updated sisyphe

2025-08-07 22:20:33 +02:00 · 2025-05-07 19:51:50 +02:00 · 2025-05-07 19:51:50 +02:00 · 931557e4b5
commit 931557e4b5
parent 2113e53b7e
3 changed files with 46 additions and 60 deletions
--- a/hosts/sisyphe/configuration.nix
+++ b/hosts/sisyphe/configuration.nix
@ -79,7 +79,7 @@ in
      allowedTCPPorts = [
        22 # ssh
        80 # http
-        443 # ssh
+        443 # ssl
        8080
      ];
      allowedUDPPorts = [ ];
--- a/hosts/sisyphe/features/backups.nix
+++ b/hosts/sisyphe/features/backups.nix
@ -8,6 +8,7 @@
  imports = [
    ./backups-repos.nix
  ];
  sops.secrets.borgRepoPassword = { };
  sops.secrets.borgRemoteServerPassword = {
    sopsFile = "${secrets}/secrets/backup.yaml";
@ -21,42 +22,6 @@
    sopsFile = "${secrets}/secrets/backup.yaml";
  };
  services.borgbackup.jobs = {
    /*
            localBackup = {
              paths = "/";
              exclude = [
                "/nix"
                "/srv/Multimedia"
                "/srv/media"
                "/srv/backups/serverBackups"
                "/srv/backups/localComputerBackups"
                "/var/cache"
                "/var/run"
                "/tmp"
                "/proc"
                "/sys"
                "/dev"
                "/mnt"
                "/run"
              ];
              repo = "/srv/backups/serverBackups";
              doInit = true;
              encryption = {
                mode = "repokey";
                passCommand = "cat /run/secrets/borgRepoPassword";
              };
              compression = "auto,lzma";
              startAt = "weekly";
            };
            /*
              serverBackup = {
              };
    */
  };
  services.borgbackup.repos = {
    borgPersonalServer = {
      authorizedKeys = [
--- a/hosts/sisyphe/features/services/forgejo.nix
+++ b/hosts/sisyphe/features/services/forgejo.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [ ./forgejo-smtp.nix ];
  sops.secrets.smtp_address = { };
@ -36,6 +41,22 @@
    mailerPasswordFile = config.sops.secrets.smtp_password.path;
  };
  servuces.fail2ban = {
    enable = true;
    jails = {
      forgejo = {
        settings = {
          logpath = "/var/log/forgejo/log/gitea.log";
          filter = "forgejo";
          port = "http,https,ssh";
          maxretry = 20;
          findtime = 300;
          bantime = 900;
        };
      };
    };
  };
  /*
    sops.secrets.forgejo-runner-token = {
      owner = "forgejo";