summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-24 17:59:52 +0100
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-24 17:59:52 +0100
commit8245579c8af73c8f40f5978878c7944c814ba04f (patch)
tree006caa951e345f481be3b91b85bcfda1061956d9 /system
parentrefactor(modules/impermanence): Migrate to by-name while distributing mods (diff)
downloadnixos-server-8245579c8af73c8f40f5978878c7944c814ba04f.tar.gz
nixos-server-8245579c8af73c8f40f5978878c7944c814ba04f.zip
[WIP]
Diffstat (limited to '')
-rw-r--r--system/default.nix2
-rw-r--r--system/services/default.nix2
-rw-r--r--system/services/fail2ban/default.nix45
-rw-r--r--system/services/rust-motd/default.nix91
-rw-r--r--system/users/default.nix100
5 files changed, 0 insertions, 240 deletions
diff --git a/system/default.nix b/system/default.nix
index 4c80ed9..9fdd937 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -1,9 +1,7 @@
 {...}: {
   imports = [
-    ./impermanence
     ./packages
     ./secrets
     ./services
-    ./users
   ];
 }
diff --git a/system/services/default.nix b/system/services/default.nix
index b8b617e..db7ca4f 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,6 +1,5 @@
 {...}: {
   imports = [
-    ./fail2ban
     ./invidious
     ./invidious-router
     ./mail
@@ -11,7 +10,6 @@
     ./murmur
     ./nix
     ./restic
-    ./rust-motd
     ./taskserver
   ];
 }
diff --git a/system/services/fail2ban/default.nix b/system/services/fail2ban/default.nix
deleted file mode 100644
index 1c47568..0000000
--- a/system/services/fail2ban/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{...}: {
-  vhack.persist.directories = [
-    {
-      directory = "/var/lib/fail2ban";
-      user = "fail2ban";
-      group = "fail2ban";
-      mode = "0700";
-    }
-  ];
-
-  services.fail2ban = {
-    enable = true;
-    maxretry = 7; # ban after 7 failures
-    daemonSettings = {
-      Definition = {
-        logtarget = "SYSLOG";
-        socket = "/run/fail2ban/fail2ban.sock";
-        pidfile = "/run/fail2ban/fail2ban.pid";
-        dbfile = "/var/lib/fail2ban/db.sqlite3";
-      };
-    };
-    bantime-increment = {
-      enable = true;
-      rndtime = "8m";
-      overalljails = true;
-      multipliers = "2 4 16 128 256";
-      maxtime = "72h";
-    };
-    jails = {
-      dovecot = ''
-        # block IPs which failed to log-in
-        # aggressive mode add blocking for aborted connections
-        enabled = true
-        filter = dovecot[mode=aggressive]
-        maxretry = 2
-      '';
-      postfix = ''
-        enabled = true
-        filter = postfix[mode=aggressive]
-        findtime = 600
-        maxretry = 3
-      '';
-    };
-  };
-}
diff --git a/system/services/rust-motd/default.nix b/system/services/rust-motd/default.nix
deleted file mode 100644
index 1a41b32..0000000
--- a/system/services/rust-motd/default.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  systemd.services.rust-motd = {
-    path = builtins.attrValues {
-      inherit
-        (pkgs)
-        bash
-        fail2ban # Needed for rust-motd fail2ban integration
-        ;
-    };
-  };
-  programs.rust-motd = {
-    enable = true;
-    enableMotdInSSHD = true;
-    refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20)
-    settings = {
-      global = {
-        progress_full_character = "=";
-        progress_empty_character = "-";
-        progress_prefix = "[";
-        progress_suffix = "]";
-        time_format = "%Y-%m-%d %H:%M:%S";
-      };
-
-      banner = {
-        color = "red";
-        command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant";
-        # if you don't want a dependency on figlet, you can generate your
-        # banner however you want, put it in a file, and then use something like:
-        # command = "cat banner.txt"
-      };
-
-      # [weather]
-      # url = "https://wttr.in/New+York,New+York?0"
-      # proxy = "http://proxy:8080"
-
-      # [service_status]
-      # Accounts = "accounts-daemon"
-      # Cron = "cron"
-
-      # [docker_status]
-      # Local containers MUST start with a slash
-      # https://github.com/moby/moby/issues/6705
-      #"/nextcloud-nextcloud-1" = "Nextcloud"
-      #"/nextcloud-nextcloud-mariadb-1" = "Nextcloud Database"
-
-      uptime = {
-        prefix = "Uptime:";
-      };
-
-      # [user_service_status]
-      # gpg-agent = "gpg-agent"
-
-      s_s_l_certs = {
-        sort_method = "manual";
-
-        certs = {
-          "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem";
-          "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem";
-        };
-      };
-
-      filesystems = {
-        root = "/";
-        persistent = "/srv";
-        store = "/nix";
-        boot = "/boot";
-      };
-
-      memory = {
-        swap_pos = "beside"; # or "below" or "none"
-      };
-
-      fail2_ban = {
-        jails = ["sshd"]; #, "anotherjail"]
-      };
-
-      last_login = {
-        sils = 2;
-        soispha = 2;
-        nightingale = 2;
-      };
-
-      last_run = {
-      };
-    };
-  };
-}
diff --git a/system/users/default.nix b/system/users/default.nix
deleted file mode 100644
index 0da0515..0000000
--- a/system/users/default.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{pkgs, ...}: {
-  vhack.persist.directories = [
-    {
-      directory = "/home";
-      user = "root";
-      group = "root";
-      mode = "0755";
-    }
-    {
-      directory = "/home/sils";
-      user = "sils";
-      group = "sils";
-      mode = "0700";
-    }
-    {
-      directory = "/home/soispha";
-      user = "soispha";
-      group = "soispha";
-      mode = "0700";
-    }
-    {
-      directory = "/home/nightingale";
-      user = "nightingale";
-      group = "nightingale";
-      mode = "0700";
-    }
-    {
-      directory = "/root/.ssh";
-      user = "root";
-      group = "root";
-      mode = "0700";
-    }
-  ];
-
-  users = {
-    mutableUsers = false;
-    defaultUserShell = pkgs.zsh;
-    users = {
-      root = {
-        initialHashedPassword = null; # to lock root
-        openssh.authorizedKeys.keys = [];
-      };
-
-      sils = {
-        name = "sils";
-        isNormalUser = true;
-        home = "/home/sils";
-        initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC";
-        uid = 1000;
-        extraGroups = [
-          "wheel"
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A"
-        ];
-      };
-
-      soispha = {
-        name = "soispha";
-        isNormalUser = true;
-        home = "/home/soispha";
-        initialHashedPassword = "$y$jFT$3.8XmUyukZvpExMUxDZkI.$IVrJgm8ysNDF/0vDD2kF6w73ozXgr1LMVRNN4Bq7pv1";
-        uid = 1001;
-        extraGroups = [
-          "wheel"
-        ];
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"
-        ];
-      };
-
-      nightingale = {
-        name = "nightingale";
-        isNormalUser = true;
-        home = "/home/nightingale";
-        initialHashedPassword = null; # TODO CHANGE
-        uid = 1002;
-        extraGroups = [
-          "wheel"
-        ];
-        openssh.authorizedKeys.keys = [
-        ];
-      };
-      nixremote = {
-        name = "nixremote";
-        isNormalUser = true;
-        createHome = true;
-        home = "/home/nixremote";
-        uid = 1003;
-        group = "nixremote";
-        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbSWqFzb+WTq2JVoRGoTkCkP7AM3bNY91bsUBeoQQc8gKAWuqCrpAOmr2Q2QMaTTGEOM0CsWfWLs3ZYtynHmc7wIFc4T/sUloV+dB9oSCmOk5ePxtj8+gpPK35Ja+ug5zmXsaI4s+n9mEbuuEjn33MxDYCUzAI+aWvWe68u/j+FM3u9c3Ta009rotajjSZ/cmIltgNLsG1rnAZRpwmLVg5UL4cb9um54o/NLYFd2KAekQFVbwUQDzzqriZhWmzkfhnznBMDblf9R1xvZ18Lqv3JF21shdaR43NW1wtuntBvAdsVYK2VUEbj+3MxTkK0aQ/E9SHMtH8MRE4oxU74TeTWfIhuSZk9/wekzSNMkHP3ReFC6B9xCMYa+ZqaTaGSWLQi78AQDeM2F9rAfp3hQzyRa7T7qKlgbae/hEb07xZglqmG7eml9vPSt4AHv5Y176Q95NiiWduGoLQOmjvSBMU9/KEGrGKyLfGH1Wa2EOfPxKKcvcHW0Xi9PlPiuP0nYk= root@thinklappi"
-        ];
-      };
-    };
-    groups.nixremote = {
-      gid = 1004;
-    };
-  };
-}