diff --git a/nixos/server/ddclient.nix b/nixos/server/ddclient.nix index f1f835a..3ba3b68 100644 --- a/nixos/server/ddclient.nix +++ b/nixos/server/ddclient.nix @@ -1,5 +1,5 @@ {pkgs, outputs, ...}: { - # DDClient for Dynamic IPs + # Dynamic IPs for Cloudflare records services.ddclient = { enable = true; protocol = "cloudflare"; diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index c1082ae..ed99afa 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -8,9 +8,6 @@ in { firewall = { allowPing = false; - allowedTCPPortRanges = [ - { from = 8100; to = 8150; } # Azuracast - ]; # Add extra input rules using nftables extraInputRules = '' diff --git a/nixos/server/misc.nix b/nixos/server/misc.nix index 599429b..3fea159 100644 --- a/nixos/server/misc.nix +++ b/nixos/server/misc.nix @@ -3,7 +3,6 @@ environment.systemPackages = with pkgs; [ mdadm ]; - services = { snowflake-proxy.enable = true; logrotate.checkConfig = false; diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index 644bcb2..9b95df2 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -8,7 +8,7 @@ https = true; config = { adminuser = "jimbo"; - adminpassFile = "/mnt/nextcloud/password.txt"; + adminpassFile = pkgs.writeText "nextpass" outputs.secrets.nextcloudPass; }; settings = { trusted_proxies = [ "127.0.0.1" ]; diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index 643078c..4d2b218 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -17,19 +17,19 @@ locations = { "/.well-known/matrix/client" = { extraConfig = '' - default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${outputs.secrets.jimDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${outputs.secrets.jimDomain}" - } - }'; + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${outputs.secrets.jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${outputs.secrets.jimDomain}" + } + }'; ''; }; "/.well-known/matrix/server" = { @@ -68,9 +68,7 @@ }; # Open HTTP and HTTPs ports - networking.firewall = { - allowedTCPPorts = [ - 80 443 - ]; - }; + networking.firewall.allowedTCPPorts = [ + 80 443 + ]; } diff --git a/nixos/server/photoprism.nix b/nixos/server/photoprism.nix index c66fc24..4e8283d 100644 --- a/nixos/server/photoprism.nix +++ b/nixos/server/photoprism.nix @@ -1,5 +1,4 @@ {outputs, ...}: { - # Photoprism services = { photoprism = { enable = true; diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index ff267ff..303d8a8 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -10,7 +10,6 @@ # Set the network config listeners = [{ - # Client config port = 8008; bind_addresses = [ "::" "0.0.0.0" ]; resources = [ { compress = false; names = [ "client" "federation" ]; } ]; diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix index 4bad3e2..480047e 100644 --- a/nixos/server/wireguard.nix +++ b/nixos/server/wireguard.nix @@ -1,7 +1,7 @@ {outputs, ...}: let ips = import ../modules/ips.nix; in { - # enable NAT + # Enable NAT networking = { nat = { enable = true; diff --git a/secrets.nix b/secrets.nix index b2f7f35..72d7ab0 100644 Binary files a/secrets.nix and b/secrets.nix differ