FIx warnings after upgrade

nixos/boxes/vpsfree1/default.nix

@@ -6,6 +6,7 @@
     ./tailscale-vpsfree1.nix
     ../cli.nix
     ../../server-security.nix
+    ../../server-common.nix
     ../../tailscale.nix
   ];
 
@@ -18,4 +19,3 @@
 
   nix.buildCores = 7;
 }
-

nixos/boxes/vultr1/default.nix

@@ -11,6 +11,7 @@
     ./snowflake.nix
     ../cli.nix
     ../../server-security.nix
+    ../../server-common.nix
     ../../tailscale.nix
   ];
 

nixos/security.nix

@@ -1,14 +1,18 @@
 { config, pkgs, lib, ... }: {
+  networking.firewall.checkReversePath = "loose";
+  networking.firewall.enable = true;
+
   nix.allowedUsers = [ "@users" ];
-  security.lockKernelModules = false;
+
-  security.protectKernelImage = true;
-  security.forcePageTableIsolation = true;
-  security.virtualisation.flushL1DataCache = "always";
   security.apparmor.enable = true;
   security.apparmor.killUnconfinedConfinables = true;
-  networking.firewall.enable = true;
+  security.forcePageTableIsolation = true;
+  security.lockKernelModules = false;
+  security.protectKernelImage = true;
+  security.virtualisation.flushL1DataCache = "always";
   services.clamav.daemon.enable = true;
   services.clamav.updater.enable = true;
+
   boot.kernelParams =
     [ "slub_debug=FZP" "page_poison=1" "page_alloc.shuffle=1" ];
 

nixos/server-common.nix

@@ -0,0 +1 @@
+{ config, pkgs, ... }: { system.stateVersion = "22.05"; }

nixos/server-security.nix

@@ -8,7 +8,7 @@ let
   ];
 in {
   imports = [ ./security.nix ];
-  security.acme.email = "admin@cyplo.dev";
+  security.acme.defaults.email = "admin@cyplo.dev";
   security.acme.acceptTerms = true;
 
   services.fail2ban.enable = true;