diff --git a/modules/system/devices/networking/wireguard/pc/default.nix b/modules/system/devices/networking/wireguard/pc/default.nix
index 5a4e531..f120f77 100644
--- a/modules/system/devices/networking/wireguard/pc/default.nix
+++ b/modules/system/devices/networking/wireguard/pc/default.nix
@@ -11,9 +11,9 @@
privateKey = config.secrets.wgClientPriv;
peers = [
{
- publicKey = config.secrets.wgServerPub;
+ publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
- endpoint = "sv.${config.secrets.jimDomain}:51820";
+ endpoint = "sv.${config.domains.jim1}:51820";
persistentKeepalive = 25;
}
];
diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix
index 89ac746..ec01605 100644
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@@ -17,14 +17,14 @@
listenPort = 51820;
privateKey = config.secrets.wgServerPriv;
peers = [
- { # Jimbo Pixel 9
- publicKey = config.secrets.wgPixel9Pub;
- allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
- }
- { # General Nix
- publicKey = config.secrets.wgClientPub;
+ { # NixOS
+ publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
}
+ { # Pixel 9
+ publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+ allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
+ }
];
};
};
diff --git a/modules/system/services/server/fileserver/public/nextcloud/default.nix b/modules/system/services/server/fileserver/public/nextcloud/default.nix
index 7c2129e..c50d2f9 100644
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@@ -1,45 +1,31 @@
{ pkgs, config, ... }:
{
- services = {
- nextcloud = {
- enable = true;
- package = pkgs.nextcloud29;
- hostName = "cloud.${config.domains.jim1}";
- datadir = "/mnt/nextcloud";
- https = true;
- config = {
- adminuser = "jimbo";
- adminpassFile = "/mnt/nextcloud/password.txt";
- };
- settings = {
- trusted_proxies = [ "127.0.0.1" ];
- trusted_domains = [ "cloud.${config.domains.jim1}" ];
- overwriteprotocol = "https";
- mail_smtphost = "mx.${config.domains.jim1}";
- mail_domain = "${config.domains.jim1}";
- mail_from_address = "noreply";
- mail_smtpauth = "true";
- mail_smtpname = "noreply@${config.domains.jim1}";
- mail_smtppassword = config.secrets.noreplyPassword;
- mail_smtpmode = "smtp";
- mail_smtpport = 587;
- };
- };
+ imports = [
+ ./nginx
+ ];
- nginx.virtualHosts."cloud.${config.domains.jim1}" = {
- enableACME = true;
- addSSL = true;
- locations."/" = {
- proxyWebsockets = true;
- extraConfig = "
- location /.well-known/carddav {
- return 301 $scheme://$host/remote.php/dav;
- }
- location /.well-known/caldav {
- return 301 $scheme://$host/remote.php/dav;
- }
- ";
- };
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud29;
+ hostName = "cloud.${config.domains.jim1}";
+ datadir = "/mnt/nextcloud";
+ https = true;
+ config = {
+ adminuser = "jimbo";
+ adminpassFile = "/mnt/nextcloud/password.txt";
+ };
+ settings = {
+ trusted_proxies = [ "127.0.0.1" ];
+ trusted_domains = [ "cloud.${config.domains.jim1}" ];
+ overwriteprotocol = "https";
+ mail_smtphost = "mx.${config.domains.jim1}";
+ mail_domain = "${config.domains.jim1}";
+ mail_from_address = "noreply";
+ mail_smtpauth = "true";
+ mail_smtpname = "noreply@${config.domains.jim1}";
+ mail_smtppassword = config.secrets.noreplyPassword;
+ mail_smtpmode = "smtp";
+ mail_smtpport = 587;
};
};
}
diff --git a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
new file mode 100644
index 0000000..4350dfd
--- /dev/null
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+ services.nginx.virtualHosts."cloud.${config.domains.jim1}" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/" = {
+ proxyWebsockets = true;
+ extraConfig = "
+ location /.well-known/carddav {
+ return 301 $scheme://$host/remote.php/dav;
+ }
+ location /.well-known/caldav {
+ return 301 $scheme://$host/remote.php/dav;
+ }
+ ";
+ };
+ };
+}
diff --git a/modules/system/services/server/fileserver/public/photoprism/default.nix b/modules/system/services/server/fileserver/public/photoprism/default.nix
index 59b01ef..7368339 100644
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@@ -1,5 +1,9 @@
{ config, ... }:
{
+ imports = [
+ ./nginx
+ ];
+
services = {
photoprism = {
enable = true;
diff --git a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
new file mode 100644
index 0000000..169d953
--- /dev/null
+++ b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+ services.nginx.virtualHosts."gallery.${config.domains.jim1}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:2342";
+ proxyWebsockets = true;
+ };
+ };
+}
diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix
index f2aff00..61c64cc 100644
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@@ -2,64 +2,34 @@
{
imports = [
./nginx
+ ./liquidsoap
];
- services = {
- icecast = {
- enable = true;
- listen.port = 265;
- hostname = "icecast.${config.domains.jim1}";
- admin = {
- user = "jimbo";
- password = "${config.secrets.castAdminPass}";
- };
- extraConf = ''
-
- ${config.secrets.castSourcePass}
-
-
- Canada
- jimbo@${config.domains.jim2}
-
-
- /jimbops.opus
- JimBops Radio
- Music gathered by me, Jimbo.
- https://icecast.jimbosfiles.com/jimbops.opus
- Anything
- application/ogg
- vorbis
-
- '';
- };
-
- # The audio stream
- liquidsoap.streams = {
- jimbops = pkgs.writeText "liquidjim" ''
- settings.log.stdout.set(true)
- settings.init.allow_root.set(true)
- settings.scheduler.fast_queues.set(2)
- settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-
- # Define the source with random playlist
- jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
-
- # Ensure the stream never stops
- jimbops_fallback = fallback([jimbops, jimbops])
-
- # Output configuration to Icecast
- output.icecast(
- %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
- host="127.0.0.1",
- port=265,
- password="${config.secrets.castSourcePass}",
- public=true,
- icy_metadata=["artist", "title"],
- mount="jimbops.opus",
- encoding = "UTF-8",
- jimbops_fallback
- )
- '';
+ services.icecast = {
+ enable = true;
+ listen.port = 265;
+ hostname = "icecast.${config.domains.jim1}";
+ admin = {
+ user = "jimbo";
+ password = "${config.secrets.castAdminPass}";
};
+ extraConf = ''
+
+ ${config.secrets.castSourcePass}
+
+
+ Canada
+ jimbo@${config.domains.jim2}
+
+
+ /jimbops.opus
+ JimBops Radio
+ Music gathered by me, Jimbo.
+ https://icecast.jimbosfiles.com/jimbops.opus
+ Anything
+ application/ogg
+ vorbis
+
+ '';
};
}
diff --git a/modules/system/services/server/icecast/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/default.nix
new file mode 100644
index 0000000..de82af3
--- /dev/null
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@@ -0,0 +1,30 @@
+{ pkgs, config, ... }:
+{
+ services.liquidsoap.streams = {
+ jimbops = pkgs.writeText "liquidjim" ''
+ settings.log.stdout.set(true)
+ settings.init.allow_root.set(true)
+ settings.scheduler.fast_queues.set(2)
+ settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+
+ # Define the source with random playlist
+ jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
+
+ # Ensure the stream never stops
+ jimbops_fallback = fallback([jimbops, jimbops])
+
+ # Output configuration to Icecast
+ output.icecast(
+ %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+ host="127.0.0.1",
+ port=265,
+ password="${config.secrets.castSourcePass}",
+ public=true,
+ icy_metadata=["artist", "title"],
+ mount="jimbops.opus",
+ encoding = "UTF-8",
+ jimbops_fallback
+ )
+ '';
+ };
+}
diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix
index 7452a13..6febffc 100644
Binary files a/variables/secrets/default.nix and b/variables/secrets/default.nix differ