Change a lot, mostly adding 3 Minecraft servers and Velocity

.gitattributes

@@ -1 +1 @@
-nixos/modules/secrets.nix filter=git-crypt diff=git-crypt
+secrets.nix filter=git-crypt diff=git-crypt

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "nixos/server/webpages/Jimbo-Landing-Page"]
-	path = nixos/server/webpages/Jimbo-Landing-Page
-	url = ssh://gitea@git.jimbosfiles.com:2299/Jimbo/Jimbo-Landing-Page.git

flake.nix

@@ -9,7 +9,7 @@
     mail.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
     nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
     blender-bin.url = "https://flakehub.com/f/edolstra/blender-bin/1.0.8.tar.gz";
-    nix-minecraft.url = "github:Infinidoge/nix-minecraft";
+    nix-minecraft.url = "github:JimmJam/nix-minecraft";
 
     # NixOS utils
     hardware.url = "github:nixos/nixos-hardware/master";
@@ -47,6 +47,9 @@
     # Your custom packages and modifications, exported as overlays
     overlays = import ./overlays {inherit inputs;};
 
+    # Secrets defined so they can be accessed globally
+    secrets = import ./secrets.nix;
+
     # NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname'
     nixosConfigurations = {
       JimDesktop = nixpkgs.lib.nixosSystem {

home-manager/jimbo_server.nix

@@ -13,7 +13,7 @@
     in {
       sysdate = "${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimServer";
       homedate = "home-manager switch --flake /etc/nixos/.#jimbo@JimServer";
-      nixdate = "sysdate; homedate; notify-send 'NixOS switch done.'";
+      nixdate = "sysdate; homedate";
     };
   };
 }

nixos/base.nix

@@ -1,18 +1,10 @@
 # This is your system's configuration file.
 # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
-{
-  inputs,
-  outputs,
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
+{inputs, outputs, lib, config, pkgs, ...}: {
   # You can import other NixOS modules here
   imports = [
     ./modules/networking.nix
     ./modules/gpg.nix
-    inputs.nix-minecraft.nixosModules.minecraft-servers
   ];
 
   nixpkgs = {
@@ -63,9 +55,7 @@
   };
 
   # Set timezone
-  time.timeZone = let
-    secrets = import ./modules/secrets.nix;
-  in secrets.timeZone;
+  time.timeZone = outputs.secrets.timeZone;
 
   # Select a terminal font
   console = {

nixos/groups/nfs-share.nix

@@ -1,6 +0,0 @@
-{
-  # Define group for NFS access
-  users.groups = {
-    nfsShare = {};
-  };
-}

nixos/server.nix

@@ -32,6 +32,7 @@
     ./server/nginx.nix
     ./server/owncast.nix
     ./server/pufferpanel.nix
+    ./server/minecraft
     ./server/tandoor.nix
     ./server/vaultwarden.nix
     ./server/misc.nix

nixos/server/acme.nix

@@ -1,11 +1,9 @@
-{
-  security.acme = let
-    secrets = import ../modules/secrets.nix;
-  in { 
+{outputs, ...}: {
+  security.acme = { 
     acceptTerms = true;
-    defaults.email = secrets.jimEmail;
+    defaults.email = outputs.secrets.jimEmail;
     certs = {       
-      "turn.${secrets.jimDomain}" = {
+      "turn.${outputs.secrets.jimDomain}" = {
         group = "turnserver";
         postRun = "systemctl restart coturn.service";
       };

nixos/server/ddclient.nix

@@ -1,24 +1,22 @@
-{pkgs, ...}: {
+{pkgs, outputs, ...}: {
   # DDClient for Dynamic IPs
-  services.ddclient = let
-    secrets = import ../modules/secrets.nix;
-  in {
+  services.ddclient = {
     enable = true;
     protocol = "cloudflare";
     use = "web, web=https://ipinfo.io/ip";
-    zone = "${secrets.jimDomain}";
+    zone = "${outputs.secrets.jimDomain}";
     username = "token";
-    passwordFile = "${pkgs.writeText "cloudflareapikey" secrets.flareApiKey}";
+    passwordFile = "${pkgs.writeText "cloudflareapikey" outputs.secrets.flareApiKey}";
     domains = [
-      "${secrets.jimDomain}"
-      "*.${secrets.jimDomain}"
-      "beta.${secrets.jimDomain}"
-      "git.${secrets.jimDomain}"
-      "john.${secrets.jimDomain}"
-      "mc.${secrets.jimDomain}"
-      "mx.${secrets.jimDomain}"
-      "panel.${secrets.jimDomain}"
-      "rtmp.${secrets.jimDomain}"
+      "${outputs.secrets.jimDomain}"
+      "*.${outputs.secrets.jimDomain}"
+      "beta.${outputs.secrets.jimDomain}"
+      "git.${outputs.secrets.jimDomain}"
+      "john.${outputs.secrets.jimDomain}"
+      "mc.${outputs.secrets.jimDomain}"
+      "mx.${outputs.secrets.jimDomain}"
+      "panel.${outputs.secrets.jimDomain}"
+      "rtmp.${outputs.secrets.jimDomain}"
     ];
   };
 }

nixos/server/docker.nix

@@ -1,13 +1,11 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   virtualisation.docker = {
     enable = true;
     daemon.settings.log-driver = "json-file";
   };
 
   # Azuracast Nginx: TODO, get a better solution than docker lmao
-  services.nginx.virtualHosts."radio.${secrets.jimDomain}" =  {
+  services.nginx.virtualHosts."radio.${outputs.secrets.jimDomain}" =  {
     enableACME = true;
     forceSSL = true;
     locations."/" = {

nixos/server/element.nix

@@ -1,20 +1,18 @@
-{pkgs, ...}: let
-  secrets = import ../modules/secrets.nix;
-in {
+{pkgs, outputs, ...}: {
   # Configure the Element web server
   nixpkgs.config.element-web.conf = {
     default_server_config = {
       "m.homeserver" = {
-        base_url = "https://matrix.${secrets.jimDomain}";
-        server_name = "matrix.${secrets.jimDomain}";
+        base_url = "https://matrix.${outputs.secrets.jimDomain}";
+        server_name = "matrix.${outputs.secrets.jimDomain}";
       };
     };
     branding = {
-      #welcome_background_url = "https://staging.${secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
-      #auth_header_logo_url = "https://staging.${secrets.jimDomain}/images/logos/bloxelcom.png";
+      #welcome_background_url = "https://staging.${outputs.secrets.jimDomain}/images/backgrounds/bloxelcom-sunset.jpg";
+      #auth_header_logo_url = "https://staging.${outputs.secrets.jimDomain}/images/logos/bloxelcom.png";
     };
     embedded_pages = {
-      home_url = "https://www.${secrets.jimDomain}/";
+      home_url = "https://www.${outputs.secrets.jimDomain}/";
     };
     disable_custom_urls = true;
     disable_guests = true;
@@ -22,7 +20,7 @@ in {
   };
 
   # Serve the Element page over Nginx
-  services.nginx.virtualHosts."chat.${secrets.jimDomain}" = {
+  services.nginx.virtualHosts."chat.${outputs.secrets.jimDomain}" = {
     enableACME = true;
     addSSL = true;
     root = "${pkgs.element-web}";

nixos/server/firewall.nix

@@ -1,11 +1,10 @@
-{
+{outputs, ...}: {
   # Allow forwarding
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 
   # Configure firewall
   networking = let
     ips = import ../modules/ips.nix;
-    secrets = import ../modules/secrets.nix;
   in {
     firewall = {
       allowPing = false;
@@ -30,7 +29,7 @@
       extraInputRules = ''
         ip saddr ${ips.localSpan}.0/24 tcp dport 2049 accept comment "Accept NFS"
         ip saddr ${ips.localSpan}.0/24 udp dport 53 accept comment "Accept DNS"
-        ip saddr { ${ips.pc}, ${secrets.lunaIP}, ${secrets.cornIP}, ${secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
+        ip saddr { ${ips.pc}, ${outputs.secrets.lunaIP}, ${outputs.secrets.cornIP}, ${outputs.secrets.vertIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
       '';
     };
   
@@ -52,8 +51,8 @@
               tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM"
               udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM"
             
-              ip saddr ${secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
-              ip saddr ${secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
+              ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
+              ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
             }
             chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;

nixos/server/gitea.nix

@@ -1,29 +1,27 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   services = {
     gitea = {
       enable = true;
       settings = {
         server = {
-          DOMAIN = "git.${secrets.jimDomain}";
-          ROOT_URL = "https://git.${secrets.jimDomain}:443";
+          DOMAIN = "git.${outputs.secrets.jimDomain}";
+          ROOT_URL = "https://git.${outputs.secrets.jimDomain}:443";
           HTTP_PORT = 3110;
           SSH_PORT = 2299;
           START_SSH_SERVER = true;
         };
         mailer = {
           ENABLED = true;
-          SMTP_ADDR = "mx.${secrets.jimDomain}";
-          FROM = "Jimbo's Git <noreply@${secrets.jimDomain}>";
-          USER = "noreply@${secrets.jimDomain}";
-          PASSWD = secrets.noreplyPassword;
+          SMTP_ADDR = "mx.${outputs.secrets.jimDomain}";
+          FROM = "Jimbo's Git <noreply@${outputs.secrets.jimDomain}>";
+          USER = "noreply@${outputs.secrets.jimDomain}";
+          PASSWD = outputs.secrets.noreplyPassword;
           PROTOCOL = "smtps";
         };
         service.REGISTER_EMAIL_CONFIRM = true;
       };
     };
-    nginx.virtualHosts."git.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."git.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/icecast.nix

@@ -1,18 +1,16 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   # Icecast, replacing Azuracast maybe
   services = {
     icecast = {
       enable = true;
       listen.port = 265;
-      hostname = "icecast.${secrets.jimDomain}";
+      hostname = "icecast.${outputs.secrets.jimDomain}";
       admin = {
         user = "jimbo";
-	password = "${secrets.castPass}";
+	password = "${outputs.secrets.castPass}";
       };
     };
-    nginx.virtualHosts."icecast.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/lemmy.nix

@@ -1,25 +1,23 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   services = {
     lemmy = {
       enable = true;
       nginx.enable = true;
       database.createLocally = true;
       settings = {
-        hostname = "lemmy.${secrets.jimDomain}";
+        hostname = "lemmy.${outputs.secrets.jimDomain}";
         email = {
-          smtp_server = "mx.${secrets.jimDomain}:587";
-          smtp_login = "noreply@${secrets.jimDomain}";
-          smtp_from_address = "Jimbo's Lemmy <noreply@${secrets.jimDomain}>";
-          smtp_password = secrets.noreplyPassword;
+          smtp_server = "mx.${outputs.secrets.jimDomain}:587";
+          smtp_login = "noreply@${outputs.secrets.jimDomain}";
+          smtp_from_address = "Jimbo's Lemmy <noreply@${outputs.secrets.jimDomain}>";
+          smtp_password = outputs.secrets.noreplyPassword;
           tls_type = "starttls";
         };
       };
     };
 
     # Add SSL to webpage
-    nginx.virtualHosts."lemmy.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."lemmy.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
     };

nixos/server/mailserver.nix

@@ -1,36 +1,34 @@
-{pkgs, ...}: let
-  secrets = import ../modules/secrets.nix;
-in rec {
+{pkgs, outputs, ...}: rec {
   # Mail server
   mailserver = rec {
     enable = true;
     enableManageSieve = true;
-    domains = [ "${secrets.jimDomain}" ];
-    fqdn = "mx.${secrets.jimDomain}";
+    domains = [ "${outputs.secrets.jimDomain}" ];
+    fqdn = "mx.${outputs.secrets.jimDomain}";
     certificateScheme = "acme-nginx";
     localDnsResolver = false;
     redis.port = 1515;
         
     # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
     loginAccounts = {
-      "noreply@${secrets.jimDomain}" = {
-        hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash;
+      "noreply@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "noreply" outputs.secrets.noreplyMailHash;
         sendOnly = true;
       };    
-      "jimbo@${secrets.jimDomain}" = {
-        hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash;
-        aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
+      "jimbo@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "jimbo" outputs.secrets.jimboMailHash;
+        aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
       };
-      "lunamoonlight@${secrets.jimDomain}" = {
-        hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash;
-        aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
+      "lunamoonlight@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "luna" outputs.secrets.lunaMailHash;
+        aliases = [ "us@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
       };
-      "freecorn1854@${secrets.jimDomain}" = {
-        hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash;
-        aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ];
+      "freecorn1854@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "freecorn" outputs.secrets.freecornMailHash;
+        aliases = [ "canada@${outputs.secrets.jimDomain}" "contact@${outputs.secrets.jimDomain}" ];
       };
-      "tinyattack09@${secrets.jimDomain}" = {
-        hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash;
+      "tinyattack09@${outputs.secrets.jimDomain}" = {
+        hashedPasswordFile = pkgs.writeText "tiny" outputs.secrets.tinyMailHash;
       };
     };
   };
@@ -40,7 +38,7 @@ in rec {
     # Roundcube mail server
     roundcube = {
      enable = true;
-     hostName = "mail.${secrets.jimDomain}";
+     hostName = "mail.${outputs.secrets.jimDomain}";
      extraConfig = ''
        $config['smtp_server'] = "tls://${mailserver.fqdn}";
        $config['smtp_user'] = "%u";
@@ -52,7 +50,7 @@ in rec {
     redis.servers.rspamd.port = 1515;
 
     # The hostname mail ports use
-    nginx.virtualHosts."mx.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."mx.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/mastodon.nix

@@ -1,19 +1,17 @@
-{pkgs, ...}: {
-  services.mastodon = let 
-    secrets = import ../modules/secrets.nix;
-  in {
+{pkgs, outputs, ...}: {
+  services.mastodon = {
     enable = true;
-    localDomain = "social.${secrets.jimDomain}";
+    localDomain = "social.${outputs.secrets.jimDomain}";
     streamingProcesses = 4;
     configureNginx = true;
     smtp = {
       createLocally = false;
-      host = "mx.${secrets.jimDomain}";
+      host = "mx.${outputs.secrets.jimDomain}";
       port = 587;
       authenticate = true;
-      fromAddress = "Jimbo's Mastodon <noreply@${secrets.jimDomain}>";
-      user = "noreply@${secrets.jimDomain}";
-      passwordFile = pkgs.writeText "smtp_pass.txt" secrets.noreplyPassword;
+      fromAddress = "Jimbo's Mastodon <noreply@${outputs.secrets.jimDomain}>";
+      user = "noreply@${outputs.secrets.jimDomain}";
+      passwordFile = pkgs.writeText "smtp_pass.txt" outputs.secrets.noreplyPassword;
     };
   };
 }

nixos/server/matrix-discord.nix

@@ -1,17 +1,15 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
     services.matrix-appservice-discord = {
     enable = true;
     settings = {
       auth = {
-        clientID = "${secrets.discordBotID}";
-	botToken = "${secrets.discordBotToken}";
+        clientID = "${outputs.secrets.discordBotID}";
+	botToken = "${outputs.secrets.discordBotToken}";
 	usePrivilegedIntents = true;
       };
       bridge = {
-        domain = "${secrets.jimDomain}";
-        homeserverUrl = "https://matrix.${secrets.jimDomain}";
+        domain = "${outputs.secrets.jimDomain}";
+        homeserverUrl = "https://matrix.${outputs.secrets.jimDomain}";
       };
     };
   };

nixos/server/minecraft/common.nix

@@ -0,0 +1,66 @@
+{pkgs, ...}: {
+  # Common properties
+  serverProperties = {
+    enforce-secure-profile = false;
+    max-players = 20;
+    online-mode = false;
+    spawn-protection = 0;
+    view-distance = 10;
+    simulation-distance = 10;
+    white-list = true;
+  };
+
+  # Common whitelist
+  whitelist = {
+    K5G = "8656dc10-6050-4a17-b29e-88c4babbc54c";
+    K5U = "f583f591-ad9b-4a30-8d91-514881b31394";
+    JimmJam = "2f7affee-e10b-450f-a5e2-44c79a14a109";
+    DewDemolisher = "9205524f-3886-483d-b471-82bb9905671a";
+    Freecorn1854 = "8299cd8d-3cd4-4779-8180-0d9db6dc12a9";
+    Tinyattack09 = "aaa8e9e2-4e51-4925-b9df-8a9504aec5d5";
+    Ankha3000 = "dd65a277-f618-411e-812c-900c9c7e82d9";
+    catoiico = "01f10cdf-c146-437e-99b1-2278b5dbe420";
+    Sp0ok7 = "016c3daa-3dd5-4631-ae79-3a6f48d7cbe6";
+    PooxterMooxter = "c973f4b5-ab50-45e3-b3eb-36286a6f66aa";
+  };
+
+  # Common plugins
+  symlinks = {
+    "plugins/Backuper.jar" = builtins.fetchurl {
+      url = "https://cdn.modrinth.com/data/7cMAqMND/versions/nkcNIvUw/Backuper-3.0.1.jar";
+      sha256 = "081hvs7khd9s8598i59ai8n0idp85rgc89m9hpfajwym9rmy7il4";
+    };
+    "plugins/BungeeGuard.jar" = builtins.fetchurl {
+      url = "https://github.com/lucko/BungeeGuard/releases/download/v1.3.3/BungeeGuard.jar";
+      sha256 = "0cackavwk7kl71hn1i78hcvkdp7q81srq35nranpvysbmm8v34vk";
+    };
+    "plugins/EssentialsX.jar" = builtins.fetchurl {
+      url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsX-2.21.0-dev+111-b54c8c1.jar";
+      sha256 = "0kcsgz5kcfbjc3nbdlgp549y497m4v90dnjqkv30sd1bfyzs9i5z";
+    };
+    "plugins/EssentialsXChat.jar" = builtins.fetchurl {
+      url = "https://ci.ender.zone/job/EssentialsX/lastSuccessfulBuild/artifact/jars/EssentialsXChat-2.21.0-dev+111-b54c8c1.jar";
+      sha256 = "0nraiclvnpl69gigs7h6vq55iksfd47clbzp7n3rsjmgvrbl1wil";
+    };
+    "plugins/LuckPerms.jar" = builtins.fetchurl {
+      url = "https://download.luckperms.net/1556/bukkit/loader/LuckPerms-Bukkit-5.4.141.jar";
+      sha256 = "02ad0dl34vdk6b1wyflqa6wq440xrh5w7yf3z3w1x1g089myddw4";
+    };
+    "plugins/ProtocolLib.jar" = builtins.fetchurl {
+      url = "https://ci.dmulloy2.net/job/ProtocolLib/lastSuccessfulBuild/artifact/build/libs/ProtocolLib.jar";
+      sha256 = "16krc7pyav4khnaxkyg27i5yxsgcdkildrn4nm5bhzh1f0ngqv2s";
+    };
+    "plugins/Vault.jar" = builtins.fetchurl {
+      url = "https://github.com/MilkBowl/Vault/releases/download/1.7.3/Vault.jar";
+      sha256 = "07fhfz7ycdlbmxsri11z02ywkby54g6wi9q0myxzap1syjbyvdd6";
+    };
+    "plugins/VoiceChat.jar" = builtins.fetchurl {
+      url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/nS19YToN/voicechat-bukkit-2.5.20.jar";
+      sha256 = "023wjx0zxf9rc2x9vsqg398wapz0nlwfs5g6c8pci3qx75i5s4jx";
+    };
+
+    # Config files
+    "plugins/Essentials/config.yml" = ./essentialsconfig.yml;
+    "plugins/voicechat/voicechat-server.properties" = ./vcserver.properties;
+  };
+}

nixos/server/minecraft/default.nix

@@ -0,0 +1,17 @@
+{inputs, ...}: {
+  imports = [
+    inputs.nix-minecraft.nixosModules.minecraft-servers
+    ./servers/velocity.nix
+    #./servers/viaproxy.nix
+    ./servers/dewdemolisher.nix
+    ./servers/johnside.nix
+    ./servers/blockworld.nix
+    #./servers/beta.nix
+  ];
+  nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
+
+  services.minecraft-servers = {
+    enable = true;
+    eula = true;
+  };
+}

nixos/server/minecraft/servers/blockworld.nix

@@ -0,0 +1,17 @@
+{pkgs, ...}: let
+  common = import ../common.nix { inherit pkgs; };
+in {
+  services.minecraft-servers.servers.blockworld = {
+    enable = true;
+    autoStart = false;
+    package = pkgs.paperServers.paper-1_21_1;
+    jvmOpts = "-Xmx4084M";
+    serverProperties = common.serverProperties // {
+      difficulty = 2;
+      server-port = 30012;
+      motd = "§fArchival §l§n§cBloxelcom §r§fMinecraft server.";
+    };
+    whitelist = common.whitelist;
+    symlinks = common.symlinks;
+  };
+}

nixos/server/minecraft/servers/dewdemolisher.nix

@@ -0,0 +1,16 @@
+{pkgs, ...}: let
+  common = import ../common.nix { inherit pkgs; };
+in {
+  services.minecraft-servers.servers.dewdemolisher = {
+    enable = true;
+    package = pkgs.paperServers.paper-1_21_1;
+    jvmOpts = "-Xmx4084M";
+    serverProperties = common.serverProperties // {
+      difficulty = 2;
+      server-port = 30010;
+      motd = "§l§aDew Demolisher is here.";
+    };
+    whitelist = common.whitelist;
+    symlinks = common.symlinks;
+  };
+}

nixos/server/minecraft/servers/johnside.nix

@@ -0,0 +1,41 @@
+{pkgs, ...}: let
+  common = import ../common.nix { inherit pkgs; };
+in {
+  services.minecraft-servers.servers.johnside = {
+    enable = true;
+    package = pkgs.paperServers.paper-1_20_6;
+    jvmOpts = "-Xmx4084M";
+    serverProperties = common.serverProperties // {
+      difficulty = 2;
+      server-port = 30009;
+      motd = "§l§aJohnside SMP§r §l§fworld for §4John lovers only.";
+    };
+    whitelist = common.whitelist;
+    symlinks = common.symlinks // {
+      "plugins/BlueMap.jar" = builtins.fetchurl {
+        url = "https://cdn.modrinth.com/data/swbUV1cr/versions/TL5ElRWX/BlueMap-5.3-spigot.jar";
+        sha256 = "08ls3wk0333vjg49kcmri884pcgm2xk9xdhwcxyffbh4ra0xrlbw";
+      };
+      "plugins/BlueMapOfflinePlayers.jar" = builtins.fetchurl {
+        url = "https://github.com/TechnicJelle/BlueMapOfflinePlayerMarkers/releases/download/v3.0/BlueMapOfflinePlayerMarkers-3.0.jar";
+        sha256 = "1f07w53q7yr4mvph7013d7ajxmp4lnsv6b1ab14y2x0bmqv39nwr";
+      };
+      "plugins/BlueMapMarkerManager.jar" = builtins.fetchurl {
+        url = "https://cdn.modrinth.com/data/a8UoyV2h/versions/E0XoPfJV/BMM-2.1.5.jar";
+        sha256 = "1vpnqglybysxnqyzkjnwbwg000dqkbk516apzvhmg39wlfaysl9d";
+      };
+      "plugins/CustomDiscs.jar" = builtins.fetchurl {
+        url = "https://github.com/Navoei/CustomDiscs/releases/download/v3.0/custom-discs-3.0.jar";
+        sha256 = "0xv0zrkdmjx0d7l34nqag8j004pm9zqivc12d3zy9pdrkv7pz87d";
+      };
+      "plugins/NotTooExpensive.jar" = builtins.fetchurl {
+        url = "https://github.com/Mrredstone5230/Not-Too-Expensive/releases/download/1.1/not-too-expensive-1.1.jar";
+        sha256 = "0da4v5l7iwry3wc21292lkmjprgmign4vdshzmhp7qc9hx26pj2d";
+      };
+      "plugins/SilkTouchHands.jar" = builtins.fetchurl {
+        url = "https://github.com/5U55/SilkTouchSpigot/releases/download/v1.1/SilkTouchv1.1.jar";
+        sha256 = "0mbp73xclr7f5m2lbdfz6is1j8vvyv1qwpl28sm089zrpm73qn6w";
+      };
+    };
+  };
+}

nixos/server/minecraft/servers/velocity.nix

@@ -0,0 +1,39 @@
+{pkgs, ...}: let
+  common = import ../common.nix { inherit pkgs; };
+in {
+  services.minecraft-servers.servers.velocity = {
+    enable = true;
+    package = pkgs.velocityServers.velocity;
+    jvmOpts = "-Xmx512M";
+    symlinks = {
+      "plugins/Geyser.jar" = builtins.fetchurl {
+        url = "https://download.geysermc.org/v2/projects/geyser/versions/2.4.2/builds/660/downloads/velocity";
+        sha256 = "09z938v6xrgbiba8rxgi7cdh3xxkv9fdampy15k6fmwddmj9y4a2";
+      };
+      "plugins/Floodgate.jar" = builtins.fetchurl {
+        url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/109/downloads/velocity";
+        sha256 = "1hxdf38qzpzdnyn2gn1152fyd54bi37i0ayc82dgcjf0qrcbmv0c";
+      };
+      "plugins/LuckPerms.jar" = builtins.fetchurl {
+        url = "https://download.luckperms.net/1556/velocity/LuckPerms-Velocity-5.4.141.jar";
+        sha256 = "0j5f7r3g8h4f8z8ppakwfk96hijp3slr0vxyj9v8x4h8w5rcl9d1";
+      };
+      "plugins/SkinsRestorer.jar" = builtins.fetchurl {
+        url = "https://github.com/SkinsRestorer/SkinsRestorer/releases/download/15.4.2/SkinsRestorer.jar";
+        sha256 = "14nl9mi958bfqwqz9182cxj7m6l15kalq3wjmjqzy50s52si35wf";
+      };
+      "plugins/ViaVersion.jar" = builtins.fetchurl {
+        url = "https://github.com/ViaVersion/ViaVersion/releases/download/5.0.3/ViaVersion-5.0.3.jar";
+        sha256 = "02gf91ysialgvbl0w8awa0dsi1yb33ac7clmz0wika1xigk9z10r";
+      };
+      "plugins/ViaBackwards.jar" = builtins.fetchurl {
+        url = "https://github.com/ViaVersion/ViaBackwards/releases/download/5.0.3/ViaBackwards-5.0.3.jar";
+        sha256 = "1wqk68pjrzl1zhajb9lxa1s6wzj85rb0c2riycv9yysr5bcxssqi";
+      };
+      "plugins/Voicechat.jar" = builtins.fetchurl {
+        url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/svvcJhgC/voicechat-velocity-2.5.20.jar";
+        sha256 = "0nw85x24qa9skbhfgbhsjl2r7d9xshr9f04nnq490zbgz7716lqq";
+      };
+    };
+  };
+}

nixos/server/minecraft/vcserver.properties

@@ -0,0 +1,45 @@
+# Simple Voice Chat server config v2.5.16
+
+# The port of the voice chat server
+# Setting this to "-1" sets the port to the Minecraft servers port (Not recommended)
+port=-1
+# The IP address to bind the voice chat server on
+# Leave empty to use 'server-ip' of server.properties
+# To bind to the wildcard address, use '*'
+bind_address=
+# The distance to where the voice can be heard
+max_voice_distance=48.0
+# The multiplier the voice distance will be reduced by when sneaking
+crouch_distance_multiplier=1.0
+# The multiplier the voice distance will be reduced by when whispering
+whisper_distance_multiplier=0.5
+# The opus codec
+codec=VOIP
+# The maximum size in bytes in a voice packet
+# Set this to a lower value if your voice packets don't arrive
+mtu_size=1024
+# The frequency in which keep alive packets are sent
+# Setting this to a higher value may result in timeouts
+keep_alive=1000
+# If group chats are allowed
+enable_groups=true
+# The host name that clients should use to connect to the voice chat
+# This may also include a port, e.g. 'example.com:24454'
+# Don't change this value if you don't know what you are doing
+voice_host=
+# If players are allowed to record the voice chat
+allow_recording=true
+# If spectators are allowed to talk to other players
+spectator_interaction=false
+# If spectators can talk to players they are spectating
+spectator_player_possession=false
+# If players without the mod should get kicked from the server
+force_voice_chat=false
+# The amount of milliseconds, the server should wait to check if the player has the mod installed
+# Only active when force_voice_chat is set to true
+login_timeout=10000
+# The range where the voice chat should broadcast audio to
+# A value <0 means 'max_voice_distance'
+broadcast_range=-1.0
+# If the voice chat server should reply to pings
+allow_pings=true

nixos/server/minecraft/velocity.toml

@@ -0,0 +1,133 @@
+# Config version. Do not change this
+config-version = "2.7"
+
+# What port should the proxy be bound to? By default, we'll bind to all addresses on port 25577.
+bind = "0.0.0.0:25565"
+
+# What should be the MOTD?
+motd = "<#09add3>A Velocity Server"
+
+# What should we display for the maximum number of players?
+show-max-players = 500
+
+# Should we authenticate players with Mojang? By default, this is on.
+online-mode = true
+
+# Should the proxy enforce the new public key security standard? By default, this is on.
+force-key-authentication = true
+
+# If client's ISP/AS sent from this proxy is different from the one from Mojang's
+# authentication server, the player is kicked. This disallows some VPN and proxy
+# connections but is a weak form of protection.
+prevent-client-proxy-connections = false
+
+# Should we forward IP addresses and other data to backend servers?
+# - "none":        No forwarding will be done. All players will appear to be connecting from the proxy and will have offline-mode UUIDs.
+# - "legacy":      Forward player IPs and UUIDs in a BungeeCord-compatible format. Use if you run servers using Minecraft 1.12 or lower.
+# - "bungeeguard": Forward player IPs and UUIDs in a format supported by the BungeeGuard plugin. Use if you run servers using Minecraft 1.12 or lower, or if they don't support modern.
+# - "modern":      Forward player IPs and UUIDs as part of the login process using Velocity's native forwarding. Only applicable for Minecraft 1.13 or higher.
+player-info-forwarding-mode = "bungeeguard"
+
+# If you are using modern or BungeeGuard IP forwarding, configure a file that contains a unique secret here.
+# The file is expected to be UTF-8 encoded and not empty.
+forwarding-secret-file = "forwarding.secret"
+
+# Announce whether or not your server supports Forge. If you run a modded server, we
+# suggest turning this on.
+# 
+# If your network runs one modpack consistently, use ping-passthrough = "mods" instead for a nicer display in the server list.
+announce-forge = false
+
+# If enabled and the proxy is in online mode, Velocity will kick
+# any existing player who is online if a duplicate connection attempt is made.
+kick-existing-players = false
+
+# Should Velocity pass server list ping requests to a backend server?
+# - "disabled":    No pass-through will be done. The velocity.toml and server-icon.png will determine the initial server list ping response.
+# - "mods":        Passes only the mod list from your backend server into the response. The first server in your try list with a mod list will be used.
+# - "description": Uses the description and mod list from the backend server. The first server in the try list that responds is used for the description and mod list.
+# - "all":         Uses the backend server's response as the proxy response. Velocity configuration is used as fallback.
+ping-passthrough = "all"
+
+# If not enabled (default is true) player IP addresses will be replaced by <ip address withheld> in logs
+enable-player-address-logging = true
+
+[servers]
+dewdemolisher = "127.0.0.1:30010"
+johnside = "127.0.0.1:30009"
+bloxelcom = "127.0.0.1:30012"
+beta = "127.0.0.1:30011"
+
+# In what order we should try servers when a player logs in or is kicked from a server.
+try = [
+  "dewdemolisher"
+]
+
+[forced-hosts]
+# Configure your forced hosts here.
+"mc.jimbosfiles.com" = [
+  "dewdemolisher"
+]
+"john.jimbosfiles.com" = [
+  "johnside"
+]
+"blox.jimbosfiles.com" = [
+  "bloxelcom"
+]
+"beta.jimbosfiles.com" = [
+  "beta"
+]
+
+[advanced]
+# How large a Minecraft packet has to be before we compress it.
+compression-threshold = 256
+
+# How much compression should be done (from 0-9). The default is -1, which uses the default level of 6.
+compression-level = -1
+
+# How fast (in milliseconds) are clients allowed to connect after the last connection? By default, this is three seconds. Disable this by setting this to 0.
+login-ratelimit = 3000
+
+# Specify a custom timeout for connection timeouts here. The default is five seconds.
+connection-timeout = 5000
+
+# Specify a read timeout for connections here. The default is 30 seconds.
+read-timeout = 30000
+
+# Enables compatibility with HAProxy's PROXY protocol. If you don't know what this is for, then don't enable it.
+haproxy-protocol = false
+
+# Enables TCP fast open support on the proxy. Requires the proxy to run on Linux.
+tcp-fast-open = false
+
+# Enables BungeeCord plugin messaging channel support on Velocity.
+bungee-plugin-message-channel = true
+
+# Shows ping requests to the proxy from clients.
+show-ping-requests = false
+
+# By default, Velocity will attempt to gracefully handle situations where the user unexpectedly
+# loses connection to the server without an explicit disconnect message by attempting to fall the
+# user back, except in the case of read timeouts. BungeeCord will disconnect the user instead. You
+# can disable this setting to use the BungeeCord behavior.
+failover-on-unexpected-server-disconnect = true
+
+# Declares the proxy commands to 1.13+ clients.
+announce-proxy-commands = true
+
+# Enables the logging of commands
+log-command-executions = false
+
+# Enables logging of player connections when connecting to the proxy, switching servers
+# and disconnecting from the proxy.
+log-player-connections = true
+
+# Allows players transferred from other hosts via the
+# Transfer packet (Minecraft 1.20.5) to be received.
+accepts-transfers = false
+
+[query]
+enabled = false
+port = 25577
+map = "Velocity"
+show-plugins = false

nixos/server/nextcloud.nix

@@ -1,11 +1,9 @@
-{pkgs, ...}: let
-  secrets = import ../modules/secrets.nix;
-in {
+{pkgs, outputs, ...}: {
   services = {
     nextcloud = {
       enable = true;
       package = pkgs.nextcloud29;
-      hostName = "cloud.${secrets.jimDomain}";
+      hostName = "cloud.${outputs.secrets.jimDomain}";
       datadir = "/mnt/nextcloud";
       https = true;
       config = {
@@ -14,21 +12,21 @@ in {
       };
       settings = {
         trusted_proxies = [ "127.0.0.1" ];
-        trusted_domains = [ "cloud.${secrets.jimDomain}" ];
+        trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ];
         overwriteprotocol = "https";
 
         # Mailserver settings
-        mail_smtphost = "mx.${secrets.jimDomain}";
-        mail_domain = "${secrets.jimDomain}";
+        mail_smtphost = "mx.${outputs.secrets.jimDomain}";
+        mail_domain = "${outputs.secrets.jimDomain}";
         mail_from_address = "noreply";
         mail_smtpauth = "true";
-        mail_smtpname = "noreply@${secrets.jimDomain}";
-        mail_smtppassword = secrets.noreplyPassword;
+        mail_smtpname = "noreply@${outputs.secrets.jimDomain}";
+        mail_smtppassword = outputs.secrets.noreplyPassword;
         mail_smtpmode = "smtp";
         mail_smtpport = 587;
       };
     };
-    nginx.virtualHosts."cloud.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       addSSL = true;
       locations."/" = {

nixos/server/nginx.nix

@@ -1,7 +1,5 @@
-{pkgs, ...}: {
-  services.nginx = let
-    secrets = import ../modules/secrets.nix;
-  in {
+{pkgs, outputs, ...}: {
+  services.nginx = {
     enable = true;
     package = (pkgs.nginx.override {
       modules = with pkgs.nginxModules; [ rtmp ];
@@ -12,10 +10,10 @@
     recommendedProxySettings = true;
     virtualHosts = {
       # Landing page
-      "${secrets.jimDomain}" =  {
+      "${outputs.secrets.jimDomain}" =  {
         enableACME = true;
         addSSL = true;
-        root = "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page";
+        root = "/var/www/Jimbo-Landing-Page";
         locations = {
           "/.well-known/matrix/client" = {
             extraConfig = ''
@@ -23,13 +21,13 @@
                return 200 '
                {
                  "m.homeserver": {
-                   "base_url": "https://matrix.${secrets.jimDomain}"
+                   "base_url": "https://matrix.${outputs.secrets.jimDomain}"
                  },
                  "m.identity_server": {
                    "base_url": "https://matrix.org"
                  },
                  "org.matrix.msc3575.proxy": {
-                   "url": "https://matrix.${secrets.jimDomain}"
+                   "url": "https://matrix.${outputs.secrets.jimDomain}"
                  }
                }';
             '';
@@ -37,14 +35,14 @@
           "/.well-known/matrix/server" = {
             extraConfig = ''
               default_type application/json;
-              return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}';
+              return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}';
             '';
           };
         };
       };
 
       # Bluemap Proxy, TODO, move this into the nix-minecraft flake configs
-      "bluemap.${secrets.jimDomain}" =  {
+      "john.${outputs.secrets.jimDomain}" =  {
         enableACME = true;
         forceSSL = true;
         locations."/" = {
@@ -62,11 +60,11 @@
           application stream {
             record off;
             live on;
-           allow play all;
+            allow play all;
             hls on;
-            hls_path /var/www/jimweb/streams/hls;
-           hls_fragment_naming system;
-           hls_fragment 3;
+            hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
+            hls_fragment_naming system;
+            hls_fragment 3;
             hls_playlist_length 40;
           }
         }
@@ -76,6 +74,6 @@
 
   # Allow Nginx to read and write to paths
   systemd.services.nginx.serviceConfig = {
-    ReadWritePaths = [ "/etc/nixos/nixos/server/webpages/Jimbo-Landing-Page" ];
+    ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
   };
 }

nixos/server/owncast.nix

@@ -1,6 +1,4 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   services = {
     owncast = {
       enable = true;
@@ -8,7 +6,7 @@ in {
       rtmp-port = 1945;
       listen = "0.0.0.0";
     };
-    nginx.virtualHosts."live.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."live.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/pufferpanel.nix

@@ -1,17 +1,15 @@
-{pkgs, lib, ...}: let
-  secrets = import ../modules/secrets.nix;
-in {
+{pkgs, outputs, lib, ...}: {
   services = {
     pufferpanel = {
       enable = true;
       environment = {
         PUFFER_WEB_HOST = ":5010";
-        PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}";
+        PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${outputs.secrets.jimDomain}";
         PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
-        PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587";
-        PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}";
-        PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}";
-        PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
+        PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
+        PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
+        PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
+        PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
       };
       extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
       package = pkgs.buildFHSEnv {
@@ -21,7 +19,7 @@ in {
         targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
       };
     };
-    nginx.virtualHosts."panel.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."panel.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/synapse.nix

@@ -1,13 +1,11 @@
-{pkgs, config, ...}: let
-  secrets = import ../modules/secrets.nix;
-in {
+{pkgs, outputs, config, ...}: {
   services = {
     # Synapse Matrix server
     matrix-synapse = with config.services.coturn; {
       enable = true;
       settings = {
-        server_name = "${secrets.jimDomain}";
-        public_baseurl = "https://matrix.${secrets.jimDomain}";
+        server_name = "${outputs.secrets.jimDomain}";
+        public_baseurl = "https://matrix.${outputs.secrets.jimDomain}";
         suppress_key_server_warning = true;
 
         # Set the network config
@@ -23,10 +21,10 @@ in {
 
         # Enable smtp for password resets
         email = {
-          notif_from = "Jimbo's Matrix <noreply@${secrets.jimDomain}>";
-          smtp_host = "mx.${secrets.jimDomain}";
-          smtp_user = "noreply@${secrets.jimDomain}";
-          smtp_pass = secrets.noreplyPassword;
+          notif_from = "Jimbo's Matrix <noreply@${outputs.secrets.jimDomain}>";
+          smtp_host = "mx.${outputs.secrets.jimDomain}";
+          smtp_user = "noreply@${outputs.secrets.jimDomain}";
+          smtp_pass = outputs.secrets.noreplyPassword;
           enable_tls = true;
           smtp_port = 587;
           require_transport_security = true;
@@ -61,8 +59,8 @@ in {
 
         # Turn settings
         turn_uris = [
-          "turn:turn.${secrets.jimDomain}:3478?transport=udp"
-          "turn:turn.${secrets.jimDomain}:3478?transport=tcp"
+          "turn:turn.${outputs.secrets.jimDomain}:3478?transport=udp"
+          "turn:turn.${outputs.secrets.jimDomain}:3478?transport=tcp"
         ];
         turn_shared_secret = static-auth-secret;
         turn_user_lifetime = "1h";
@@ -75,12 +73,12 @@ in {
     # Sliding sync proxy for Matrix
     matrix-sliding-sync = let
       matrixSecretFile = pkgs.writeText "matrixsecret" ''
-        SYNCV3_SECRET=${secrets.matrixSecret}
+        SYNCV3_SECRET=${outputs.secrets.matrixSecret}
       '';
     in {
       enable = true;
       settings = {
-        SYNCV3_SERVER = "https://matrix.${secrets.jimDomain}";
+        SYNCV3_SERVER = "https://matrix.${outputs.secrets.jimDomain}";
         SYNCV3_BINDADDR = "0.0.0.0:8009";
       };
       environmentFile = "${matrixSecretFile}";
@@ -95,14 +93,14 @@ in {
       max-port = 50000;
       use-auth-secret = true;
       static-auth-secret = "will be world readable for local users :(";
-      realm = "turn.${secrets.jimDomain}";
-      cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
-      pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
+      realm = "turn.${outputs.secrets.jimDomain}";
+      cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
+      pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
     };
 
     # Nginx
     nginx.virtualHosts = {
-      "matrix.${secrets.jimDomain}" = {
+      "matrix.${outputs.secrets.jimDomain}" = {
         enableACME = true;
         forceSSL = true;
         locations = {
@@ -113,7 +111,7 @@ in {
            "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
         };
       };
-      "turn.${secrets.jimDomain}" = {
+      "turn.${outputs.secrets.jimDomain}" = {
         enableACME = true;
         forceSSL = true;
         listen = [

nixos/server/tandoor.nix

@@ -1,12 +1,10 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   services = {
     tandoor-recipes = {
       enable = true;
       port = 5030;
     };
-    nginx.virtualHosts."recipes.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."recipes.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/vaultwarden.nix

@@ -1,28 +1,26 @@
-let
-  secrets = import ../modules/secrets.nix;
-in {
+{outputs, ...}: {
   services = {
     vaultwarden = {
       enable = true;
       config = {
-        DOMAIN = "https://warden.${secrets.jimDomain}";
+        DOMAIN = "https://warden.${outputs.secrets.jimDomain}";
         SIGNUPS_ALLOWED = false;
         ROCKET_ADDRESS = "127.0.0.1";
         ROCKET_PORT = 8222;
         ROCKET_LOG = "critical";
 
         # Smtp email
-        SMTP_HOST = "mx.${secrets.jimDomain}";
-        SMTP_FROM = "Jimbo's Vaultwarden <noreply@${secrets.jimDomain}>";
+        SMTP_HOST = "mx.${outputs.secrets.jimDomain}";
+        SMTP_FROM = "Jimbo's Vaultwarden <noreply@${outputs.secrets.jimDomain}>";
         SMTP_FROM_NAME = "Vaultwarden";
-        SMTP_USERNAME = "noreply@${secrets.jimDomain}";
-        SMTP_PASSWORD = secrets.noreplyPassword;
+        SMTP_USERNAME = "noreply@${outputs.secrets.jimDomain}";
+        SMTP_PASSWORD = outputs.secrets.noreplyPassword;
         SMTP_SECURITY = "starttls";
         SMTP_PORT = 587;
         SMTP_TIMEOUT = 15;
       };
     };
-    nginx.virtualHosts."warden.${secrets.jimDomain}" =  {
+    nginx.virtualHosts."warden.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
       forceSSL = true;
       locations."/" = {

nixos/server/webpages/Jimbo-Landing-Page

@@ -1 +0,0 @@
-Subproject commit 4822d4c9f78f245ec2b4b68baba271c0a32225bf

nixos/users/jimbo.nix

@@ -1,12 +1,10 @@
-{pkgs, ...}: {
+{pkgs, outputs, ...}: {
   users.users = {
-    jimbo = let
-      secrets = import ../modules/secrets.nix;
-    in {
+    jimbo = {
       description = "Jimbo";
-      hashedPassword = secrets.jimboAccPass;
+      hashedPassword = outputs.secrets.jimboAccPass;
       isNormalUser = true;
-      openssh.authorizedKeys.keys = secrets.jimKeys;
+      openssh.authorizedKeys.keys = outputs.secrets.jimKeys;
       extraGroups = [
         "wheel"
         "audio"
@@ -21,6 +19,7 @@
         "qemu-libvirtd"
         "docker"
 	"nginx"
+	"minecraft"
         "nfsShare"
       ];
       uid = 1000;