summary refs log tree commit diff stats
path: root/system/services
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-24 17:59:52 +0100
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-24 17:59:52 +0100
commit8245579c8af73c8f40f5978878c7944c814ba04f (patch)
tree006caa951e345f481be3b91b85bcfda1061956d9 /system/services
parentrefactor(modules/impermanence): Migrate to by-name while distributing mods (diff)
downloadnixos-server-8245579c8af73c8f40f5978878c7944c814ba04f.tar.gz
nixos-server-8245579c8af73c8f40f5978878c7944c814ba04f.zip
[WIP]
Diffstat (limited to 'system/services')
-rw-r--r--system/services/default.nix2


-rw-r--r--system/services/fail2ban/default.nix45


-rw-r--r--system/services/rust-motd/default.nix91


3 files changed, 0 insertions, 138 deletions
diff --git a/system/services/default.nix b/system/services/default.nix
index b8b617e..db7ca4f 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,6 +1,5 @@
 {...}: {
   imports = [
-    ./fail2ban
     ./invidious
     ./invidious-router
     ./mail
@@ -11,7 +10,6 @@
     ./murmur
     ./nix
     ./restic
-    ./rust-motd
     ./taskserver
   ];
 }
diff --git a/system/services/fail2ban/default.nix b/system/services/fail2ban/default.nix
deleted file mode 100644
index 1c47568..0000000
--- a/system/services/fail2ban/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{...}: {
-  vhack.persist.directories = [
-    {
-      directory = "/var/lib/fail2ban";
-      user = "fail2ban";
-      group = "fail2ban";
-      mode = "0700";
-    }
-  ];
-
-  services.fail2ban = {
-    enable = true;
-    maxretry = 7; # ban after 7 failures
-    daemonSettings = {
-      Definition = {
-        logtarget = "SYSLOG";
-        socket = "/run/fail2ban/fail2ban.sock";
-        pidfile = "/run/fail2ban/fail2ban.pid";
-        dbfile = "/var/lib/fail2ban/db.sqlite3";
-      };
-    };
-    bantime-increment = {
-      enable = true;
-      rndtime = "8m";
-      overalljails = true;
-      multipliers = "2 4 16 128 256";
-      maxtime = "72h";
-    };
-    jails = {
-      dovecot = ''
-        # block IPs which failed to log-in
-        # aggressive mode add blocking for aborted connections
-        enabled = true
-        filter = dovecot[mode=aggressive]
-        maxretry = 2
-      '';
-      postfix = ''
-        enabled = true
-        filter = postfix[mode=aggressive]
-        findtime = 600
-        maxretry = 3
-      '';
-    };
-  };
-}
diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix
deleted file mode 100644
index 1a41b32..0000000
--- a/system/services/rust-motd/default.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  systemd.services.rust-motd = {
-    path = builtins.attrValues {
-      inherit
-        (pkgs)
-        bash
-        fail2ban # Needed for rust-motd fail2ban integration
-        ;
-    };
-  };
-  programs.rust-motd = {
-    enable = true;
-    enableMotdInSSHD = true;
-    refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20)
-    settings = {
-      global = {
-        progress_full_character = "=";
-        progress_empty_character = "-";
-        progress_prefix = "[";
-        progress_suffix = "]";
-        time_format = "%Y-%m-%d %H:%M:%S";
-      };
-
-      banner = {
-        color = "red";
-        command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant";
-        # if you don't want a dependency on figlet, you can generate your
-        # banner however you want, put it in a file, and then use something like:
-        # command = "cat banner.txt"
-      };
-
-      # [weather]
-      # url = "https://wttr.in/New+York,New+York?0"
-      # proxy = "http://proxy:8080"
-
-      # [service_status]
-      # Accounts = "accounts-daemon"
-      # Cron = "cron"
-
-      # [docker_status]
-      # Local containers MUST start with a slash
-      # https://github.com/moby/moby/issues/6705
-      #"/nextcloud-nextcloud-1" = "Nextcloud"
-      #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database"
-
-      uptime = {
-        prefix = "Uptime:";
-      };
-
-      # [user_service_status]
-      # gpg-agent = "gpg-agent"
-
-      s_s_l_certs = {
-        sort_method = "manual";
-
-        certs = {
-          "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem";
-          "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem";
-        };
-      };
-
-      filesystems = {
-        root = "/";
-        persistent = "/srv";
-        store = "/nix";
-        boot = "/boot";
-      };
-
-      memory = {
-        swap_pos = "beside"; # or "below" or "none"
-      };
-
-      fail2_ban = {
-        jails = ["sshd"]; #, "anotherjail"]
-      };
-
-      last_login = {
-        sils = 2;
-        soispha = 2;
-        nightingale = 2;
-      };
-
-      last_run = {
-      };
-    };
-  };
-}

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-27 19:51:52 +0000