Add smtp to pretty much every service on the server

2024-08-06 05:27:33 -04:00 · 2024-08-06 05:27:33 -04:00 · 963e056b93
parent 8eb0724768
commit 963e056b93
7 changed files with 277 additions and 93 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+Server/secrets.nix
--- a/PC/configuration.nix
+++ b/PC/configuration.nix
@ -67,10 +67,11 @@ in
  # Set all boot options
  boot = {
    # Set a kernel version and load/blacklist drivers
-    kernelPackages = pkgs.linuxPackages_xanmod_latest;
+    kernelPackages = pkgs.unstable.linuxPackages_zen;
    blacklistedKernelModules = [ "pcspkr" ];
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:13c2,10de:0fbb" ];
    initrd.kernelModules = [ "vfio" "vfio_pci" "vfio_iommu_type1" ];
+    kernel.sysctl."vm.max_map_count" = 2147483642;

    # Manage supported filesystems
    supportedFilesystems = {
@ -101,7 +102,12 @@ in
  hardware.enableRedistributableFirmware = true;

  # Enable the Nouveau drivers
-  services.xserver.videoDrivers = [ "nouveau" ];
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    nvidiaSettings = false;
+    package = config.boot.kernelPackages.nvidiaPackages.beta;
+  };

  # Enable a permissioning system
  security = {
@ -124,18 +130,21 @@ in
  # Timezone
  time.timeZone = "America/New_York";

-  # Define a user account
+  # Define user accounts
  users.users.jimbo = {
    description = "Jimbo Awesome";
    isNormalUser = true;
    hashedPassword = 
      "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimDebianServer"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON"
    ];
    extraGroups = [ 
-      "wheel" "audio" "video" "input" "disk" "dialout"
-      "networkmanager" "kvm" "libvirtd" "qemu-libvirtd"
+      "wheel" "audio" "video" "input" "disk" 
+      "dialout" "networkmanager" "rtkit"
+      "kvm" "libvirtd" "qemu-libvirtd" 
    ];
    uid = 1000;
    shell = pkgs.zsh;
@ -163,8 +172,6 @@ in
  # Enable OpenGL
  hardware.opengl = {
    enable = true;
-    package = pkgs.unstable.mesa.drivers;
-    package32 = pkgs.unstable.pkgsi686Linux.mesa.drivers;
    driSupport = true;
    driSupport32Bit = true;
    extraPackages = with pkgs; [
@ -204,14 +211,18 @@ in
      ];
      allowPing = false;
    };
-    extraHosts = ''
-      192.168.1.18 pc
-      192.168.1.17 server
-      192.168.2.2 vm
-    '';
+    
+    # Set hostnames
+    hosts = {
+      "192.168.2.10" = [ "pc" ];
+      "192.168.2.11" = [ "server" ];
+      "172.16.0.2" = [ "vm" ];
+    };
+
+    # Set nameserver
    nameservers = [ 
-      "1.1.1.1"
      "9.9.9.9" 
+      "1.1.1.1"
    ];
  };

@ -242,7 +253,7 @@ in
    pdpRules = pkgs.writeTextFile {
      name = "10-pdp.rules";
      text = ''
-        SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666", GROUP="plugdev"
+        SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666"
      '';
      destination = "/etc/udev/rules.d/10-pdp.rules";
    };
@ -390,6 +401,9 @@ in
  # Enable AppArmor
  security.apparmor.enable = true;

+  # Enable a keying agent
+  services.gnome.gnome-keyring.enable = true;
+
  # Enable Polkit for authentication
  security.polkit.enable = true;

@ -402,7 +416,7 @@ in
  # Attempt to automount USB drives
  services.udisks2.enable = true;

-  # Used for Seneca VPN
+  # Enable school VPN
  services.globalprotect.enable = true;

  # Define the initial install version and allow auto-upgrades
--- a/PC/hardware-configuration.nix
+++ b/PC/hardware-configuration.nix
@ -54,8 +54,8 @@
    };
    "/home/jimbo/JimboNFS" = {
      device = "server:/export/JimboNFS";
-      fsType = "nfs";
-      options = [ "nofail" ];
+      fsType = "nfs4";
+      options = [ "x-systemd.automount" "_netdev" "noauto" ];
    };
  };

--- a/PC/jimbo.nix
+++ b/PC/jimbo.nix
@ -95,7 +95,7 @@ let
      export __GLX_VENDOR_LIBRARY_NAME=nvidia
      export WLR_NO_HARDWARE_CURSORS=1
    else
-      export WLR_RENDERER=vulkan
+      :
    fi

    # Sway/Wayland
@ -1153,9 +1153,7 @@ let
    P:/home/jimbo/JimboNFS/Projects
    V:/home/jimbo/JimboNFS/Videos/Random
    m:/home/jimbo/JimboNFS/Music
-    L:/home/jimbo/JimboNFS/MineServers
    s:/home/jimbo/JimboNFS/School
-    N:/home/jimbo/JimboNFS/JimboOS/NixOS
  '';

  # Sunshine apps config
@ -1186,6 +1184,12 @@ let
    drivers=pulse
  '';

+  # Ncmpcpp configuration
+  ncmpcppConf = ''
+    browser_sort_mode = "name"
+    user_interface = "alternative"
+  '';
+
  # FireFox/LibreWolf colors
  foxJimCol = ''
    :root {
@ -1549,12 +1553,14 @@ in
      # Install user programs
      home.packages = (with pkgs; [
        # Useful programs
-        rofi-bluetooth bemoji imv qbittorrent libreoffice-fresh
-	easyeffects pavucontrol vesktop ffmpegthumbnailer
+        rofi-bluetooth bemoji imv qbittorrent
+	libreoffice-fresh easyeffects pavucontrol
+	vesktop element-desktop ffmpegthumbnailer
+	thunderbird

 	# Terminal programs
 	dua vimv p7zip fastfetch gotop pciutils
-	usbutils tcptrack mpc-cli ncmpcpp
+	usbutils tcptrack mpc-cli ncmpcpp protonvpn-cli_2

 	# Scripts as global programs
 	serverDash beScripts makoToggle swayLock
@ -1635,7 +1641,7 @@ in
        '';
      in {
        enable = true;
-	package = pkgs.unstable.sway; # swayfx
+	package = pkgs.sway; # swayfx
        wrapperFeatures.gtk = true;
 	checkConfig = false;
 	config = {
@ -1664,6 +1670,8 @@ in
 	    # Foreground apps
 	    { command = "librewolf -P Variety --name=Variety"; }
 	    { command = "vesktop --ozone-platform-hint=auto"; }
+	    { command = "element-desktop"; }
+	    { command = "thunderbird"; }
 	    { command = "serverdash"; }
 	  ];

@ -1824,9 +1832,11 @@ in
 	    "${primeMod}+Shift+b" = ''exec rofi-bluetooth'';
 	    "${primeMod}+Shift+Return" = ''exec ${terminal} ranger'';

-	    # Swaytools prop, colorpicker
+	    # Swaytools prop, colorpicker, obs-cmd
 	    "${primeMod}+Ctrl+x" = ''exec ${swayTools} --prop'';
 	    "${primeMod}+Ctrl+c" = ''exec ${pkgs.hyprpicker}/bin/hyprpicker -an && ${sendNotif} "Color copied to clipboard"'';
+	    "${primeMod}+Ctrl+Prior" = ''exec ${pkgs.obs-cmd}/bin/obs-cmd scene switch "Main"'';
+	    "${primeMod}+Ctrl+Next" = ''exec ${pkgs.obs-cmd}/bin/obs-cmd scene switch "Guest"'';

 	    ## Media keys

@ -2037,9 +2047,11 @@ in
 	    # Communication
 	    "${w3a}" = [{ class = "zoom"; }];
 	    "${w8}" = [{ app_id = "vesktop"; }];
+	    "${w9}" = [{ class = "Element"; }];
+	    "${w7a}" = [{ app_id = "thunderbird"; }];

 	    # Else
-	    "${w2}" = [{ class = "steam"; } { class = "heroic"; } { app_id = "lutris"; }];
+	    "${w2}" = [{ class = "SDL Application"; } { class = "heroic"; }];
 	    "${w2a}" = [{ app_id = "looking-glass-client"; }];
 	    "${w4}" = [{ app_id = "serverdash"; }];
 	    "${w4a}" = [{ app_id = "com.obsproject.Studio"; }];
@ -2554,14 +2566,12 @@ in
          "file:///home/jimbo/JimboNFS/Music"
          "file:///home/jimbo/JimboNFS/Photos"
          "file:///home/jimbo/JimboNFS/Videos"
-          "file:///home/jimbo/JimboNFS/MineServers"
          "file:///home/jimbo/JimboNFS/Projects"

 	  # Links and mounts
          "file:///home/jimbo/VMs"

 	  # More important stuff
-	  "file:///home/jimbo/JimboNFS/JimboOS"
          "file:///home/jimbo/JimboNFS/School"
 	];

@ -2871,10 +2881,9 @@ in
      programs.obs-studio = {
        enable = true;
        plugins = with pkgs.obs-studio-plugins; [
-	  obs-pipewire-audio-capture
-	  looking-glass-obs
-	  obs-webkitgtk
-	  advanced-scene-switcher
+	  obs-pipewire-audio-capture obs-webkitgtk 
+	  obs-multi-rtmp obs-vkcapture obs-tuna 
+	  advanced-scene-switcher looking-glass-obs
        ];
      };

@ -2949,7 +2958,7 @@ in
 	".alsoftrc".text = alsoftConf;

 	# Ncmpcpp config
-	".config/ncmpcpp/config".text = "browser_sort_mode = \"name\"";
+	".config/ncmpcpp/config".text = ncmpcppConf;

 	# LibreWolf profiles and theming
 	".librewolf/profiles.ini".text = foxProfiles;
@ -2991,6 +3000,8 @@ in
        syntaxHighlighting.enable = true;
 	initExtra = ''
 	  ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
+	  setopt HIST_IGNORE_SPACE
+	  setopt RM_STAR_WAIT
 	'';
        oh-my-zsh = {
          enable = true;
@ -3024,7 +3035,7 @@ in

          # Download from sources
          ytdl = "yt-dlp --embed-thumbnail --embed-metadata --output \"%(title)s.%(ext)s\"";
-          ytmp4 = "ytdl --recode-video mp4";
+          ytmp4 = "ytdl --recode-video webm";
 	  ytm3u = "yt-dlp -gS proto:m3u8";
 	  opusdl = "ytdl --recode-video opus";
 	  ytopus = "opusdl --format 251";
@ -3032,7 +3043,7 @@ in

 	  # Flakes
 	  buildiso = 
-	    "nix run github:nix-community/nixos-generators -- -f install-iso -c /etc/nixos/configuration.nix";
+	    "${pkgs.nixos-generators}/bin/nixos-generate -f install-iso -c /home/jimbo/Downloads/NixISO/configuration.nix";
        };
      };

--- a/Server/configuration.nix
+++ b/Server/configuration.nix
@ -9,10 +9,13 @@ let
  bloxeldomain = ''bloxelcom.net'';

  # IPs
-  localspan = ''192.168.1'';
-  pc = ''${localspan}.18'';
-  server = ''${localspan}.17'';
+  localspan = ''192.168.2'';
+  pc = ''${localspan}.10'';
+  server = ''${localspan}.11'';
  vm = ''${localspan}.70'';
+
+  # Secrets and passwords
+  secrets = import ./secrets.nix;
 in

 {
@ -67,22 +70,36 @@ in
  # Disable Nano
  programs.nano.enable = false;

-  # Define a user account.
+  # Define user account.
  users.users.jimbo = {
    isNormalUser = true;
-    hashedPassword = 
-      "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
+    hashedPassword = secrets.jimboAccPassword;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuCYrIZlD6LNpFh3XTYbXaPQWYysr1oZAX4DL3gF28l jimbo@DV-JHAMPTON"
    ];
-    extraGroups = [ "wheel" "docker" ];
+    extraGroups = [ "wheel" "docker" "musicFolder" "nfsShare" ];
    uid = 1000;
    shell = pkgs.zsh;
  };

-  # Add Nginx to extra groups
-  users.users.nginx.extraGroups = [ "turnserver" "virtualMail" ];
+  # Add service users to extra groups
+  users.users = { 
+    nginx = {
+      extraGroups = [ "turnserver" "virtualMail" ];
+      isSystemUser = true;
+    };
+    nextcloud = {
+      extraGroups = [ "nfsShare" "musicFolder" ];
+      isSystemUser = true;
+    };
+  };
+
+  # Define custom groups
+  users.groups = {
+    nfsShare = {};
+    musicFolder = {};
+  };

  # Installed programs to the system profile.
  environment.systemPackages = with pkgs; [
@ -110,9 +127,12 @@ in
        80 443

 	# Minecraft
-	25565 19132
+	25565 19132 

-	# Gitea
+	# Pufferpanel sftp
+        5657
+
+	# Gitea SSH
 	2299

 	# Coturn
@ -156,9 +176,9 @@ in
      ''
 	iptables -N RTMPCHAIN
        iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN
-	iptables -A RTMPCHAIN -s ${pc} -j ACCEPT
-	iptables -A RTMPCHAIN -s 71.87.124.226 -j ACCEPT
-	iptables -A RTMPCHAIN -s 24.66.98.13 -j ACCEPT
+	iptables -A RTMPCHAIN -s ${pc} -m comment --comment "Local PC" -j ACCEPT
+	iptables -A RTMPCHAIN -s 71.87.124.226 -m comment --comment "Luna IP" -j ACCEPT
+	iptables -A RTMPCHAIN -s 24.66.98.13 -m comment --comment "Freecorn IP" -j ACCEPT
 	iptables -A RTMPCHAIN -j DROP
      '' +

@ -225,10 +245,21 @@ in
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
+	# Homepage redirect
+        "${jimdomain}" =  {
+          enableACME = true;
+          addSSL = true;
+          locations."/" = {
+            extraConfig = "
+	      return 301 https://social.${bloxeldomain}/@jimbo;
+	    ";
+          };
+        };
+
 	# Nextcloud Proxy
        "cloud.${jimdomain}" =  {
          enableACME = true;
-          forceSSL = true;
+          addSSL = true;
          locations."/" = {
            proxyWebsockets = true;
            extraConfig = "
@ -283,6 +314,16 @@ in
          };
        };

+	# Gitea Proxy
+        "mc.${jimdomain}" =  {
+          enableACME = true;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:5010";
+            proxyWebsockets = true;
+          };
+        };
+
 	# Matrix Proxy
        "matrix.${bloxeldomain}" = {
          enableACME = true;
@ -293,8 +334,8 @@ in

 	# Element Proxy
 	"chat.${bloxeldomain}" = {
-          addSSL = true;
          enableACME = true;
+          addSSL = true;
          root = "${pkgs.element-web}";
        };

@ -347,8 +388,8 @@ in

 	# Staging Bloxel Proxy
 	"staging.${bloxeldomain}" = {
-          addSSL = true;
          enableACME = true;
+          addSSL = true;
          root = "/var/www/bloxelcomweb/landing-page/";
 	  locations."/BloxelcomCable/hls" = {
 	    extraConfig = ''
@ -396,6 +437,11 @@ in
 	      hls_fragment 3;
              hls_playlist_length 40;
            }
+            application forward {
+              record off;
+              live on;
+	      allow play all;
+            }
          }
        }
      '';
@ -416,6 +462,16 @@ in
 	trusted_proxies = [ "127.0.0.1" ];
 	trusted_domains = [ "cloud.${jimdomain}" ];
        overwriteprotocol = "https";
+
+	# Mailserver settings
+	mail_smtphost = "mx.${bloxeldomain}";
+	mail_domain = "${bloxeldomain}";
+	mail_from_address = "noreply";
+	mail_smtpauth = "true";
+	mail_smtpname = "noreply@${bloxeldomain}";
+	mail_smtppassword = secrets.noreplyPassword;
+	mail_smtpmode = "smtp";
+	mail_smtpport = 587;
      };
    };

@ -428,6 +484,16 @@ in
        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = 8222;
        ROCKET_LOG = "critical";
+
+	# Smtp email
+	SMTP_HOST = "mx.${bloxeldomain}";
+	SMTP_FROM = "noreply@${bloxeldomain}";
+	SMTP_FROM_NAME = "Vaultwarden";
+	SMTP_USERNAME = "noreply@${bloxeldomain}";
+	SMTP_PASSWORD = secrets.noreplyPassword;
+	SMTP_SECURITY = "starttls";
+	SMTP_PORT = 587;
+	SMTP_TIMEOUT = 15;
      };
    };

@ -448,10 +514,75 @@ in
          SSH_PORT = 2299;
          START_SSH_SERVER = true;
        };
+	mailer = {
+	  ENABLED = true;
+	  SMTP_ADDR = "mx.${bloxeldomain}";
+	  FROM = "noreply@${bloxeldomain}";
+	  PASSWD = secrets.noreplyPassword;
+	  PROTOCOL = "smtp+starttls";
+	  SMTP_PORT = 587;
+	};
 	service.DISABLE_REGISTRATION = true;
      };
    };

+    # Pufferpannel for Minecraft
+    pufferpanel = {
+      enable = true;
+      environment = {
+        PUFFER_WEB_HOST = ":5010";
+	PUFFER_PANEL_REGISTRATIONENABLED = "false";
+	PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
+	PUFFER_PANEL_EMAIL_HOST = "mx.${bloxeldomain}:587";
+	PUFFER_PANEL_EMAIL_FROM = "noreply@${bloxeldomain}";
+	PUFFER_PANEL_EMAIL_USERNAME = "noreply@${bloxeldomain}";
+	PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
+      };
+      extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
+      package = pkgs.buildFHSEnv {
+        name = "pufferpanel-fhs";
+	meta.mainProgram = "pufferpanel-fhs";
+        runScript = lib.getExe pkgs.pufferpanel;
+        targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
+      };
+    };
+
+    # MariaDB
+    mysql = {
+      enable = true;
+      package = pkgs.mariadb;
+      dataDir = "/var/lib/mysql";
+      initialDatabases = [
+        { name = "nextcloud"; }
+        { name = "matrix"; }
+        { name = "git"; }
+        { name = "minecraft"; }
+      ];
+      ensureUsers = [
+        {
+          name = "nextcloud";
+          ensurePermissions = {
+            "nextcloud.*" = "ALL PRIVILEGES";
+          };
+        }{
+          name = "matrix-synapse";
+          ensurePermissions = {
+            "matrix.*" = "ALL PRIVILEGES";
+          };
+        }{
+          name = "gitea";
+          ensurePermissions = {
+            "git.*" = "ALL PRIVILEGES";
+          };
+        }{
+          name = "minecraft";
+          ensurePermissions = {
+            "minecraft.*" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+    };
+
    # Owncast
    owncast = {
      enable = true;
@ -477,7 +608,6 @@ in
    # Synapse for Matrix clients
    matrix-synapse = with config.services.coturn; {
      enable = true;
-      extraConfigFiles = [ "/etc/matrix-synapse/conf.d/email-conf.yaml" ];
      settings = {
        server_name = "${bloxeldomain}";
 	public_baseurl = "https://matrix.${bloxeldomain}";
@ -494,6 +624,26 @@ in
          x_forwarded = true;
        }];

+	# Enable smtp for password resets
+	email = {
+	  notif_from = "Bloxelcom's Matrix Homeserver <noreply@bloxelcom.net>";
+	  smtp_host = "mx.${bloxeldomain}";
+	  smtp_user = "noreply@${bloxeldomain}";
+	  smtp_pass = secrets.noreplyPassword;
+	  enable_tls = true;
+	  smtp_port = 587;
+	  require_transport_security = true;
+	};
+
+	# Disable registration without email
+	registrations_require_3pid = [ "email" ];
+
+	# Allow only this range of emails
+	allowed_local_3pids = [{
+	  medium = "email";
+	  pattern = "^[^@]+@bloxelcom\\.net$";
+	}];
+
 	# Set the type of database
 	database.name = "sqlite3";

@ -522,17 +672,17 @@ in
      streamingProcesses = 4;
      configureNginx = true;
      smtp = {
+	createLocally = false;
 	host = "mx.${bloxeldomain}";
 	port = 587;
 	authenticate = true;
-	user = "noreply@${bloxeldomain}";
-	passwordFile = "/var/lib/mastodon/secrets/smtp-password";
        fromAddress = "noreply@${bloxeldomain}";
-	createLocally = false;
+	user = "noreply@${bloxeldomain}";
+	passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword;
      };
    };

-    # Try Lemmy
+    # Lemmy forums
    lemmy = {
      enable = true;
      nginx.enable = true;
@ -543,19 +693,13 @@ in
          smtp_server = "mx.${bloxeldomain}:587";
 	  smtp_login = "noreply@${bloxeldomain}";
          smtp_from_address = "noreply@${bloxeldomain}";
+	  smtp_password = secrets.noreplyPassword;
 	  tls_type = "starttls";
        };
      };
-      smtpPasswordFile = "/var/lib/mastodon/secrets/smtp-password";
    };

-    # Snowflake proxy for Tor
-    snowflake-proxy.enable = true;
-
-    # Fix a nonbuilding issue
-    logrotate.checkConfig = false;
-
-    # Try roundcube
+    # Roundcube mail server
    roundcube = {
     enable = true;
     hostName = "mail.${bloxeldomain}";
@ -565,6 +709,12 @@ in
       $config['smtp_pass'] = "%p";
     '';
    };
+
+    # Snowflake proxy for Tor
+    snowflake-proxy.enable = true;
+
+    # Fix a nonbuilding issue
+    logrotate.checkConfig = false;
  };

  # Make Nginx not shit itself
@ -626,21 +776,25 @@ in
    # Generate passwords with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "noreply@${bloxeldomain}" = {
-        hashedPasswordFile = "${pkgs.writeText "noreply" "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2"}";
+        hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplySmtpHash;
 	sendOnly = true;
      };
      "jimbo@${bloxeldomain}" = {
-        hashedPasswordFile = "${pkgs.writeText "jimbo" "$2b$05$Chm7AjSicifTVpUWjOx1q.9YGaokIjxijAfqKTmI6o3OR2QU0B4U."}";
+        hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboSmtpHash;
        aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
      };
      "lunamoonlight@${bloxeldomain}" = {
-        hashedPasswordFile = "${pkgs.writeText "luna" "$2a$12$ytZ1k4S.XvQAvzc3pHNDV.m7A/bo8PKznA2qH27g5QHMYDloFHdnK"}";
+        hashedPasswordFile = pkgs.writeText "luna" secrets.lunaSmtpHash;
        aliases = [ "us@${bloxeldomain}" "contact@${bloxeldomain}" ];
      };
      "freecorn1854@${bloxeldomain}" = {
-        hashedPasswordFile = "${pkgs.writeText "freecorn1854" "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm"}";
+        hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornSmtpHash;
        aliases = [ "canada@${bloxeldomain}" "contact@${bloxeldomain}" ];
      };
+      "tinyattack09@${bloxeldomain}" = {
+        hashedPasswordFile = pkgs.writeText "tiny" secrets.tinySmtpHash;
+	aliases = [ "smallthing@${bloxeldomain}" ];
+      };
    };
  };

--- a/Server/hardware-configuration.nix
+++ b/Server/hardware-configuration.nix
@ -19,7 +19,6 @@
    "/home/jimbo/JimboNFS" = {
      device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51";
      fsType = "ext4";
-      neededForBoot = true;
    };
    "/export/JimboNFS" = {
      device = "/home/jimbo/JimboNFS";
@ -27,41 +26,53 @@
      options = [ "bind" ];
    };
    "/mnt/nextcloud/data/JimboNFS" = {
-      device = "/home/jimbo/JimboNFS";
-      fsType = "none";
-      options = [ "bind" ];
-    };
-    "/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
-      device = "/home/jimbo/JimboNFS/Music";
+      device = "/export/JimboNFS";
      fsType = "none";
      options = [ "bind" ];
    };

-    # Atrocity
+    # Atrocity of var bindmounts
    "/var/lib/bitwarden_rs" = {
-      device = "/home/jimbo/JimboNFS/System/var/lib/bitwarden_rs";
+      device = "/export/JimboNFS/System/var/lib/bitwarden_rs";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
    };
    "/var/lib/gitea" = {
-      device = "/home/jimbo/JimboNFS/System/var/lib/gitea";
+      device = "/export/JimboNFS/System/var/lib/gitea";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
    };
    "/var/lib/matrix-synapse" = {
-      device = "/home/jimbo/JimboNFS/System/var/lib/matrix-synapse";
+      device = "/export/JimboNFS/System/var/lib/matrix-synapse";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
    };
    "/var/lib/nextcloud" = {
-      device = "/home/jimbo/JimboNFS/System/var/lib/nextcloud";
+      device = "/export/JimboNFS/System/var/lib/nextcloud";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
    };
    "/var/lib/owncast" = {
-      device = "/home/jimbo/JimboNFS/System/var/lib/owncast";
+      device = "/export/JimboNFS/System/var/lib/owncast";
      fsType = "none";
      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
+    };
+    "/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
+      device = "/export/JimboNFS/Music";
+      fsType = "none";
+      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
+    };
+    "/var/lib/pufferpanel/servers" = {
+      device = "/export/JimboNFS/MineServers";
+      fsType = "none";
+      options = [ "bind" ];
+      depends = [ "/export/JimboNFS" ];
    };
  };
  swapDevices = [
--- a/Server/jimbo.nix
+++ b/Server/jimbo.nix
@ -355,11 +355,11 @@ let
    a:/home/jimbo/JimboNFS
    K:/home/jimbo/JimboNFS/Downloads
    p:/home/jimbo/JimboNFS/Photos
+    P:/home/jimbo/JimboNFS/Projects
    V:/home/jimbo/JimboNFS/Videos/Random
    m:/home/jimbo/JimboNFS/Music
    L:/home/jimbo/JimboNFS/MineServers
    s:/home/jimbo/JimboNFS/School
-    N:/home/jimbo/JimboNFS/JimboOS/NixOS
  '';
 in

@ -514,6 +514,8 @@ in
        syntaxHighlighting.enable = true;
 	initExtra = ''
 	  ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
+	  setopt HIST_IGNORE_SPACE
+	  setopt RM_STAR_WAIT
 	'';
        oh-my-zsh = {
          enable = true;
@ -524,7 +526,7 @@ in
 	  mineServers = ''/home/jimbo/JimboNFS/MineServers'';
 	in {
 	  # NixOS aliases
-	  nixcfg = "nvim /etc/nixos/{configuration,jimbo,hardware-configuration}.nix";
+	  nixcfg = "nvim /etc/nixos/{configuration,jimbo,secrets,hardware-configuration}.nix";
          nixswitch = "${auth} nixos-rebuild switch";
 	  nixdate = "${auth} nixos-rebuild switch --upgrade-all";
          nixclean = "${auth} nix-store --gc; nix-collect-garbage -d";
@ -540,15 +542,6 @@ in

 	  # Start basic programs
 	  controlpanel = "tmux new-session -d -s control; tmux attach -t control";
-
-	  # Minecraft stuff
-          mcstart21 = "${pkgs.temurin-jre-bin-21}/bin/java -Xmx4G -jar";
-          mcstart8 = "${pkgs.temurin-jre-bin-8}/bin/java -Xmx4G -jar";
-	  velocitystart = "cd ${mineServers}/Velocity && mcstart21 velocity*";
-          johnstart = "cd ${mineServers}/Johnside-SMP && mcstart21 paper* --nogui";
-          bloxelstart = "cd ${mineServers}/Bloxelcom && mcstart21 paper* --nogui";
-          dewstart = "cd ${mineServers}/DewDestroyer && mcstart21 paper* --nogui";
-          betastart = "cd ${mineServers}/BetaServer && mcstart8 Posiden*";
        };
      };