From a5f06865deb6bdd0f83976c515c05199c6675c89 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 15 Oct 2024 17:46:44 -0400 Subject: [PATCH] Catch all the stuff I missed in the server services to get them to build --- hosts/cyberspark/home/default.nix | 16 +++++---- hosts/cyberspark/system/default.nix | 7 +++- hosts/cyberspark/system/hardware/default.nix | 4 +-- .../networking/firewall/server/default.nix | 34 +++++++++---------- .../networking/wireguard/pc/default.nix | 10 +++--- .../networking/wireguard/server/default.nix | 24 ++++++------- .../devices/networking/wireless/default.nix | 2 +- .../system/services/server/acme/default.nix | 6 ++-- .../services/server/ddclient/default.nix | 26 +++++++------- .../server/fileserver/local/samba/default.nix | 4 +-- .../fileserver/public/nextcloud/default.nix | 16 ++++----- .../fileserver/public/photoprism/default.nix | 8 ++--- .../services/server/forgejo/default.nix | 14 ++++---- .../services/server/forgejo/nginx/default.nix | 4 +-- .../services/server/icecast/default.nix | 10 +++--- .../services/server/icecast/nginx/default.nix | 4 +-- .../services/server/mailserver/default.nix | 30 ++++++++-------- .../server/mailserver/nginx/default.nix | 4 +-- .../server/mailserver/roundcube/default.nix | 6 ++-- .../services/server/minecraft/default.nix | 6 ++-- .../minecraft/servers/blockworld/default.nix | 2 +- .../servers/dewdemolisher/default.nix | 2 +- .../minecraft/servers/johnside/default.nix | 6 ++-- .../minecraft/servers/roguecraft/default.nix | 10 +++--- .../minecraft/servers/uberbeta/default.nix | 2 +- .../minecraft/servers/velocity/default.nix | 2 +- .../system/services/server/nginx/default.nix | 10 +++--- .../services/server/social/lemmy/default.nix | 12 +++---- .../server/social/lemmy/nginx/default.nix | 4 +-- .../server/social/mastodon/default.nix | 12 +++---- .../server/social/matrix/element/default.nix | 12 +++---- .../social/matrix/element/nginx/default.nix | 4 +-- .../social/matrix/synapse/coturn/default.nix | 16 +++++---- .../matrix/synapse/coturn/nginx/default.nix | 4 +-- .../server/social/matrix/synapse/default.nix | 14 ++++---- .../social/matrix/synapse/nginx/default.nix | 4 +-- .../matrix/synapse/slidingsync/default.nix | 10 +++--- .../server/social/owncast/default.nix | 2 +- .../server/social/owncast/nginx/default.nix | 4 +-- .../server/social/pixelfed/default.nix | 18 +++++----- .../services/server/transmission/default.nix | 4 +-- .../server/transmission/nginx/default.nix | 4 +-- .../services/server/vaultwarden/default.nix | 12 +++---- .../server/vaultwarden/nginx/default.nix | 4 +-- 44 files changed, 212 insertions(+), 197 deletions(-) diff --git a/hosts/cyberspark/home/default.nix b/hosts/cyberspark/home/default.nix index fa95c6f..1b90c7f 100644 --- a/hosts/cyberspark/home/default.nix +++ b/hosts/cyberspark/home/default.nix @@ -1,14 +1,18 @@ { ... }: { imports = [ + # Programs and apps ../../../modules/home ../../../modules/home/users - ../../../modules/home/programs/fastfetch - ../../../modules/home/programs/git - ../../../modules/home/programs/ncmpcpp - ../../../modules/home/programs/neovim - ../../../modules/home/programs/ranger - ../../../modules/home/programs/tmux + ../../../modules/home/programs/terminal/fastfetch + ../../../modules/home/programs/terminal/git + ../../../modules/home/programs/terminal/neovim + ../../../modules/home/programs/terminal/ranger + ../../../modules/home/programs/terminal/tmux ../../../modules/home/utils/zsh + + # Misc + ../../../overlays + ../../../variables ]; } diff --git a/hosts/cyberspark/system/default.nix b/hosts/cyberspark/system/default.nix index 5cddfb3..d3e5778 100644 --- a/hosts/cyberspark/system/default.nix +++ b/hosts/cyberspark/system/default.nix @@ -3,10 +3,10 @@ imports = [ ./hardware - mailserver.nixosModule ../../../modules/system ../../../modules/system/accounts ../../../modules/system/devices/filesystems + ../../../modules/system/devices/boot/systemd ../../../modules/system/devices/networking ../../../modules/system/devices/networking/firewall/server ../../../modules/system/devices/networking/wireguard/server @@ -14,6 +14,11 @@ ../../../modules/system/programs/security ../../../modules/system/services/common ../../../modules/system/services/server + + ../../../overlays + ../../../variables + + mailserver.nixosModule ]; networking.hostName = "cyberspark"; diff --git a/hosts/cyberspark/system/hardware/default.nix b/hosts/cyberspark/system/hardware/default.nix index e112d0c..1135771 100644 --- a/hosts/cyberspark/system/hardware/default.nix +++ b/hosts/cyberspark/system/hardware/default.nix @@ -1,4 +1,4 @@ -{ config, outputs, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") @@ -25,7 +25,7 @@ swraid = { enable = true; mdadmConf = '' - MAILADDR jimbo@${outputs.secrets.jimDomain} + MAILADDR jimbo@jimbosfiles.com ''; }; }; diff --git a/modules/system/devices/networking/firewall/server/default.nix b/modules/system/devices/networking/firewall/server/default.nix index 1d351e4..fdf6459 100644 --- a/modules/system/devices/networking/firewall/server/default.nix +++ b/modules/system/devices/networking/firewall/server/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { # Allow forwarding boot.kernel.sysctl."net.ipv4.ip_forward" = 1; @@ -10,9 +10,9 @@ firewall = { allowPing = false; extraInputRules = '' - ip saddr { ${outputs.ips.localSpan}.0/24, ${outputs.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS" - ip saddr { ${outputs.ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" - ip saddr ${outputs.ips.wgSpan}.3 tcp dport ${mailPorts} accept comment "Accept mail" + ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS" + ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" + ip saddr ${config.ips.wgSpan}.3 tcp dport ${mailPorts} accept comment "Accept mail" ''; }; @@ -24,28 +24,28 @@ content = '' chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; - tcp dport 2211 dnat to ${outputs.ips.pc}:22 comment "SSH to PC" - tcp dport 2233 dnat to ${outputs.ips.wgSpan}.3:22 comment "SSH to Oracle VM" + tcp dport 2211 dnat to ${config.ips.pc}:22 comment "SSH to PC" + tcp dport 2233 dnat to ${config.ips.wgSpan}.3:22 comment "SSH to Oracle VM" - udp dport { 27005, 27015, 7777 } dnat to ${outputs.ips.pc} comment "PC Hosted Games" + udp dport { 27005, 27015, 7777 } dnat to ${config.ips.pc} comment "PC Hosted Games" - tcp dport { 58010, 57989, 57984 } dnat to ${outputs.ips.pc} comment "PC Sunshine TCP" - udp dport { 57998, 57999, 58000 } dnat to ${outputs.ips.pc} comment "PC Sunshine UDP" + tcp dport { 58010, 57989, 57984 } dnat to ${config.ips.pc} comment "PC Sunshine TCP" + udp dport { 57998, 57999, 58000 } dnat to ${config.ips.pc} comment "PC Sunshine UDP" - tcp dport { 38010, 37989, 37984 } dnat to ${outputs.ips.vm} comment "VM Sunshine TCP" - udp dport { 37998, 37999, 38000 } dnat to ${outputs.ips.vm} comment "VM Sunshine UDP" + tcp dport { 38010, 37989, 37984 } dnat to ${config.ips.vm} comment "VM Sunshine TCP" + udp dport { 37998, 37999, 38000 } dnat to ${config.ips.vm} comment "VM Sunshine UDP" - udp dport { 7790, 7791, 7792 } dnat to ${outputs.ips.hx} comment "Deus Ex" + udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex" - ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${outputs.ips.vm} comment "VM ALVR TCP" - ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${outputs.ips.vm} comment "VM ALVR UDP" + ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP" + ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP" } chain POSTROUTING { type nat hook postrouting priority 100; policy accept; - oifname "${outputs.ips.netInt}" masquerade - iifname "${outputs.ips.netInt}" oifname "${outputs.ips.wgInt}" masquerade comment "Traffic from public to WireGuard" - tcp dport ${mailPorts} oifname != "${outputs.ips.wgInt}" drop comment "Send mail" + oifname "${config.ips.netInt}" masquerade + iifname "${config.ips.netInt}" oifname "${config.ips.wgInt}" masquerade comment "Traffic from public to WireGuard" + tcp dport ${mailPorts} oifname != "${config.ips.wgInt}" drop comment "Send mail" } ''; }; diff --git a/modules/system/devices/networking/wireguard/pc/default.nix b/modules/system/devices/networking/wireguard/pc/default.nix index 360bb41..a792486 100644 --- a/modules/system/devices/networking/wireguard/pc/default.nix +++ b/modules/system/devices/networking/wireguard/pc/default.nix @@ -1,19 +1,19 @@ -{ outputs, ... }: +{ config, ... }: { networking.firewall = { allowedUDPPorts = [ 51820 ]; }; networking.wireguard.interfaces = { - "${outputs.ips.wgInt}" = { + "${config.ips.wgInt}" = { # Define IP of client in per device config listenPort = 51820; - privateKey = outputs.secrets.wgClientPriv; + privateKey = config.secrets.wgClientPriv; peers = [ { # 0.0.0.0 makes wg act like a traditional VPN - publicKey = outputs.secrets.wgServerPub; + publicKey = config.secrets.wgServerPub; allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "sv.${outputs.secrets.jimDomain}:51820"; + endpoint = "sv.${config.secrets.jimDomain}:51820"; persistentKeepalive = 25; } ]; diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix index 2b725da..e8d8a43 100644 --- a/modules/system/devices/networking/wireguard/server/default.nix +++ b/modules/system/devices/networking/wireguard/server/default.nix @@ -1,10 +1,10 @@ -{ outputs, ... }: +{ config, ... }: { networking = { nat = { enable = true; - externalInterface = "${outputs.ips.netInt}"; - internalInterfaces = [ "${outputs.ips.wgInt}" ]; + externalInterface = "${config.ips.netInt}"; + internalInterfaces = [ "${config.ips.wgInt}" ]; }; firewall.allowedUDPPorts = [ 51820 ]; }; @@ -12,22 +12,22 @@ networking.wireguard = { enable = true; interfaces = { - "${outputs.ips.wgInt}" = { - ips = [ "${outputs.ips.wgSpan}.1/24" ]; + "${config.ips.wgInt}" = { + ips = [ "${config.ips.wgSpan}.1/24" ]; listenPort = 51820; - privateKey = outputs.secrets.wgServerPriv; + privateKey = config.secrets.wgServerPriv; peers = [ { # Jimbo Pixel 9 - publicKey = outputs.secrets.wgPixel9Pub; - allowedIPs = [ "${outputs.ips.wgSpan}.2/32" ]; + publicKey = config.secrets.wgPixel9Pub; + allowedIPs = [ "${config.ips.wgSpan}.2/32" ]; } { # Oracle VM - publicKey = outputs.secrets.wgOraclePub; - allowedIPs = [ "${outputs.ips.wgSpan}.3/32" ]; + publicKey = config.secrets.wgOraclePub; + allowedIPs = [ "${config.ips.wgSpan}.3/32" ]; } { # General Nix - publicKey = outputs.secrets.wgClientPub; - allowedIPs = [ "${outputs.ips.wgSpan}.16/28" ]; + publicKey = config.secrets.wgClientPub; + allowedIPs = [ "${config.ips.wgSpan}.16/28" ]; } ]; }; diff --git a/modules/system/devices/networking/wireless/default.nix b/modules/system/devices/networking/wireless/default.nix index 862db58..cc3c95a 100644 --- a/modules/system/devices/networking/wireless/default.nix +++ b/modules/system/devices/networking/wireless/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ ... }: { networking = { wireless.iwd.enable = true; diff --git a/modules/system/services/server/acme/default.nix b/modules/system/services/server/acme/default.nix index 20070f1..f6ad5b8 100644 --- a/modules/system/services/server/acme/default.nix +++ b/modules/system/services/server/acme/default.nix @@ -1,10 +1,10 @@ -{ outputs, ... }: +{ config, ... }: { security.acme = { acceptTerms = true; - defaults.email = outputs.secrets.jimEmail; + defaults.email = "jimjam4real@gmail.com"; certs = { - "turn.${outputs.secrets.jimDomain}" = { + "turn.${config.secrets.jimDomain}" = { group = "turnserver"; postRun = "systemctl restart coturn.service"; }; diff --git a/modules/system/services/server/ddclient/default.nix b/modules/system/services/server/ddclient/default.nix index e3e8759..417a7ad 100644 --- a/modules/system/services/server/ddclient/default.nix +++ b/modules/system/services/server/ddclient/default.nix @@ -1,23 +1,23 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.ddclient = { enable = true; protocol = "cloudflare"; use = "web, web=https://ipinfo.io/ip"; - zone = "${outputs.secrets.jimDomain}"; + zone = "${config.secrets.jimDomain}"; username = "token"; - passwordFile = "${pkgs.writeText "cloudflareapikey" outputs.secrets.flareApiKey}"; + passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; domains = [ - "${outputs.secrets.jimDomain}" - "*.${outputs.secrets.jimDomain}" - "sv.${outputs.secrets.jimDomain}" - "git.${outputs.secrets.jimDomain}" - "rtmp.${outputs.secrets.jimDomain}" - "turn.${outputs.secrets.jimDomain}" - "dew.${outputs.secrets.jimDomain}" - "john.${outputs.secrets.jimDomain}" - "beta.${outputs.secrets.jimDomain}" - "rogue.${outputs.secrets.jimDomain}" + "${config.secrets.jimDomain}" + "*.${config.secrets.jimDomain}" + "sv.${config.secrets.jimDomain}" + "git.${config.secrets.jimDomain}" + "rtmp.${config.secrets.jimDomain}" + "turn.${config.secrets.jimDomain}" + "dew.${config.secrets.jimDomain}" + "john.${config.secrets.jimDomain}" + "beta.${config.secrets.jimDomain}" + "rogue.${config.secrets.jimDomain}" ]; }; } diff --git a/modules/system/services/server/fileserver/local/samba/default.nix b/modules/system/services/server/fileserver/local/samba/default.nix index e95e6d8..7236f2d 100644 --- a/modules/system/services/server/fileserver/local/samba/default.nix +++ b/modules/system/services/server/fileserver/local/samba/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { services = { samba = { @@ -9,7 +9,7 @@ workgroup = WORKGROUP server string = JimSMB security = user - hosts allow = ${outputs.ips.localSpan}. 127.0.0.1 localhost + hosts allow = ${config.ips.localSpan}. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user diff --git a/modules/system/services/server/fileserver/public/nextcloud/default.nix b/modules/system/services/server/fileserver/public/nextcloud/default.nix index bcef9dd..d69370d 100644 --- a/modules/system/services/server/fileserver/public/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix @@ -1,10 +1,10 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services = { nextcloud = { enable = true; package = pkgs.nextcloud29; - hostName = "cloud.${outputs.secrets.jimDomain}"; + hostName = "cloud.${config.secrets.jimDomain}"; datadir = "/mnt/nextcloud"; https = true; config = { @@ -13,20 +13,20 @@ }; settings = { trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ]; + trusted_domains = [ "cloud.${config.secrets.jimDomain}" ]; overwriteprotocol = "https"; - mail_smtphost = "mx.${outputs.secrets.jimDomain}"; - mail_domain = "${outputs.secrets.jimDomain}"; + mail_smtphost = "mx.${config.secrets.jimDomain}"; + mail_domain = "${config.secrets.jimDomain}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${outputs.secrets.jimDomain}"; - mail_smtppassword = outputs.secrets.noreplyPassword; + mail_smtpname = "noreply@${config.secrets.jimDomain}"; + mail_smtppassword = config.secrets.noreplyPassword; mail_smtpmode = "smtp"; mail_smtpport = 587; }; }; - nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" = { + nginx.virtualHosts."cloud.${config.secrets.jimDomain}" = { enableACME = true; addSSL = true; locations."/" = { diff --git a/modules/system/services/server/fileserver/public/photoprism/default.nix b/modules/system/services/server/fileserver/public/photoprism/default.nix index b1b9d76..635354c 100644 --- a/modules/system/services/server/fileserver/public/photoprism/default.nix +++ b/modules/system/services/server/fileserver/public/photoprism/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { services = { photoprism = { @@ -8,17 +8,17 @@ address = "0.0.0.0"; settings = { PHOTOPRISM_ADMIN_USER = "jimbo"; - PHOTOPRISM_ADMIN_PASSWORD = "${outputs.secrets.prismAdminPass}"; + PHOTOPRISM_ADMIN_PASSWORD = "${config.secrets.prismAdminPass}"; PHOTOPRISM_DEFAULT_LOCALE = "en"; PHOTOPRISM_DATABASE_DRIVER = "mysql"; PHOTOPRISM_DATABASE_NAME = "photoprism"; PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; PHOTOPRISM_DATABASE_USER = "photoprism"; - PHOTOPRISM_SITE_URL = "https://gallery.${outputs.secrets.jimDomain}"; + PHOTOPRISM_SITE_URL = "https://gallery.${config.secrets.jimDomain}"; PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism"; }; }; - nginx.virtualHosts."gallery.${outputs.secrets.jimDomain}" = { + nginx.virtualHosts."gallery.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index f46c11f..93a5ee0 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { imports = [ ./nginx @@ -9,8 +9,8 @@ enable = true; settings = { server = { - DOMAIN = "git.${outputs.secrets.jimDomain}"; - ROOT_URL = "https://git.${outputs.secrets.jimDomain}:443"; + DOMAIN = "git.${config.secrets.jimDomain}"; + ROOT_URL = "https://git.${config.secrets.jimDomain}:443"; HTTP_PORT = 3110; SSH_PORT = 2299; START_SSH_SERVER = true; @@ -20,10 +20,10 @@ }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${outputs.secrets.jimDomain}"; - FROM = "Jimbo's Git "; - USER = "noreply@${outputs.secrets.jimDomain}"; - PASSWD = outputs.secrets.noreplyPassword; + SMTP_ADDR = "mx.${config.secrets.jimDomain}"; + FROM = "Jimbo's Git "; + USER = "noreply@${config.secrets.jimDomain}"; + PASSWD = config.secrets.noreplyPassword; PROTOCOL = "smtps"; }; service = { diff --git a/modules/system/services/server/forgejo/nginx/default.nix b/modules/system/services/server/forgejo/nginx/default.nix index a056a3b..ded93dd 100644 --- a/modules/system/services/server/forgejo/nginx/default.nix +++ b/modules/system/services/server/forgejo/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."git.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."git.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 419f08e..3fd4fbe 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { imports = [ ./nginx @@ -8,14 +8,14 @@ icecast = { enable = true; listen.port = 265; - hostname = "icecast.${outputs.secrets.jimDomain}"; + hostname = "icecast.${config.secrets.jimDomain}"; admin = { user = "jimbo"; - password = "${outputs.secrets.castAdminPass}"; + password = "${config.secrets.castAdminPass}"; }; extraConf = '' - ${outputs.secrets.castSourcePass} + ${config.secrets.castSourcePass} Canada @@ -52,7 +52,7 @@ %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)), host="127.0.0.1", port=265, - password="${outputs.secrets.castSourcePass}", + password="${config.secrets.castSourcePass}", public=true, icy_metadata=["artist", "title"], mount="jimbops.opus", diff --git a/modules/system/services/server/icecast/nginx/default.nix b/modules/system/services/server/icecast/nginx/default.nix index b3864d4..8e77e35 100644 --- a/modules/system/services/server/icecast/nginx/default.nix +++ b/modules/system/services/server/icecast/nginx/default.nix @@ -1,6 +1,6 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { - services.nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."icecast.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/default.nix b/modules/system/services/server/mailserver/default.nix index 6f3f9b2..315b2a0 100644 --- a/modules/system/services/server/mailserver/default.nix +++ b/modules/system/services/server/mailserver/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { imports = [ ./nginx @@ -8,8 +8,8 @@ mailserver = rec { enable = true; openFirewall = false; - domains = [ "${outputs.secrets.jimDomain}" ]; - fqdn = "mx.${outputs.secrets.jimDomain}"; + domains = [ "${config.secrets.jimDomain}" ]; + fqdn = "mx.${config.secrets.jimDomain}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; @@ -17,29 +17,29 @@ # Dmarc info dmarcReporting = { enable = true; - domain = "${outputs.secrets.jimDomain}"; + domain = "${config.secrets.jimDomain}"; localpart = "noreply"; organizationName = "Jimbo's Files"; }; # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { - "noreply@${outputs.secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash; + "noreply@${config.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash; sendOnly = true; }; - "jimbo@${outputs.secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash; - aliases = [ "james@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ]; + "jimbo@${config.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash; + aliases = [ "james@${config.secrets.jimDomain}" "contact@${config.secrets.jimDomain}" ]; }; - "lunamoonlight@${outputs.secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash; + "lunamoonlight@${config.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash; }; - "freecorn1854@${outputs.secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash; + "freecorn1854@${config.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "freecorn" config.secrets.freecornMailHash; }; - "tinyattack09@${outputs.secrets.jimDomain}" = { - hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash; + "tinyattack09@${config.secrets.jimDomain}" = { + hashedPasswordFile = pkgs.writeText "tiny" config.secrets.tinyMailHash; }; }; }; diff --git a/modules/system/services/server/mailserver/nginx/default.nix b/modules/system/services/server/mailserver/nginx/default.nix index 011b322..0bc1749 100644 --- a/modules/system/services/server/mailserver/nginx/default.nix +++ b/modules/system/services/server/mailserver/nginx/default.nix @@ -1,6 +1,6 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { - services.nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."mx.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/roundcube/default.nix b/modules/system/services/server/mailserver/roundcube/default.nix index df54711..5dfeab3 100644 --- a/modules/system/services/server/mailserver/roundcube/default.nix +++ b/modules/system/services/server/mailserver/roundcube/default.nix @@ -1,10 +1,10 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.roundcube = { enable = true; - hostName = "mail.${outputs.secrets.jimDomain}"; + hostName = "mail.${config.secrets.jimDomain}"; extraConfig = '' - $config['smtp_server'] = "tls://mx.${outputs.secrets.jimDomain}"; + $config['smtp_server'] = "tls://mx.${config.secrets.jimDomain}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; diff --git a/modules/system/services/server/minecraft/default.nix b/modules/system/services/server/minecraft/default.nix index 8f14c82..fb7912d 100644 --- a/modules/system/services/server/minecraft/default.nix +++ b/modules/system/services/server/minecraft/default.nix @@ -1,7 +1,7 @@ -{ inputs, ... }: +{ minecraft, ... }: { imports = [ - inputs.minecraft.nixosModules.minecraft-servers + minecraft.nixosModules.minecraft-servers ./servers/velocity ./servers/dewdemolisher ./servers/johnside @@ -10,6 +10,8 @@ ./servers/uberbeta ]; + nixpkgs.overlays = [ minecraft.overlay ]; + services.minecraft-servers = { enable = true; eula = true; diff --git a/modules/system/services/server/minecraft/servers/blockworld/default.nix b/modules/system/services/server/minecraft/servers/blockworld/default.nix index 47f7205..0aa8182 100644 --- a/modules/system/services/server/minecraft/servers/blockworld/default.nix +++ b/modules/system/services/server/minecraft/servers/blockworld/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; in { services.minecraft-servers.servers.blockworld = { enable = true; diff --git a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix index 1656361..c1b59e0 100644 --- a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix +++ b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; in { services.minecraft-servers.servers.dewdemolisher = { enable = true; diff --git a/modules/system/services/server/minecraft/servers/johnside/default.nix b/modules/system/services/server/minecraft/servers/johnside/default.nix index adea9cc..ea56fd6 100644 --- a/modules/system/services/server/minecraft/servers/johnside/default.nix +++ b/modules/system/services/server/minecraft/servers/johnside/default.nix @@ -1,6 +1,6 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; in { services = { minecraft-servers.servers.johnside = { @@ -43,7 +43,7 @@ in { }; # BlueMap webhost - nginx.virtualHosts."john.${outputs.secrets.jimDomain}" = { + nginx.virtualHosts."john.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/minecraft/servers/roguecraft/default.nix b/modules/system/services/server/minecraft/servers/roguecraft/default.nix index 68a17ee..e41da00 100644 --- a/modules/system/services/server/minecraft/servers/roguecraft/default.nix +++ b/modules/system/services/server/minecraft/servers/roguecraft/default.nix @@ -1,6 +1,6 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; in { services = { minecraft-servers.servers.roguecraft = { @@ -12,19 +12,19 @@ in { server-port = 30014; motd = "\\u00A7l\\u00A7bJimbo's \\u00A7cRoguecraft \\u00A7bserver."; require-resource-pack = true; - resource-pack = "https://${outputs.secrets.jimDomain}/roguecraftresourcepackredir"; + resource-pack = "https://${config.secrets.jimDomain}/roguecraftresourcepackredir"; resource-pack-sha1 = "b540c0562aba90c3ead2356bb9cb74fcf0db36b3"; }; whitelist = common.whitelist; symlinks = common.paperSymlinks; files = common.configFiles // { "world/datapacks/roguecraft.zip" = builtins.fetchurl { - url = "https://${outputs.secrets.jimDomain}/roguecraftdatapackredir"; + url = "https://${config.secrets.jimDomain}/roguecraftdatapackredir"; sha256 = "04zrkvzvi1i898al45fh9j3k635sf9qhwca7phbv4ynkfl8bz3q3"; }; }; }; - nginx.virtualHosts."${outputs.secrets.jimDomain}".locations = { + nginx.virtualHosts."${config.secrets.jimDomain}".locations = { "/roguecraftdatapackredir" = { return = "301 https://cdn.modrinth.com/data/HtKjVijx/versions/Rme4c23R/Roguecraft%201.2.6%20-%20Data%20Pack.zip"; }; diff --git a/modules/system/services/server/minecraft/servers/uberbeta/default.nix b/modules/system/services/server/minecraft/servers/uberbeta/default.nix index b04b21d..3bbcbaf 100644 --- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix +++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; uberBukkitZip = pkgs.fetchzip { url = "https://github.com/Moresteck/Project-Poseidon-Uberbukkit/releases/download/2.0.0/uberbukkit-2.0.0-java17.zip"; sha256 = "m4hgcqXJ43SnBGn6qNBGeEcXFv5Q8f/VFYJmx3aJ9PE="; diff --git a/modules/system/services/server/minecraft/servers/velocity/default.nix b/modules/system/services/server/minecraft/servers/velocity/default.nix index 651d5a5..27fe34a 100644 --- a/modules/system/services/server/minecraft/servers/velocity/default.nix +++ b/modules/system/services/server/minecraft/servers/velocity/default.nix @@ -1,6 +1,6 @@ { pkgs, ... }: let - common = import ../common.nix { inherit pkgs; }; + common = import ../../common { inherit pkgs; }; in { services.minecraft-servers.servers.velocity = { enable = true; diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/nginx/default.nix index c7df941..9238232 100644 --- a/modules/system/services/server/nginx/default.nix +++ b/modules/system/services/server/nginx/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.nginx = { enable = true; @@ -11,7 +11,7 @@ recommendedProxySettings = true; virtualHosts = { # Landing page - "${outputs.secrets.jimDomain}" = { + "${config.secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "/var/www/Jimbo-Landing-Page"; @@ -22,13 +22,13 @@ return 200 ' { "m.homeserver": { - "base_url": "https://matrix.${outputs.secrets.jimDomain}" + "base_url": "https://matrix.${config.secrets.jimDomain}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { - "url": "https://matrix.${outputs.secrets.jimDomain}" + "url": "https://matrix.${config.secrets.jimDomain}" } }'; ''; @@ -36,7 +36,7 @@ "/.well-known/matrix/server" = { extraConfig = '' default_type application/json; - return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}'; + return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}'; ''; }; }; diff --git a/modules/system/services/server/social/lemmy/default.nix b/modules/system/services/server/social/lemmy/default.nix index abdc624..3de0d9a 100644 --- a/modules/system/services/server/social/lemmy/default.nix +++ b/modules/system/services/server/social/lemmy/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { imports = [ ./nginx @@ -9,12 +9,12 @@ nginx.enable = true; database.createLocally = true; settings = { - hostname = "lemmy.${outputs.secrets.jimDomain}"; + hostname = "lemmy.${config.secrets.jimDomain}"; email = { - smtp_server = "mx.${outputs.secrets.jimDomain}:587"; - smtp_login = "noreply@${outputs.secrets.jimDomain}"; - smtp_from_address = "Jimbo's Lemmy "; - smtp_password = outputs.secrets.noreplyPassword; + smtp_server = "mx.${config.secrets.jimDomain}:587"; + smtp_login = "noreply@${config.secrets.jimDomain}"; + smtp_from_address = "Jimbo's Lemmy "; + smtp_password = config.secrets.noreplyPassword; tls_type = "starttls"; }; }; diff --git a/modules/system/services/server/social/lemmy/nginx/default.nix b/modules/system/services/server/social/lemmy/nginx/default.nix index af9b4fc..95aaa98 100644 --- a/modules/system/services/server/social/lemmy/nginx/default.nix +++ b/modules/system/services/server/social/lemmy/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."lemmy.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; }; diff --git a/modules/system/services/server/social/mastodon/default.nix b/modules/system/services/server/social/mastodon/default.nix index a0dfede..e9205f2 100644 --- a/modules/system/services/server/social/mastodon/default.nix +++ b/modules/system/services/server/social/mastodon/default.nix @@ -1,18 +1,18 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.mastodon = { enable = true; - localDomain = "social.${outputs.secrets.jimDomain}"; + localDomain = "social.${config.secrets.jimDomain}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.${outputs.secrets.jimDomain}"; + host = "mx.${config.secrets.jimDomain}"; port = 587; authenticate = true; - fromAddress = "Jimbo's Mastodon "; - user = "noreply@${outputs.secrets.jimDomain}"; - passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword; + fromAddress = "Jimbo's Mastodon "; + user = "noreply@${config.secrets.jimDomain}"; + passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword; }; }; } diff --git a/modules/system/services/server/social/matrix/element/default.nix b/modules/system/services/server/social/matrix/element/default.nix index ddfefd5..908a09c 100644 --- a/modules/system/services/server/social/matrix/element/default.nix +++ b/modules/system/services/server/social/matrix/element/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { imports = [ ./nginx @@ -7,16 +7,16 @@ nixpkgs.config.element-web.conf = { default_server_config = { "m.homeserver" = { - base_url = "https://matrix.${outputs.secrets.jimDomain}"; - server_name = "matrix.${outputs.secrets.jimDomain}"; + base_url = "https://matrix.${config.secrets.jimDomain}"; + server_name = "matrix.${config.secrets.jimDomain}"; }; }; branding = { - #welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; - #auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png"; + #welcome_background_url = "https://staging.${config.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg"; + #auth_header_logo_url = "https://staging.${config.secrets.jimDomain}/images/logos/bloxelcom.png"; }; embedded_pages = { - home_url = "https://www.${outputs.secrets.jimDomain}/"; + home_url = "https://www.${config.secrets.jimDomain}/"; }; disable_custom_urls = true; disable_guests = true; diff --git a/modules/system/services/server/social/matrix/element/nginx/default.nix b/modules/system/services/server/social/matrix/element/nginx/default.nix index 3513952..693f716 100644 --- a/modules/system/services/server/social/matrix/element/nginx/default.nix +++ b/modules/system/services/server/social/matrix/element/nginx/default.nix @@ -1,6 +1,6 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { - services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."chat.${config.secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; diff --git a/modules/system/services/server/social/matrix/synapse/coturn/default.nix b/modules/system/services/server/social/matrix/synapse/coturn/default.nix index f4fbb61..a3e0a33 100644 --- a/modules/system/services/server/social/matrix/synapse/coturn/default.nix +++ b/modules/system/services/server/social/matrix/synapse/coturn/default.nix @@ -1,5 +1,9 @@ -{ outputs, config, ... }: +{ config, ... }: { + imports = [ + ./nginx + ]; + services = { coturn = { enable = true; @@ -9,16 +13,16 @@ max-port = 50000; use-auth-secret = true; static-auth-secret = "will be world readable for local users :("; - realm = "turn.${outputs.secrets.jimDomain}"; - cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem"; - pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem"; + realm = "turn.${config.secrets.jimDomain}"; + cert = "/var/lib/acme/turn.${config.secrets.jimDomain}.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.${config.secrets.jimDomain}.com/key.pem"; }; # Enable coturn on Synapse matrix-synapse.settings = { turn_uris = [ - "turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp" - "turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp" + "turn:turn.${config.secrets.jimDomain}:3478?transport=udp" + "turn:turn.${config.secrets.jimDomain}:3478?transport=tcp" ]; turn_shared_secret = config.services.coturn.static-auth-secret; turn_user_lifetime = "1h"; diff --git a/modules/system/services/server/social/matrix/synapse/coturn/nginx/default.nix b/modules/system/services/server/social/matrix/synapse/coturn/nginx/default.nix index 1de57f9..2403f63 100644 --- a/modules/system/services/server/social/matrix/synapse/coturn/nginx/default.nix +++ b/modules/system/services/server/social/matrix/synapse/coturn/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, config, ... }: +{ config, ... }: { - services.nginx.virtualHosts."turn.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."turn.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; listen = [{ diff --git a/modules/system/services/server/social/matrix/synapse/default.nix b/modules/system/services/server/social/matrix/synapse/default.nix index b6251bb..8c2588e 100644 --- a/modules/system/services/server/social/matrix/synapse/default.nix +++ b/modules/system/services/server/social/matrix/synapse/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { imports = [ ./coturn @@ -9,8 +9,8 @@ services.matrix-synapse = { enable = true; settings = { - server_name = "${outputs.secrets.jimDomain}"; - public_baseurl = "https://matrix.${outputs.secrets.jimDomain}"; + server_name = "${config.secrets.jimDomain}"; + public_baseurl = "https://matrix.${config.secrets.jimDomain}"; suppress_key_server_warning = true; listeners = [{ @@ -23,10 +23,10 @@ }]; email = { - notif_from = "Jimbo's Matrix "; - smtp_host = "mx.${outputs.secrets.jimDomain}"; - smtp_user = "noreply@${outputs.secrets.jimDomain}"; - smtp_pass = outputs.secrets.noreplyPassword; + notif_from = "Jimbo's Matrix "; + smtp_host = "mx.${config.secrets.jimDomain}"; + smtp_user = "noreply@${config.secrets.jimDomain}"; + smtp_pass = config.secrets.noreplyPassword; enable_tls = true; smtp_port = 587; require_transport_security = true; diff --git a/modules/system/services/server/social/matrix/synapse/nginx/default.nix b/modules/system/services/server/social/matrix/synapse/nginx/default.nix index e02f2e8..80a784a 100644 --- a/modules/system/services/server/social/matrix/synapse/nginx/default.nix +++ b/modules/system/services/server/social/matrix/synapse/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."matrix.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."matrix.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations = { diff --git a/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix b/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix index 81d161f..31a82c8 100644 --- a/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix +++ b/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix @@ -1,13 +1,13 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.matrix-sliding-sync = { enable = true; settings = { - SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}"; + SYNCV3_SERVER = "https://matrix.${config.secrets.jimDomain}"; SYNCV3_BINDADDR = "0.0.0.0:8009"; }; - environmentFile = pkgs.writeText "matrixsecret" '' - SYNCV3_SECRET=${outputs.secrets.matrixSecret} - ''; + environmentFile = "${pkgs.writeText "matrixsecret" '' + SYNCV3_SECRET=${config.secrets.matrixSecret} + ''}"; }; } diff --git a/modules/system/services/server/social/owncast/default.nix b/modules/system/services/server/social/owncast/default.nix index c4d2917..495e833 100644 --- a/modules/system/services/server/social/owncast/default.nix +++ b/modules/system/services/server/social/owncast/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ ... }: { imports = [ ./nginx diff --git a/modules/system/services/server/social/owncast/nginx/default.nix b/modules/system/services/server/social/owncast/nginx/default.nix index c13d460..97eebc0 100644 --- a/modules/system/services/server/social/owncast/nginx/default.nix +++ b/modules/system/services/server/social/owncast/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."live.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."live.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/social/pixelfed/default.nix b/modules/system/services/server/social/pixelfed/default.nix index e7d1555..39925e2 100644 --- a/modules/system/services/server/social/pixelfed/default.nix +++ b/modules/system/services/server/social/pixelfed/default.nix @@ -1,13 +1,13 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { services.pixelfed = { enable = true; - domain = "pics.${outputs.secrets.jimDomain}"; - secretFile = pkgs.writeText "appkey" outputs.secrets.pixelfedKey; + domain = "pics.${config.secrets.jimDomain}"; + secretFile = pkgs.writeText "appkey" config.secrets.pixelfedKey; settings = { APP_NAME = ''"Jimbo's Pixelfed"''; INSTANCE_DESCRIPTION = ''"The Jimbosfiles Pixelfed Instance"''; - INSTANCE_CONTACT_EMAIL = "jimbo@${outputs.secrets.jimDomain}"; + INSTANCE_CONTACT_EMAIL = "jimbo@${config.secrets.jimDomain}"; OPEN_REGISTRATION = true; APP_LOCALE = "en"; INSTANCE_DISCOVER_PUBLIC = false; @@ -15,14 +15,14 @@ # Mail config ENFORCE_EMAIL_VERIFICATION = true; - MAIL_FROM_ADDRESS = "noreply@${outputs.secrets.jimDomain}"; - MAIL_FROM_NAME = ''"Jimbo's Pixelfed "''; + MAIL_FROM_ADDRESS = "noreply@${config.secrets.jimDomain}"; + MAIL_FROM_NAME = ''"Jimbo's Pixelfed "''; MAIL_ENCRYPTION = "tls"; MAIL_DRIVER = "smtp"; - MAIL_HOST = "mx.${outputs.secrets.jimDomain}"; + MAIL_HOST = "mx.${config.secrets.jimDomain}"; MAIL_PORT = 587; - MAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}"; - MAIL_PASSWORD = "${outputs.secrets.noreplyPassword}"; + MAIL_USERNAME = "noreply@${config.secrets.jimDomain}"; + MAIL_PASSWORD = "${config.secrets.noreplyPassword}"; }; nginx = { enableACME = true; diff --git a/modules/system/services/server/transmission/default.nix b/modules/system/services/server/transmission/default.nix index 341a3d1..b8d7b05 100644 --- a/modules/system/services/server/transmission/default.nix +++ b/modules/system/services/server/transmission/default.nix @@ -1,4 +1,4 @@ -{ pkgs, outputs, ... }: +{ pkgs, config, ... }: { imports = [ ./nginx @@ -6,7 +6,7 @@ services.transmission = { enable = true; - credentialsFile = pkgs.writeText "credentials" outputs.secrets.transmissionCredFile; + credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; openPeerPorts = true; settings = { rpc-authentication-required = true; diff --git a/modules/system/services/server/transmission/nginx/default.nix b/modules/system/services/server/transmission/nginx/default.nix index 3a0e7bc..8b2103b 100644 --- a/modules/system/services/server/transmission/nginx/default.nix +++ b/modules/system/services/server/transmission/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."torrent.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."torrent.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index 2b27997..1bd8625 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -1,4 +1,4 @@ -{ outputs, ... }: +{ config, ... }: { imports = [ ./nginx @@ -7,18 +7,18 @@ services.vaultwarden = { enable = true; config = { - DOMAIN = "https://warden.${outputs.secrets.jimDomain}"; + DOMAIN = "https://warden.${config.secrets.jimDomain}"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; ROCKET_LOG = "critical"; # Smtp email - SMTP_HOST = "mx.${outputs.secrets.jimDomain}"; - SMTP_FROM = "Jimbo's Vaultwarden "; + SMTP_HOST = "mx.${config.secrets.jimDomain}"; + SMTP_FROM = "Jimbo's Vaultwarden "; SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}"; - SMTP_PASSWORD = outputs.secrets.noreplyPassword; + SMTP_USERNAME = "noreply@${config.secrets.jimDomain}"; + SMTP_PASSWORD = config.secrets.noreplyPassword; SMTP_SECURITY = "starttls"; SMTP_PORT = 587; SMTP_TIMEOUT = 15; diff --git a/modules/system/services/server/vaultwarden/nginx/default.nix b/modules/system/services/server/vaultwarden/nginx/default.nix index 82a7902..7f4f33c 100644 --- a/modules/system/services/server/vaultwarden/nginx/default.nix +++ b/modules/system/services/server/vaultwarden/nginx/default.nix @@ -1,6 +1,6 @@ -{ outputs, ... }: +{ config, ... }: { - services.nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" = { + services.nginx.virtualHosts."warden.${config.secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = {