From 7f0e1801d7b45a96fb44d3cb8b74ac6a6d496e38 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@jimbosfiles.com>
Date: Tue, 22 Oct 2024 08:02:35 -0400
Subject: [PATCH] Move the mailserver to Oracle, give up

---
 hosts/bomberman/system/default.nix                         | 7 +++++--
 hosts/cyberspark/system/default.nix                        | 5 +----
 .../system/devices/networking/firewall/server/default.nix  | 7 +------
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/hosts/bomberman/system/default.nix b/hosts/bomberman/system/default.nix
index 3385afe..20bdfc2 100644
--- a/hosts/bomberman/system/default.nix
+++ b/hosts/bomberman/system/default.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ mailserver, config, ... }:
 {
   imports = [
     ./hardware
@@ -18,8 +18,11 @@
     # Misc
     ../../../overlays
     ../../../variables
+
+    # Imports
+    mailserver.nixosModule
   ];
 
   networking.hostName = "bomberman";
-  networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/32" ];
+  networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/24" ];
 }
diff --git a/hosts/cyberspark/system/default.nix b/hosts/cyberspark/system/default.nix
index 30ce1f6..5979d3b 100644
--- a/hosts/cyberspark/system/default.nix
+++ b/hosts/cyberspark/system/default.nix
@@ -1,4 +1,4 @@
-{ mailserver, ... }:
+{ ... }:
 {
   imports = [
     ./hardware
@@ -19,9 +19,6 @@
     # Misc
     ../../../overlays
     ../../../variables
-
-    # Imports
-    mailserver.nixosModule
   ];
 
   networking.hostName = "cyberspark";
diff --git a/modules/system/devices/networking/firewall/server/default.nix b/modules/system/devices/networking/firewall/server/default.nix
index 5ebf30a..8c0a376 100644
--- a/modules/system/devices/networking/firewall/server/default.nix
+++ b/modules/system/devices/networking/firewall/server/default.nix
@@ -4,15 +4,12 @@
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 
   # Configure firewall
-  networking = let
-    mailPorts = "{ 25, 143, 465, 587, 993, 4190 }";
-  in {
+  networking = {
     firewall = {
       allowPing = false;
       extraInputRules = ''
         ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
         ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
-        ip saddr ${config.ips.wgSpan}.19 tcp dport ${mailPorts} accept comment "Accept mail"
       '';
     };
   
@@ -44,8 +41,6 @@
             chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
               oifname "${config.ips.netInt}" masquerade
-	      iifname "${config.ips.netInt}" oifname "${config.ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
-	      tcp dport ${mailPorts} oifname != "${config.ips.wgInt}" drop comment "Send mail"
             }
           '';
         };