From dcc845a67c733d195021a37eddca14fac026df99 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Tue, 10 Sep 2024 21:39:12 -0400 Subject: [PATCH] Touchups --- nixos/server/ddclient.nix | 2 +- nixos/server/firewall.nix | 3 --- nixos/server/misc.nix | 1 - nixos/server/nextcloud.nix | 2 +- nixos/server/nginx.nix | 34 ++++++++++++++++------------------ nixos/server/photoprism.nix | 1 - nixos/server/synapse.nix | 1 - nixos/server/wireguard.nix | 2 +- secrets.nix | Bin 2174 -> 2237 bytes 9 files changed, 19 insertions(+), 27 deletions(-) diff --git a/nixos/server/ddclient.nix b/nixos/server/ddclient.nix index f1f835a..3ba3b68 100644 --- a/nixos/server/ddclient.nix +++ b/nixos/server/ddclient.nix @@ -1,5 +1,5 @@ {pkgs, outputs, ...}: { - # DDClient for Dynamic IPs + # Dynamic IPs for Cloudflare records services.ddclient = { enable = true; protocol = "cloudflare"; diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index c1082ae..ed99afa 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -8,9 +8,6 @@ in { firewall = { allowPing = false; - allowedTCPPortRanges = [ - { from = 8100; to = 8150; } # Azuracast - ]; # Add extra input rules using nftables extraInputRules = '' diff --git a/nixos/server/misc.nix b/nixos/server/misc.nix index 599429b..3fea159 100644 --- a/nixos/server/misc.nix +++ b/nixos/server/misc.nix @@ -3,7 +3,6 @@ environment.systemPackages = with pkgs; [ mdadm ]; - services = { snowflake-proxy.enable = true; logrotate.checkConfig = false; diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index 644bcb2..9b95df2 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -8,7 +8,7 @@ https = true; config = { adminuser = "jimbo"; - adminpassFile = "/mnt/nextcloud/password.txt"; + adminpassFile = pkgs.writeText "nextpass" outputs.secrets.nextcloudPass; }; settings = { trusted_proxies = [ "127.0.0.1" ]; diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index 643078c..4d2b218 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -17,19 +17,19 @@ locations = { "/.well-known/matrix/client" = { extraConfig = '' - default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${outputs.secrets.jimDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${outputs.secrets.jimDomain}" - } - }'; + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${outputs.secrets.jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${outputs.secrets.jimDomain}" + } + }'; ''; }; "/.well-known/matrix/server" = { @@ -68,9 +68,7 @@ }; # Open HTTP and HTTPs ports - networking.firewall = { - allowedTCPPorts = [ - 80 443 - ]; - }; + networking.firewall.allowedTCPPorts = [ + 80 443 + ]; } diff --git a/nixos/server/photoprism.nix b/nixos/server/photoprism.nix index c66fc24..4e8283d 100644 --- a/nixos/server/photoprism.nix +++ b/nixos/server/photoprism.nix @@ -1,5 +1,4 @@ {outputs, ...}: { - # Photoprism services = { photoprism = { enable = true; diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index ff267ff..303d8a8 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -10,7 +10,6 @@ # Set the network config listeners = [{ - # Client config port = 8008; bind_addresses = [ "::" "0.0.0.0" ]; resources = [ { compress = false; names = [ "client" "federation" ]; } ]; diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix index 4bad3e2..480047e 100644 --- a/nixos/server/wireguard.nix +++ b/nixos/server/wireguard.nix @@ -1,7 +1,7 @@ {outputs, ...}: let ips = import ../modules/ips.nix; in { - # enable NAT + # Enable NAT networking = { nat = { enable = true; diff --git a/secrets.nix b/secrets.nix index b2f7f352eec323930d0bcce12c4d27a376b8c6c3..72d7ab0a0b55ff14910713c5eb59cf7a87b393ce 100644 GIT binary patch literal 2237 zcmV;u2txM&M@dveQdv+`0J-oDi=^olq8xaCb7bC5M0WKc83`V9 zsqFm%>+M9;6v>wsIB<;>lJGW1)3L54Mgz{t4WGqcq@5lS@hBl#W(#B8x1_7$Sr+NE zc#%TZhd@st;X5|XHQ&tAr1o-CR)DU>5o<8bH*L6$uBU6_pd(I>l}ZD?$HuuujZmVx zLDL$myhMOKLPC7e`wggwO$iG=Oi(Rm&>9}j`^!_C&-J5GsU+EgbfdB1nD{Cz)4&`dk(3e%xoezQ)EMv6bL`RnjpOVmuY}1; zV=B)$;+>XCU@4%oe=63y+S{^ZV1$W}E!(&svnAY;ZvE{A{EuF-NE0Setth&OypNi{ z5fw+Wm{w=G#KJ-{5!#vPfycQ-R;`9sc+<)bSZ@%Rj^WlEQQ)qKe*q#IYZ0=NWO=ZK zoxAkV7vDhoL*8s?le(AD!hlC@G;y=Yn{;oW+xQAs*lr4Pmg)^7Ds0)`+5mklp-4e; zfaMc^=1}>9DyXO|<}+lwXhJQQP~KAqdU&-2Hmrh7OyCVGV`(=Zz>p1ricX(VB#(}e zv`Bnd{C)XXcAvutUSr7xvv0S$*R++pC0Sd4rZY*~cA{vnM#F^ymV`*9w!b$A9*0Y>v9UV+#83dG_)jY%iMwx5Tr$Q$s*mUf?v%UuSTZ|Ij+y4?Qv6eeQ;iQGZw z>nk`8h+Q9Wt?};L6vplfC5}GHI#bkPbTFOelMa`)%x5=E3Hw&~-YS;rZ%I%_74ZSn zH(L5Ob;p3XHSOf`#BlyChcv;CDg$2^N~AATiFXbn%6l(~>k!9a1WIhsOzi0c!=-f4 z%39a))UeCwd+q0=((wI*nmNX&3~mJ=o?Ky_p93IfiX4R`H=K%8=LrdS=ca%le0wu$ zaZG<jeTZpweQhlVs5mn>sfY_eS}D%|qM^$dDnWr<76e1W)@FAjaB(J@xW z^m$YjB*Z^t>)9eWMT&By7qN?6+B}W^)J}tG;X11nnM?~+YVY%&kbZ4lSI^%I=ZyLi z7In4U*<{elurnE%G-Sud5>Sh=5<-KVx*D;7$DLJQ?5f<g08Tej^ru=p7dKcQgvp5?Z)@|jY98MOxDs&pO8Zr& zNOA5YV95I6F0BVh4*@Z(1DN{Vyr)sj%0AOMA(S3Yj-LjoDVr4{^C^3e^~>{vn{WiG zOu2S_k+nh9S2XHm$~^pO?%w?6yod_pVLrx%{SI$b?kK`WV1fX$fO&DSwRqT%T)dst zF%4=(~BUGXp9${2qCuu54SeJg{sBo6aV^f>0=%QW#X+E-MZI8SaCmKwsG@@w~aGmU^ z#JJ~ZPFi%5HP(UM*X54W(y+9~gH{T3CA(O55Np^*lbY8?qq01zUPoo(u;Ceq8^XSE z)kIAf9g%2vOCx<3Gprqnx*BntP;-kb4L6S5evh4@C;vQW=GY*z1m1$@=9e7toqy(? zxwOlAnwP8^Oq07D7;mJmNcf5@h+0=Mf(*l9dt62`^ArF$gO7c_HA3HjJ6{3ht&KMx zlp|~KBaLQeA6!FBra5@{a`Atfc0AL0`H#;EvtO3bAdMRi)eqnwWh{^tn}@pX6-~ju z-pl;_KG&PkbR_a-a?>4>qyvN|$llkQj|#fPwQ({lq*W7OwS6?|Hj~atg^J%42HkUg zZ`pV$w3;gsIRPreDPRt^ISW(J=QzkV+-mBzx%Mx5yqoUz-CDy-BaiV`R$spz3 z7!v*yJi652ydNa|aC!x46+)E=49$mn^S_LkFl<%jr(e$4?m)_%c8i#JeNnfA;ecH` z;2I>34`%^m+W`cshNo|Ma(X`2keP*SmsFcJes}roZA5IoyLT=-cBVJ2vwK^ zoOaG8ii#5+vgqHWnKEtryoXT0800U%)bpJuXM0pPQhB86S&R)3ou>*pi(;Ga4e0XC z2M|wKIrYqukrdWtBUB+^K(zowP4M)v7@4MDsLHbm;LG z7AQ_y?>l|j(l(0Ttk|@HL|)`QZ@k2cGiRf$C(t~i@U?M!p5Q7s5VY)V{*F{DsBb;k z>bOvJN6=gvoA9!QyO1$>0om-i-L Ltok-tOGH8(?srA3 literal 2174 zcmV-^2!ZziM@dveQdv+`02Y4j0Gt4_>u`}&|7V^MUJno`0t!*#zuKP6oP5~HrtNO323VmuF62Z z*=|d?+PcaedB&{|6%U_fCZbndskyak6$ZHi&J@fkxQ6%C`_*xCL^3*|ZPm&O+9bio zp-QO3a_!}xd@+Z@A-2SuhACwLos*T51rb#DA>bv5n~t^V3Vb!`NI(^j`Lh-0C_U~u z2+u!d`+Uh893%v`1yao_!BPZl-pA4}%O@>c)5RoSZ4TE01=V%Vs=>RBdivDOeN|s>}#FM_t3nyJF77YF17N<3QeZc$rm zSyVf1_hy3`d~yJ~*)v_IIEG|2;uLh1E2mytNEh)iq`nHjf~*ZC8b@UgP$bm67BWzP zWx0`(0iFflndo);)9%jRqcC^3J_rrR_9>|hydJuPp5T!WxB8Awk;LgajdcH|sZ#Xh zEg$h$gSh{l8@mfvfohNRntS3mar7!QhT8mEtuZzsC)p=)FQy2DIQmRMZ1dORv?>4I zPGSGtMhKgpBvzF6H4U^Pzt=A)Kys}pYQ<9|VHOCljU{W_6^5c8K}}l3qk#3J+7;lI zAlwFHIOQs#3s}e}5#Yb&S7@5Q7q?wlEEibP$&1yBPl;IL#Q`!37~p8P$**BS4$Gy* zN*9#jIBYYUti*%jGa4}~NuwDHAuGN+=| z`v^%MGpY@Dug16y?YA{nPu;!t^_tqf&qengfQ&z?RiORKe%TN8vyj<=J+CnR?zjKC z0U(B8xnBUxu!OnkM9P0RZ-+P!OphF*=4<=IN~Nrc)H11SjmJk8ZiFt(0QW2vP9<|> zG7<(roCyDRChM=1Ns`&fg~BnWBNw&9ppTA*PQvdzWHHRdTRF31B$Fwl@8v`-cfE)9 zj1*D{lo7oTgzqdlx%ZYSInSp{AAS&#Oa3HDv9rt-g}r+qkM}n0(eTtoWV}`{s9gC-HyDeQS6$t*4(8?yDCNos7-Dy!{c_HO zhY%>}h2~xyT(ZW_wTqs#KW%==nBsyHicdjynDZ^@mvx1cPYnj_F zr0(KYz2Uhowfu@L&ZV+>hmKkyaJmvP;23)OufZC}t7hm?vev?4dh*9k*gQFxXM? z0xiRixK-g-{*U zbo>32g05b00#YnLiS-oLti0(G1{0k@0kZ%uEP&%Q0Z?XiIKXkFH~T0-5}US2@b93d z@`adDr(-a)w_!B1GmKfHYSpIc8X_cY&=xlLB56SsABRA^zG!d#Fu-`O2-zE?u?`?p zBti^>gtM7KbW15mNYG?qv=GUUR?#M8@V?Fx2!^hY{(>I{NVECr3WXHAOyx(vO}fpz zvfGUty)#5)SL^a6{VgQf6dZW?K?G0R8riIcg|K^86bR7;*!W>C$Zt44r`G8(GBgrN z?a!qC=x3_vKsI%&O+yq3sp8Y{_+RUHwYSo04uo=Hy@h2VUxY&xFhk0E7`5!#gJNyZ zw0kybqW@zZHc%HMha^TaR;pSr!3Wsr@MfX1@wL$`8xF+{ibJGhduU<$F*(&kDI=qs zH{&;y_afb&QoyfCFD?53$sKt_);Pee6$|^xKkCmtS@p}ceyb<^5DjcIMAC&W?J{A( zss~6pW|I`@@(`tOHX0$_70>6%rc+u*=nqg95KJ2pH^bL!zsmeI@;>-OySAKJfTk7XiPzt!J5GzhFwIp`T-s{|% zPtZ^akhKc}8R-QZNPKN=-1!tbB1)QcqsaI1xzGyjUt|m+PrD8xyn3lc>IV})YC9%> zX&+2V@=C2(pT|CtqJG7qTkKX7!mqmk@j1_M!6#Lq(>rDN6wxKy