .../icecast/liquidsoap/nixbops/default.nix    |   2 +-
 .../icecast/liquidsoap/nixscrap/default.nix   |   2 +-
 .../server/mailserver/simplenix/default.nix   |  21 +++++++++++-------
 .../server/socialserver/mastodon/default.nix  |   2 +-
 .../socialserver/matrix/synapse/default.nix   |   2 +-
 .../services/server/vaultwarden/default.nix   |   2 +-
 14 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/hosts/kitty/firewall/default.nix b/hosts/kitty/firewall/default.nix
index d63aea09..8285faa5 100644
--- a/hosts/kitty/firewall/default.nix
+++ b/hosts/kitty/firewall/default.nix
@@ -3,7 +3,7 @@
   networking = {
     firewall.extraInputRules = ''
       ip saddr { ${config.ips.localSpan}.0/24, 10.100.0.0/24 } tcp dport 2049 accept comment "Accept NFS"
-      ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
+      ip saddr { ${config.ips.pc}, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
     '';
 
     # Nftables configuration only if server is enabled
@@ -24,9 +24,6 @@
           udp dport { 37998, 37999, 38000 } dnat to ${config.ips.vm} comment "VM Sunshine UDP"
           
           udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex"
-          
-          ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP"
-          ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP"
         }
 
         chain POSTROUTING {
diff --git a/hosts/prophet/id_ed25519.pub b/hosts/prophet/id_ed25519.pub
index c5d26955..0d58d2b8 100644
--- a/hosts/prophet/id_ed25519.pub
+++ b/hosts/prophet/id_ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtxnPjkLdUIi5mVqBHXM9rW+Mmsqx1C1XnpRusVTWhm
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXU+mo+lkFaGBV7wuzrGnlII15YS3/MkkG3KmGJRT0j
diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix
index 34a2a40c..1783f3d1 100644
--- a/modules/system/devices/networking/wireguard/client/default.nix
+++ b/modules/system/devices/networking/wireguard/client/default.nix
@@ -6,7 +6,7 @@
     networking = {
       firewall.trustedInterfaces = [ "wgc" ];
       wg-quick.interfaces.wgc = {
-        privateKey = config.secrets.wgClientPriv;
+        privateKey = config.secrets.wg.clientKey;
         peers = [
           { # Kitty server
             publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix
index 785b5c54..13f7271d 100644
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@@ -14,7 +14,7 @@
       wireguard.interfaces.wgs = {
         ips = [ "10.100.0.1/24" ];
         listenPort = 51820;
-        privateKey = config.secrets.wgServerPriv;
+        privateKey = config.secrets.wg.serverKey;
         peers = [
           { # NixOS Config Key
             publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix
index 59687feccf41276ae9452982b80a7fb2911c92c0..77483769b1653698c50906705e1af02c97aea64c 100644
GIT binary patch
literal 2066
zcmZQ@_Y83kiVO&0kVxop*4*;zVo%+or(K5D*J7eoVlHYP4=_HU{r!?>da{s$$;JPH
zXN=!5E%<DySvhg<_xxkFvh%+!>`h+LWx4g<ji8D80a^O*^1Jh1X1A0t4xRi^%ec33
zx_;l2f6|UqKDvM1rx~Di;0IgJk2TliWS%@*slyx6{aH^g=n79N^OTw^DXV^Oy`5&!
z{%-Zs1sz{xjxT+6Nji5c8w=loHT7AZOBd~5#FMGJ)4z4`o}v(?c}EV+zw;#3{qT&m
zW_IJS_74GKR%@30IZ$KZc-d#Nf@7h%)DgwKGhN(Q{g`BXBDw#w;FD_{TO3k<n`s}O
z9`#{S*n-DgM^9h>9=YiI+Pd0k568u}PP3Q%`y`-VJf$Hr{;2O7y`F;a1=${=^S^s<
zaeF4#y;ZT<a-REP*PUx`U)Z(b*TJ6~a%aEX6Z2c!JZ7=}(@8~Xu?mW-+%^eXFsqkT
zWqWbdJMQ*f6V13e>EJ?+1*dMMIFwYb|5bA8Vg8<7vA2yP7jO8kT%ND_$*`K!I$Qdx
z!i1`TPNVdvb&<W>wX!68&;Iyxv37Alep0djYaf~QEc?6obeL@)CZ&6y)LUjD8fgEq
z(K0drw$oxQxsAtvZfjh{CVZcH{qC~rrJtufygKW^;%`>x*Mv8$^zUu?@cF;_^~JU;
zX9XH6Ha*&M{BQo#4^zKxiB*1=xOR46_<O#bW%~oF^=s5pA4QitRJ&zO;|u<JTz36J
z&A#g`JZj-JTp5#ha&G!Hg;DzB=E=Vm51eAY^KD<QLhd&$z038NFX$IcNiCdqv`xKu
zi~Joot#=7WOKX%XG;YM@G^Mad`FqT}WZ2nd9?S4w>o5CrGtGZX?4<j6?{!Y$H`{#T
zt$i7vnQv;>gUtyo@7LYR-rZW>CmD1(KEgKLS1(>?Wwng`yAx&YaonpvowU0ZH*52q
zS2J=8o26o(R$o?FRHOax+scq@*Vsiaohahi<ox-GWk7<|!sp%Arb~nBY+`HgznOaM
z+391?9+kEjO}j7Kw0XfY{(I301!-Fs6dqI!<Ub=Avhv;DfAiHj7s<Jo{rK9sJ<q%=
zZrSTQvonhSF|bWfJ2j!=*$U5>wzK@Fo)^na3tu;>YxhTAtEP+Md(Y~L=+BtH<fQ$<
zNg8LI{Q0ImJ7rn-l<&ZlKWko;hGhQD$}#seWq9Vts=$;VbLP&!m7JG8bluxnJ^c*N
z?FJQ}>x!QO-tMh=f2)^4M!MX|ujcFPsI^)Cg*ESFy5r@SzU5GNYrCe@VRkv&OT6<)
z|AiHz&zDN|pXH8!@3hGEetv~w;Xj`xyAHBXXPCu4DgMGl(<x5chxg{(I;`k8U8K(9
zm;GPC@22;qCW_VlzyB=pN%22PPhlTc-IkXjeXIxT+s!8g)+MAL<&0_jztlf1d+U;d
zS7|dDY<B9}e)hZRS=$=)qGkTK>iHk9e&_x_ukf%<;dQ}vi5Z>&A9U4z<XY9+O}Egx
z<||@)X2Llx*NxYmt5TyG^Ve~;=9|}f?7lqF-R{QKgtW;vR+E1n_~d=#{~F1*qi%v{
zKb-ZOYV^}@QR<zohkYkb%ix^XP-bSbYr(ni;@{3>Fc&?V_*rVFR%ggf5%Hp`#*8;d
zJyol=?aAnT!8_^b<Fx*Rd28cajnY0{7kDE2RC?J&(bE@ira#Ec`?YngWkSWqK-O+I
zshlj!b`yb!lb3&7VtAV+^(gMkycxp$2d#>N>VsdO=YM<T!~;K-)Bjgal>VpgGhbLG
zu`23$Tby!-R?}DJ({}lLI^`@j{BF8(ZpOh^t!w6so%Q_A!nNVLal7`1O(%GCAK$wy
zR_zls*?(n-?czyi&G!7}`n&cBZ*sk&Uz%G%byD=}I~qqgrJ02~8S+~~JYrus8@l{n
zyp`X=*eH93kj%^O;@CACHww71GVfY+`B(B&Q_r^?R&##tJ!5Bl$-Tj8vX!vZ&#J%!
zA}I<%JT7Hiffucg_J8O&^Y-Q%m9Nvqmi;L)En9p&S<sU+>dC4@-ZHEF)i*ut7UDO3
zF!jcMm8Xvj9WSbV{P<ebXT8I#Tl=)9?siVvJVp9&SfA;fgKm?3+T+{WUH3*k^1Swa
z!Q3<X5lvIA>U=hM$ywysEUjW%d1uS|*l%YyJe~3|mv6s__uo(Xk}l!T4Q?r`_%trs
zcP-;dq|)c}oorvP8W`|>PWe@_eYZnEwc?G3IYQs-`Eu%dm&8^GDql0bxc29+0w0Y<
zPj}b+x{_O<+3_apvhBy;dIFg~{i~BUv@dPbk?Z>1v*~5C`m_AmyP9?{+#e@nk!<uV
zp)d4T?txvdhrdW0*mf<^TKFMs+0A{=qke6b-*QNo&x~VUD9`K<$%=w{zkEVUEzfI5
zv0O5n;PU*r((R8?k0$#slz7gf_9El}U#i;etV<H-HfXu5;QOuoxcZ4=(UQcy^1;>i
zyO++a`SB%#D_)ANWoi4=f+e@Y%^Hf#jveP<ycN=K`%#tgms*$OrPR4i-Vfhx`gZ1L
z%E_s<^Pk$vf8u+7q4@@<XYH?l`)1B?`4?!m_PE-Mc|q0@=4a+b&j~;Al4n<w#5#G+
zyA11(KHu^4{*K3s&F+3W!}@#U=7&aJ^R^YnavWUb>d|sse8#r!eHNwH-+0XR(YiRN
zub6S+x2}~d6uzvrJZje;-<+K4_;=<K4QYV}HRDA7(<cH}Zg*jww&8!syq&K*qk?-f
zHJU0mekzM>Zb)(Rf1W0ick1vJ>#5V8>iHx;ShiQgg`xEL>ys{jzU_I_Txh|+aa!a0
z-iJ$9%a*-8fAS({-UB`XnM{d;Gj7%If2tjr=ca%B*3o+Ho9lL5R%G?hk;__n_%{F-
C-V^8m

literal 1904
zcmZQ@_Y83kiVO&0SRr*Nax-W8NfxaeFO1hKAJ9*_r?f!Ki8spOK8yUF3AY|6)r23D
zV?8At)O`67ubEBDl;vM)Kf7OyZnBtBq}?j2y=8{%6xXl@#(wpRFCK5+?Mi9Map~Lt
z`>!mc;6E#)ZRTR(f**X1Hk`=2Tz&O^h{u%67Y&Q~*%tOL>Z@GzL|<v9{`?G<NBfRE
zaMd`r_utKV|L>?LpYbSlWtG&qviWoN%_~AaLJQ=0!uN=WhP7<-cbLVH^1)5nX!g`C
zcU&VSCOE7Q$&;U{|6x^Oxu;a%%!-x0_CL4I-gB4Va%=mIX(q{BHnUEziWU}LJA3D%
z*((*fqhr#(s&%eoXP>*|qH@aSElrD_FI?WI;rR2yYO&v!C4O%bnV8u2GM|6BiBng$
z-Rj(&1Np@}w*L4pY+dTUQe+8J>ZCjO>x6wn{WZLpmnPhpd-dRkMayPJC>WMcn-;YF
z)t9TxEJtH3&puA)ZRl-`I^J`)+rjU|1+KdPuUqDxz2D0H_K)^OAs;;t2lnfxi83=p
z4o|#w>)A1f>e3nCvkY9jS5KLI<4NE%oexUxGkyJpS?9gJ=yu*EE<Nm(oXs_z_VD@7
zRMLBk1-G4Drzod3yYSUt|LJR^_2XZ625~(L3(Wg>G-gd(Ogs0LD>FVb8lRHCbhH22
zMEQ4VK1)mfN`=TfbO!RqELNQ<a8igrv6J(TLo-WVheTg&Le$j61y>ycmxr$P=M+6}
z^Y+Qb13}x=_E>KFc2oa&xA$y!wtesSE#9v!T>oU+*Qs@#2^G_43P{|r+rQC`?@h`Q
z_WoVZ_g}lSQY*PGz(-*E?aqch58~Qm6M`3PeEM|Tk|QdT(#LYtDzclEXS_5`@XOHi
z$zyuHV<)FZg$&Exl!boDH(0Jse!Ed!kM|&lknQSF0iimDP_<WY?0))O&*bPWXI-@B
z_{1qSf^V2kuZeMs_gsH6@#gDgQ~w?a4HvB2{JZnWdG%D|B{3zQ2lm8eZgX7njoE&M
zR&IDhi;3|UwN)O1wk-)Jla`oOhwb6+tekDNP`4^1@Vm5C_Yaqx`L<b?KZR?{UcT_^
zNo1vlifoj~-Ky6jS(;8O7q7Wp=9&C}&3ws=+KhcNyUuCoeVi=d`7vW>b>Alc(+$ZC
zJy8~O!+iTRRGFq(w08GD@>ulmmTC3p8;_>u8#32(tljtO+oZM(2d77!6Bn*`XkL7C
zcC7K@<t_;;FLnGZ;r%}EOSUrmIm<R9<}B{*)g2s8zI-znzU<UuePNm_)13S^C0yeu
zcfjfsZHK;@^H~%;>s%%C_TcP*C+5et%Pl__{b}dT&0Gp<Gq+t(E)#Q7Tx>sIj9JAY
zS4jTJ1qX)BwiCBlJZ)@y{pOU)n~x7S+1%r^-L_s_t6=R*e)oX(&#S-u4p!>_)cCep
z>+0J%pA)8jfBd3Wu2WfAGUvRuNxJtQZC!7<yxndb_YG&2zZTJ+Vz+Dg{?|X(s=N|T
zxu)6Q+@+N0(7D#-?G4cy$<I=nlP|J8E^b_5c2Q*Jo`z2qCFaUfY3g=Q#bdNqXH0n_
zoyGhwL3Q~auJf`JWPiCn`4{iy7}Ict>&Ns;H}Tq;#kY<*7oPbp^8fa+$v3;!%*#*R
zCf@WwKCxzN%SpF+JzSoS3;1Jeg)gr1%-hs{{ql)7bF!}85}5sHtHCGlKkwCM{AE&^
zx3N-Ar*KA*QBlYLO>y;`4r~z3{i?s>zx02fP-}(HnF|gHo>vZ;eRtJ;2aU2&f#uUS
zek+f3n)b?n*RAjKd=?(|Gcqd7nV%>4_4cwXPwq&?DC=1_<)m-*%$~g9wX)CtiNABV
zeXx6TM~Go%Q2F03<wQ>FO?zuXxgy_1bX|$nncOfbc-OIsD|6<)dtG<bgvohk7t6bE
z`<=gOPMNS;Z_lcv?+e%u38?w1{aNv!Rc6Ni412%Z8afw+{r9fsRjF(^Fmb2p@6Cqu
zum7Gd+1hB|mpSLNS>2CE?1gFm9{=KAWlp@aFhtyLW%|t1X9{Yy)VGNq`+wj^wUg)h
z)ZiD7-z0vkyr8A*^eTPn+izRSMJ`XA^`cC$<>`0fA8!v$-V%6}?OfolUt*fd*KgnV
ze*3R4Ct|UuWAlg8CyvbNa$hZ0vCVnfl8gO6S1|nz*`c;`RddnO$aCTuORk5%5SqB9
zZrcnO<@e?sjNfOd&zrA2_1uYD=5=m!ZLV)UUZd1<H=<&Fc`f(kuo+GdemhTgHhLPM
z*)@}A_VQCfL0rMi-K)yvLTp~JF<kn&<G>}guM1^6PDXtB<n)hS`A$j{gSG78&PSI{
zZr=Ynd*AbWU*eA3Ht5{^u)ophuu9Xq%bYt_r%H*xe)r>xL+xhW|5lk1>n|%BUUu#4
zuQ+rm?T~V<{L)9~HN-`{cBJpOY5vjvq;rz@Yn!B<pG<ceMDnkmQzc)odF9fZW#{Hp
zKl#WKzvb-djKch|&)@ymD7Yj9dnq$?&p8}9KhfsNwkw9QLJR%2%y8X#mrdC>bk-bk
zAFT@svy9w$Tr*u6Hwt@tsp?Pf_ldA!-q?NOhe=pPd5CS+t4$7Rf(r}(xA?4ZQt~*w
nKd9`cG2@r{zBdB@O@AHMX0WpC>!Vjj-6gRGz1L>lf4T(#ilDB|

diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix
index 220e2752..5ef5423d 100644
--- a/modules/system/services/server/fileserver/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/default.nix
@@ -24,7 +24,7 @@
         mail_from_address = "noreply";
         mail_smtpauth = "true";
         mail_smtpname = "noreply@nixfox.ca";
-        mail_smtppassword = config.secrets.noreplyPassword;
+        mail_smtppassword = config.secrets.mailPass.nixfoxNoReply;
         mail_smtpmode = "smtp";
         mail_smtpport = 587;
       };
diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix
index 97354025..31fcfc0a 100644
--- a/modules/system/services/server/forgejo/default.nix
+++ b/modules/system/services/server/forgejo/default.nix
@@ -19,7 +19,7 @@
           SMTP_ADDR = "mx.nixfox.ca";
           FROM = "NixFox Git <noreply@nixfox.ca>";
           USER = "noreply@nixfox.ca";
-          PASSWD = config.secrets.noreplyPassword;
+          PASSWD = config.secrets.mailPass.nixfoxNoReply;
           PROTOCOL = "smtps";
         };
         service = {
diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix
index 8f9beb4a..b05ee0fd 100644
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@@ -11,11 +11,11 @@
     hostname = "radio.nixfox.ca";
     admin = {
       user = "${config.sysusers.main}";
-      password = "${config.secrets.castAdminPass}";
+      password = "${config.secrets.cast.adminPass}";
     };
     extraConf = ''
       <authentication>
-        <source-password>${config.secrets.castSourcePass}</source-password>
+        <source-password>${config.secrets.cast.sourcePass}</source-password>
       </authentication>
       
       <location>Canada</location>
diff --git a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
index 75eab16a..f2966861 100644
--- a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix
@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="NixBops Radio",
diff --git a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
index c3025beb..ac7d6a75 100644
--- a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix
@@ -14,7 +14,7 @@
           %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
           host="127.0.0.1",
           port=${toString config.services.icecast.listen.port},
-          password="${config.secrets.castSourcePass}",
+          password="${config.secrets.cast.sourcePass}",
           encoding = "UTF-8",
 
           name="Nixbops Scrap",
diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix
index f00e900f..d6512819 100644
--- a/modules/system/services/server/mailserver/simplenix/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/default.nix
@@ -21,13 +21,8 @@
 
       # Passwords made with 'mkpasswd -sm bcrypt'
       loginAccounts = {
-        "noreply@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
-          sendOnly = true;
-        };    
-
         "jimbo@nixfox.ca" = {
-          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
+          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.mailHash.jimbo;
           aliases = [
             "james@nixfox.ca"
             "jimbo@bloxelcom.net"
@@ -41,7 +36,7 @@
         };
 
         "luna@lunamoonlight.xyz" = {
-          hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
+          hashedPasswordFile = pkgs.writeText "luna" config.secrets.mailHash.luna;
           aliases = [
             "luna@bloxelcom.net"
             "contact@bloxelcom.net"
@@ -50,9 +45,19 @@
         };
 
         "contact@freecorn1854.win" = {
-          hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
+          hashedPasswordFile = pkgs.writeText "corn" config.secrets.mailHash.corn;
           aliases = [ "freecorn@bloxelcom.net" ];
         };
+
+	# Noreply emails
+        "noreply@nixfox.ca" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.nixfoxNoReply;
+          sendOnly = true;
+        };
+        "noreply@bloxelcom.net" = {
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.mailHash.bloxelNoReply;
+          sendOnly = true;
+        };
       };
     };
 
diff --git a/modules/system/services/server/socialserver/mastodon/default.nix b/modules/system/services/server/socialserver/mastodon/default.nix
index 3006bf58..ed7c0b61 100644
--- a/modules/system/services/server/socialserver/mastodon/default.nix
+++ b/modules/system/services/server/socialserver/mastodon/default.nix
@@ -13,7 +13,7 @@
         authenticate = true;
         fromAddress = "NixFox Mastodon <noreply@nixfox.ca>";
         user = "noreply@nixfox.ca";
-        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
+        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.mailPass.nixfoxNoReply;
       };
     };
     environment.persistence."/persist".directories = [ "/var/lib/mastodon" ];
diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix
index 323146c4..894619e7 100644
--- a/modules/system/services/server/socialserver/matrix/synapse/default.nix
+++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix
@@ -15,7 +15,7 @@
           notif_from = "NixFox Matrix <noreply@nixfox.ca>";
           smtp_host = "mx.nixfox.ca";
           smtp_user = "noreply@nixfox.ca";
-          smtp_pass = config.secrets.noreplyPassword;
+          smtp_pass = config.secrets.mailPass.nixfoxNoReply;
           enable_tls = true;
           smtp_port = 587;
           require_transport_security = true;
diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix
index ef1dcb62..f052257b 100644
--- a/modules/system/services/server/vaultwarden/default.nix
+++ b/modules/system/services/server/vaultwarden/default.nix
@@ -17,7 +17,7 @@
         SMTP_FROM = "noreply@nixfox.ca";
         SMTP_FROM_NAME = "Vaultwarden";
         SMTP_USERNAME = "noreply@nixfox.ca";
-        SMTP_PASSWORD = config.secrets.noreplyPassword;
+        SMTP_PASSWORD = config.secrets.mailPass.nixfoxNoReply;
         SMTP_SECURITY = "starttls";
         SMTP_PORT = 587;
         SMTP_TIMEOUT = 15;