diff --git a/hosts/sisyphe/features/fail2ban.nix b/hosts/sisyphe/features/fail2ban.nix index 4e7a599..a1ef011 100644 --- a/hosts/sisyphe/features/fail2ban.nix +++ b/hosts/sisyphe/features/fail2ban.nix @@ -5,24 +5,34 @@ ignoreIP = [ "192.168.1.0/24" ]; extraPackages = [ ]; jails = { - nextcloud = '' - enabled = true; - filter = nextcloud - port = http,https - ''; - }; + /* + nextcloud = '' + enabled = true; + filter = nextcloud + port = http,https + ''; + */ + }; + sshd = '' + enabled = true + port = ssh + logpath = %(sshd_log)s + backend = %(sshd_backend)s + ''; }; environment.etc = { + /* "fail2ban/filter.d/nextcloud.conf".text = '' - [Definition] - _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) - datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" - failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: - ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. - ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: - journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service - ''; - }; + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + */ + }; } diff --git a/hosts/sisyphe/features/services/akkoma.nix b/hosts/sisyphe/features/services/akkoma.nix index 82c34ab..4bc91df 100644 --- a/hosts/sisyphe/features/services/akkoma.nix +++ b/hosts/sisyphe/features/services/akkoma.nix @@ -26,24 +26,8 @@ let "${theme}": "/static/themes/${theme}.json" } ''; - akkoma-overlay = self: super: { - akkoma = super.akkoma.overrideAttrs (old: { - postPatch = '' - mkdir -p $out/priv/static/themes - - cp ${themeSrc} $out/priv/static/themes/${theme}.json - cp ${pkgs.writeText "styles.json" styles} $out/priv/static/themes - cp ${tosFile} $out/priv/static/terms-of-service.html - ''; - - buildInputs = old.buildInputs ++ [ - pkgs.curl - ]; - }); - }; in { - nixpkgs.overlays = [ akkoma-overlay ]; services.akkoma.enable = true; services.akkoma.initDb.enable = true; services.akkoma.config = { @@ -67,21 +51,42 @@ in base_url = "https://blurb.rougebordeaux.xyz/media"; link_name = true; filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [ - "Pleroma.Upload.Filter.Exiftool" + "Pleroma.Upload.Filter.Exiftool.StripMetadata" "Pleroma.Upload.Filter.Dedupe" "Pleroma.Upload.Filter.AnonymizeFilename" ]; }; ":configurable_from_database" = false; - "frontend_configurations" = { - "pleroma_fe" = { + ":frontend_configurations" = { + "primary" = { "theme" = "${theme}"; }; }; }; }; + services.akkoma.frontends.primary = { + name = "akkoma-fe"; + ref = "stable"; + package = + pkgs.runCommand "akkoma-fe" + { + nativeBuildInputs = with pkgs; [ + xorg.lndir + ]; + } + '' + mkdir $out + lndir ${pkgs.akkoma-fe} $out - services.caddy.virtualHosts."${pleromaUrl}".extraConfig = '' + cp ${themeSrc} $out/static/themes/${theme}.json + rm $out/static/styles.json + cp ${pkgs.writeText "styles.json" styles} $out/static/styles.json + rm $out/static/terms-of-service.html + cp ${tosFile} $out/static/terms-of-service.html + ''; + }; + + services.caddy.virtualHosts."http://${pleromaUrl}".extraConfig = '' log { output file /var/log/caddy/akkoma.log } @@ -90,7 +95,7 @@ in reverse_proxy 127.0.0.1:4000 ''; - services.caddy.virtualHosts."${pleromaMediaUrl}".extraConfig = '' + services.caddy.virtualHosts."http://${pleromaMediaUrl}".extraConfig = '' log { output file /var/log/caddy/akkoma_media.log }