pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Start adding fail2ban to server config

Browse source
This commit is contained in:
Evie Litherland-Smith 2023-05-16 11:04:48 +01:00
parent 0c59117518
commit 62868f9906
5 changed files with 30 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
home/desktop/waybar.nix
View file

@ -4,10 +4,12 @@
(nerdfonts.override { fonts = [ "FiraCode" ]; }) (nerdfonts.override { fonts = [ "FiraCode" ]; })
bluez bluez
]; ];
# xdg.configFile."waybar/common.json".source = ./config/waybar/common.json;
xdg.configFile."waybar" = { xdg.configFile."waybar" = {
source = ./config/waybar; source = ./config/waybar;
recursive = true; recursive = true;
}; };
programs.waybar.enable = true; programs.waybar = {
enable = true;
systemd.enable = true;
};
} }

5
home/ssh/common.nix
View file

@ -7,6 +7,9 @@
serverAliveCountMax = 3; serverAliveCountMax = 3;
controlMaster = "auto"; controlMaster = "auto";
controlPersist = "1s"; controlPersist = "1s";
matchBlocks."git.*".user = "git"; matchBlocks = {
"git.*".user = "git";
"xenia.me.uk" = { user = "git"; port = 2222; };
};
}; };
} }

2
home/ssh/personal.nix
View file

@ -4,7 +4,7 @@
programs.ssh.matchBlocks = { programs.ssh.matchBlocks = {
"legion" = { port = 30; }; "legion" = { port = 30; };
"vanguard" = { hostname = "192.168.1.166"; port = 22; }; "vanguard" = { hostname = "192.168.1.166"; port = 22; };
"legion vanguard xenia.me.uk" = lib.hm.dag.entryAfter [ "legion" "vanguard" ] { "legion vanguard" = lib.hm.dag.entryAfter [ "legion" "vanguard" ] {
user = "root"; user = "root";
forwardAgent = true; forwardAgent = true;
}; };

8
server/fail2ban.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.fail2ban = {
enable = true;
ignoreIP = [ "127.0.0.1/8" "::1" "192.168.1.0/16" ];
bantime-increment = { enable = true; };
};
}

16
server/gitea.nix
View file

@ -1,10 +1,20 @@
{ ... }: { ... }:
{ {
imports = [ ./traefik.nix ]; imports = [ ./traefik.nix ./fail2ban.nix ];
services.gitea.enable = true; services.gitea = {
networking.firewall.allowedTCPPorts = [ 80 443 ]; enable = true;
settings = {
server = { DOMAIN = "git.xenia.me.uk"; SSH_PORT = 2222; };
log.MODE = "file";
};
appName = "Gitea";
};
networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; tls = { certResolver = "default"; }; }; routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; tls = { certResolver = "default"; }; };
services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }]; services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
}; };
# services.fail2ban.jails.gitea = ''
#
# '';
} }