Touchups

2024-09-10 21:39:12 -04:00 · 2024-09-10 21:39:12 -04:00 · dcc845a67c
parent cac7046d3c
commit dcc845a67c
9 changed files with 19 additions and 27 deletions
--- a/nixos/server/ddclient.nix
+++ b/nixos/server/ddclient.nix
@ -1,5 +1,5 @@
 {pkgs, outputs, ...}: {
-  # DDClient for Dynamic IPs
+  # Dynamic IPs for Cloudflare records
  services.ddclient = {
    enable = true;
    protocol = "cloudflare";
--- a/nixos/server/firewall.nix
+++ b/nixos/server/firewall.nix
@ -8,9 +8,6 @@
  in {
    firewall = {
      allowPing = false;
-      allowedTCPPortRanges = [
-        { from = 8100; to = 8150; } # Azuracast
-      ];
  
      # Add extra input rules using nftables
      extraInputRules = ''
--- a/nixos/server/misc.nix
+++ b/nixos/server/misc.nix
@ -3,7 +3,6 @@
  environment.systemPackages = with pkgs; [
    mdadm
  ];
-
  services = {
    snowflake-proxy.enable = true;
    logrotate.checkConfig = false;
--- a/nixos/server/nextcloud.nix
+++ b/nixos/server/nextcloud.nix
@ -8,7 +8,7 @@
      https = true;
      config = {
        adminuser = "jimbo";
-        adminpassFile = "/mnt/nextcloud/password.txt";
+        adminpassFile = pkgs.writeText "nextpass" outputs.secrets.nextcloudPass;
      };
      settings = {
        trusted_proxies = [ "127.0.0.1" ];
--- a/nixos/server/nginx.nix
+++ b/nixos/server/nginx.nix
@ -17,19 +17,19 @@
        locations = {
          "/.well-known/matrix/client" = {
            extraConfig = ''
-               default_type application/json;
-               return 200 '
-               {
-                 "m.homeserver": {
-                   "base_url": "https://matrix.${outputs.secrets.jimDomain}"
-                 },
-                 "m.identity_server": {
-                   "base_url": "https://matrix.org"
-                 },
-                 "org.matrix.msc3575.proxy": {
-                   "url": "https://matrix.${outputs.secrets.jimDomain}"
-                 }
-               }';
+              default_type application/json;
+              return 200 '
+              {
+                "m.homeserver": {
+                  "base_url": "https://matrix.${outputs.secrets.jimDomain}"
+                },
+                "m.identity_server": {
+                  "base_url": "https://matrix.org"
+                },
+                "org.matrix.msc3575.proxy": {
+                  "url": "https://matrix.${outputs.secrets.jimDomain}"
+                }
+              }';
            '';
          };
          "/.well-known/matrix/server" = {
@ -68,9 +68,7 @@
  };

  # Open HTTP and HTTPs ports
-  networking.firewall = {
-    allowedTCPPorts = [
-      80 443
-    ];
-  };
+  networking.firewall.allowedTCPPorts = [
+    80 443
+  ];
 }
--- a/nixos/server/photoprism.nix
+++ b/nixos/server/photoprism.nix
@ -1,5 +1,4 @@
 {outputs, ...}: {
- # Photoprism
  services = {
    photoprism = {
      enable = true;
--- a/nixos/server/synapse.nix
+++ b/nixos/server/synapse.nix
@ -10,7 +10,6 @@

        # Set the network config
        listeners = [{
-          # Client config
          port = 8008;
          bind_addresses = [ "::" "0.0.0.0" ];
          resources = [ { compress = false;  names = [ "client" "federation" ]; } ];
--- a/nixos/server/wireguard.nix
+++ b/nixos/server/wireguard.nix
@ -1,7 +1,7 @@
 {outputs, ...}: let
  ips = import ../modules/ips.nix;
 in {
-  # enable NAT
+  # Enable NAT
  networking = {
    nat = {
      enable = true;
--- a/secrets.nix
+++ b/secrets.nix