Separate some more files and extrapolate more non-secrets

modules/system/devices/networking/wireguard/pc/default.nix

@@ -11,9 +11,9 @@
       privateKey = config.secrets.wgClientPriv;
       peers = [
         {
-          publicKey = config.secrets.wgServerPub;
+          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
           allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.secrets.jimDomain}:51820";
+          endpoint = "sv.${config.domains.jim1}:51820";
           persistentKeepalive = 25;
         }
       ];

modules/system/devices/networking/wireguard/server/default.nix

@@ -17,14 +17,14 @@
         listenPort = 51820;
         privateKey = config.secrets.wgServerPriv;
         peers = [
-          { # Jimbo Pixel 9
+          { # NixOS
-            publicKey = config.secrets.wgPixel9Pub;
+            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
-            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
-          }
-          { # General Nix
-            publicKey = config.secrets.wgClientPub;
             allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
           }
+          { # Pixel 9
+            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
+          }
         ];
       };
     };

modules/system/services/server/fileserver/public/nextcloud/default.nix

@@ -1,7 +1,10 @@
 { pkgs, config, ... }:
 {
-  services = {
+  imports = [
-    nextcloud = {
+    ./nginx
+  ];
+
+  services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud29;
     hostName = "cloud.${config.domains.jim1}";
@@ -25,21 +28,4 @@
       mail_smtpport = 587;
     };
   };
-
-    nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
-      enableACME = true;
-      addSSL = true;
-      locations."/" = {
-        proxyWebsockets = true;
-        extraConfig = "
-         location /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-          location /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-       ";
-      };
-    };
-  };
 }

modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix

@@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+    enableACME = true;
+    addSSL = true;
+    locations."/" = {
+      proxyWebsockets = true;
+      extraConfig = "
+       location /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+     ";
+    };
+  };
+}

modules/system/services/server/fileserver/public/photoprism/default.nix

@@ -1,5 +1,9 @@
 { config, ... }:
 {
+  imports = [
+    ./nginx
+  ];
+
   services = {
     photoprism = {
       enable = true;

modules/system/services/server/fileserver/public/photoprism/nginx/default.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:2342";
+      proxyWebsockets = true;
+    };
+  };
+}

modules/system/services/server/icecast/default.nix

@@ -2,10 +2,10 @@
 {
   imports = [
     ./nginx
+    ./liquidsoap
   ];
 
-  services = {
+  services.icecast = {
-    icecast = {
     enable = true;
     listen.port = 265;
     hostname = "icecast.${config.domains.jim1}";
@@ -32,34 +32,4 @@
       </mount>
     '';
   };
-
-    # The audio stream
-    liquidsoap.streams = {
-      jimbops = pkgs.writeText "liquidjim" ''
-        settings.log.stdout.set(true)
-        settings.init.allow_root.set(true)
-        settings.scheduler.fast_queues.set(2)
-        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-        
-        # Define the source with random playlist
-        jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
-        
-        # Ensure the stream never stops
-        jimbops_fallback = fallback([jimbops, jimbops])
-        
-        # Output configuration to Icecast
-        output.icecast(
-	  %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-          host="127.0.0.1",
-          port=265,
-          password="${config.secrets.castSourcePass}",
-          public=true,
-          icy_metadata=["artist", "title"],
-          mount="jimbops.opus",
-	  encoding = "UTF-8",
-          jimbops_fallback
-        )
-      '';
-    };
-  };
 }

modules/system/services/server/icecast/liquidsoap/default.nix

@@ -0,0 +1,30 @@
+{ pkgs, config, ... }:
+{
+  services.liquidsoap.streams = {
+    jimbops = pkgs.writeText "liquidjim" ''
+      settings.log.stdout.set(true)
+      settings.init.allow_root.set(true)
+      settings.scheduler.fast_queues.set(2)
+      settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+      
+      # Define the source with random playlist
+      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
+      
+      # Ensure the stream never stops
+      jimbops_fallback = fallback([jimbops, jimbops])
+      
+      # Output configuration to Icecast
+      output.icecast(
+        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+        host="127.0.0.1",
+        port=265,
+        password="${config.secrets.castSourcePass}",
+        public=true,
+        icy_metadata=["artist", "title"],
+        mount="jimbops.opus",
+        encoding = "UTF-8",
+        jimbops_fallback
+      )
+    '';
+  };
+}