From dcc845a67c733d195021a37eddca14fac026df99 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 10 Sep 2024 21:39:12 -0400 Subject: [PATCH] Touchups --- nixos/server/ddclient.nix | 2 +- nixos/server/firewall.nix | 3 --- nixos/server/misc.nix | 1 - nixos/server/nextcloud.nix | 2 +- nixos/server/nginx.nix | 34 ++++++++++++++++------------------ nixos/server/photoprism.nix | 1 - nixos/server/synapse.nix | 1 - nixos/server/wireguard.nix | 2 +- secrets.nix | Bin 2174 -> 2237 bytes 9 files changed, 19 insertions(+), 27 deletions(-) diff --git a/nixos/server/ddclient.nix b/nixos/server/ddclient.nix index f1f835ad..3ba3b68d 100644 --- a/nixos/server/ddclient.nix +++ b/nixos/server/ddclient.nix @@ -1,5 +1,5 @@ {pkgs, outputs, ...}: { - # DDClient for Dynamic IPs + # Dynamic IPs for Cloudflare records services.ddclient = { enable = true; protocol = "cloudflare"; diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index c1082ae1..ed99afa4 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -8,9 +8,6 @@ in { firewall = { allowPing = false; - allowedTCPPortRanges = [ - { from = 8100; to = 8150; } # Azuracast - ]; # Add extra input rules using nftables extraInputRules = '' diff --git a/nixos/server/misc.nix b/nixos/server/misc.nix index 599429b7..3fea159e 100644 --- a/nixos/server/misc.nix +++ b/nixos/server/misc.nix @@ -3,7 +3,6 @@ environment.systemPackages = with pkgs; [ mdadm ]; - services = { snowflake-proxy.enable = true; logrotate.checkConfig = false; diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index 644bcb22..9b95df25 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -8,7 +8,7 @@ https = true; config = { adminuser = "jimbo"; - adminpassFile = "/mnt/nextcloud/password.txt"; + adminpassFile = pkgs.writeText "nextpass" outputs.secrets.nextcloudPass; }; settings = { trusted_proxies = [ "127.0.0.1" ]; diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index 643078ce..4d2b2187 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -17,19 +17,19 @@ locations = { "/.well-known/matrix/client" = { extraConfig = '' - default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${outputs.secrets.jimDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${outputs.secrets.jimDomain}" - } - }'; + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${outputs.secrets.jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${outputs.secrets.jimDomain}" + } + }'; ''; }; "/.well-known/matrix/server" = { @@ -68,9 +68,7 @@ }; # Open HTTP and HTTPs ports - networking.firewall = { - allowedTCPPorts = [ - 80 443 - ]; - }; + networking.firewall.allowedTCPPorts = [ + 80 443 + ]; } diff --git a/nixos/server/photoprism.nix b/nixos/server/photoprism.nix index c66fc245..4e8283dd 100644 --- a/nixos/server/photoprism.nix +++ b/nixos/server/photoprism.nix @@ -1,5 +1,4 @@ {outputs, ...}: { - # Photoprism services = { photoprism = { enable = true; diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index ff267ff9..303d8a87 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -10,7 +10,6 @@ # Set the network config listeners = [{ - # Client config port = 8008; bind_addresses = [ "::" "0.0.0.0" ]; resources = [ { compress = false; names = [ "client" "federation" ]; } ]; diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix index 4bad3e28..480047ed 100644 --- a/nixos/server/wireguard.nix +++ b/nixos/server/wireguard.nix @@ -1,7 +1,7 @@ {outputs, ...}: let ips = import ../modules/ips.nix; in { - # enable NAT + # Enable NAT networking = { nat = { enable = true; diff --git a/secrets.nix b/secrets.nix index b2f7f352eec323930d0bcce12c4d27a376b8c6c3..72d7ab0a0b55ff14910713c5eb59cf7a87b393ce 100644 GIT binary patch literal 2237 zcmZQ@_Y83kiVO&0*!h9Cd&x`DMKTq8N-U3Z7Ybi_c5AEo%;J=LelBHS6(l+3idVk* z%k=uK%N3E6)5R6NT?-r~{RXUw z9>QvYYc+PY@9CelUr^M2(~Pk6oktEi842E+`J(aoPM5H?ZDAFcPw_?M3(V+ycugko z!McumMkT3i!A+A=DmS#w-Tmc)_iD<{tFpD2kUBa`YUxtNzONNEs>BbcVcw=tQ^;P{TJ7fN4CA5>W8+?Z(nml z`oqy_W%GMZ$Fj}He=$95*PVagMbwfRI`23>f30o7*AXjUu=eA-+akx_ajEv%owN$R zl2~Fe_vvK5>08gFoBMM94*PLWYuc-P&j2^kkBpbiqkfr{9&gxT`u54EBL)9-+f5Gk zX)(u(do9rq=`80{I#sRT`C8z30*hD91)n!BnGY{5xo|4#`o}99PQR#r`+V`G4}Y6y zSsq)?lgFwsFD7yBd}f8TE}2#p^Eq81&pA2EpD$}rsHry2D)gyO^nCt^DN^Ftiu_ln zetx~4J@eNO)(vSDnU3e=eLv3->bMm(A$PuunO;oj)1wxA=Nz3M?%>~R^d#VP!IIs| zZZV&k3a?DeTq9>C@H=q9dI?iD`8273L*knjygzX8Qs$zYq9=DSeBEw(c-y7g zj?B{9TwV4R7RKf)JGdR9G|&Bi>frDFm8U8`wbT1_P2-Mf`h2xZFB*m&`%)Pqs&d3W z<@HS^3)ilqCE^>qV{X~>{=4GWocYjdwa82#?$E6FpXW`e%Z&{`f1mq#&o3dd(ye!H zrd&9+!B}#pNy_nKLIK?yg`Aq_?2_8paC~lP{F_yGt}MN0qs-iX`^AdMm$Nf|{1^Q` z^5B1ivd+;+Fu3?_>>+YWAfoD$HUA9!5BInmPpKXQaY*D4pn$`VZPk(Nn zUBI%+XJ=XM#I253!%beLoU-|o`R?AIr+YfM9w*uzYyHcYAM#G)kXu3%!={GH!VOz1 zZuH0OnS0exEzw}f_WSH^_di6KkDBjgV_DPn-&hU}iX?>H&8w!_Co?yv! zQujxzuFOjg7Iwih9jDNi-8I>~OSMk8$t-!(UpU*o`JrRQjLmeW#@B7ey`j~`t+9Z}(iO+1Gat7F`Z zK8r9|H22r;Gj+P(U>(o+WNojx+!W>P56Zo1Y4S17KFcgCeiVJIpH*gax$wa5z6bZ+JN@U6-SycQOH@9k6wn$K>leSji`pQ5y1l}7 ziqgpseeXWLX+6KV?Q-LX?S7tG9fmP~fBnAI%i$~{bN$z;$7gR`i#mI7)>$v><{vw( zA{QPqn)@VV*Ds;;8Pnp7trEU#*w$IyoPAU`*2es%pK+a1-S^;ypV>`=cE4k^<`tjf zQ$8Uk=S63Qla_?`9 z-x;O)h`>_~!D^;X_f|hCJ1rCwzIf5Y64h(_{R8=X{mdRIc|pRmoYD-ZU_tNbab zV$BqFn##d*w!P}}{+<~IIiXLN$Dh0L&f(OYvhEobwSn84A2!5VKaf)C<4L^2&YG0kSy-mi0RGrXI7tYzChKUFb~&>75g%Fd~EbqULD zdU1crOrzZ2d)fmINIcQsf93OB_4Mix^PtKluOfSR1?Dd2vg}Tp{hs&5r?cz={t=d6 z&rF;s(RbwOlfQY&A&LnOTNzvesso%FyXU>g$jx`?kCakVS@ku@_2IcW`4^VgbeI2Y zyKCyY=3i5h(gEhUWv*h<)8nnvW^UE@>#!_u^<%fa(eEd8`Qg=74sTsPoA{T!_$Vf( z;TQGZy7uNJv#xtKAMleb`!9J@0{*xxkh;x&Qh?v{&TY z-gvbmpv3(`jMVJ!n~qQSJ(acZeCwk4&(~R+^Q!u;s&*v1f#2*$IM*T UnwD$RzpKTs`DGUA?cyW@0Pc51tN;K2 literal 2174 zcmZQ@_Y83kiVO&05UYF3Fo$8&>w<|P|I_CQ#PJJgFmVMw+<$A{nRyP;5{817y;*go z*1s*b$*q4jd-ujV>ldkC_cSM!>mOcpw>GBKyxVnqs9eSJmE4QWZugzx%vdeF?v%s6 zn|a($b8s}7#J z>Fv_+aMCd=eT6%p3a2k|`0v}kPd)QUuT@BHUYurxh|sDt99HhJhfnNII(H;1%#Y)- z!@bgq*&TBAm(R+3wzbwVu((V#XOfR%zO*o^Y9UXjP&zi^(>)h{Y&5|`m47+X`$1b;MOEGyQQZiM0d0e!I_(y{! z`?&Tut>IOba!=(8P`R>4%qXBCb?3xMjPqFU&wNq(>+-vE_ZAzJZ@1&%J^oE|CC?tY zUCr|zOyuAGtIu!Zk(ZXeCI6SM4Epj!SN>yo^N#;>rFV0OH)i#JnN|JByzq;bN!zVI zQELs&6xDC47wRwLXtDU^OMJ>hiyY(GYmPKOGL|yb_FOE< zt!Ts*`6Y8ZkF$dKt@dsCqTdR`54J}$d;2S~-*B=sYIsx`;HujC{Qada;pg6aB~Km* z{UMn6e(LHV-L>7VEGnYUpGXAxG5GITc-AGSC*3^JddP5@viR1+3;O%o{0_ahNijTgB-(OwvdU!5#qXcG=$7wo|JEZC#5qN9 zFMrE>9m}2Hr)gTAU+yhmCos|bpNi)ePQ_~dA0=-OKG?l`=|Nt1OTNRYy#Mzv)H!Xg z{Bo;8d+Xk6h5qkmZ!Uhg;+nE2On*hpPY-j6?kVB1cQ^4pd&aHt^c06gQu)HaMdzB^ z1vFl?K8ury*>vpO*6w**>~rf*&Un=1?Xq7upqDpJDCCw8zs?Rp|0xTnT-VT;;c`oj z*;A~a@u?}}V{5mUa-s9E!H zR`cejDL=Aj-qu_4?ors@hdW(OHfrzCnCg&wxc~W70V(@m&IkT1y>?)i=t}dLi$RI* zw^)MvZ_GX&QRP3Ub?cN5QzOr*JiHh9FmO+~aN^#d`)=P6SKPI3N&Y@B$-dl48JAMp zSc>i^o@>xwFPJ4{D5-aHRWjr2CEh$&{=7E5^W;MUtK6Obr#TbDMDK3$KInXxDojA33mt2r{%EmhP&4ubr#b zcYj^k^{rHBbS>H+$)+vm4jN9_l$Qc<%mRBgs3T!!H{z zl88I=cN#v@LWg6 z%?x@v4UbJ21JX(?4iqji|E=LDG<%!JhxZGXerlZ&xIEcl^Y%oO&Bi^Ei?XgRdnu)) zl5;`K?7LE?qlkRF!=8N^`F{-#RIKB;DZOMPpF*&T6Hjx?=9x|<-kR zyQr4(Vc$6+j<$9E|C;34JU0J)$<->d+vlnKe&1bZ_iVb|E4|m)B_;gzC)K~YDmO)B zDtRZ;o}*>Ak~khXBs$E_E2r1_5Wb~!IeuFgpOWoUWTSyOrOZ1czFQ@$(RogZ{y zy{EqJZ-$eyl`hvT4y+aB{(aK^)p^^ zeiB%kZziR9SM>bzlgomm++Oepgtgx>kKgW}aDeMluAS%h265?)_hJt(iR_5|{wK2Z zP|Jpbc(-?UZ#Lci!rQ%mV< z0Oy3Q+)R=$S*1N{a&zze6tPnBnpLv+#P^RoFL1q$PvKGY-_57Ar)s6^D|TV~ENiv; zOnD!#PhM*y<{!74xTx;vqUbka!iU!HX834%zTlvG=z`1EsozB|s@{I8u{(hKcDm># zouf~+9nLDAR-4;Y8Fy3sr)f(6)QJ;$H_T__U8DR-V|5X$=kkk!_2mjnpDqjaS@ros HWK0kMk}Mq0