From d1297eda99b77ed1b1773b8a2dbba834322429db Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 13:52:47 +0100 Subject: [PATCH 1/8] feat: added sabnzbd support --- hosts/sisyphe/features/multimedia/sabnzbd.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 hosts/sisyphe/features/multimedia/sabnzbd.nix diff --git a/hosts/sisyphe/features/multimedia/sabnzbd.nix b/hosts/sisyphe/features/multimedia/sabnzbd.nix new file mode 100644 index 0000000..ad2e8f6 --- /dev/null +++ b/hosts/sisyphe/features/multimedia/sabnzbd.nix @@ -0,0 +1,18 @@ +{config, pkgs, ...}: +{ + services.sabnzbd = { + enable = true; + + }; + + services.caddy.virtualHosts."http://sabnzbd.normandy.sisyphe.hypervirtual.world".extraConfig = '' + reverse_proxy 8080 + ''; +/* + services.prometheus.exporters.sabnzbd = { + enable = true; + servers = [ + localhost + ] + };*/ +} \ No newline at end of file From c8073d305566eca3e55c4ccf38b652e8fc7c4edd Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 13:59:52 +0100 Subject: [PATCH 2/8] fix: more changes due to nixos 24.11 --- hosts/sisyphe/features/samba-shares.nix | 1 - hosts/sisyphe/features/services/nextcloud.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix index 66aa8d9..8c7d872 100644 --- a/hosts/sisyphe/features/samba-shares.nix +++ b/hosts/sisyphe/features/samba-shares.nix @@ -16,7 +16,6 @@ in config = { services.samba = { enable = true; - securityType = "user"; openFirewall = true; settings = { global = { diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index e96f332..b9600ed 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -25,6 +25,7 @@ database.createLocally = true; webserver = "caddy"; configureRedis = true; + package = pkgs.nextcloud30; config = { dbtype = "pgsql"; adminpassFile = config.sops.secrets.adminNextcloudPass.path; @@ -93,6 +94,7 @@ extraAppsEnable = true; appstoreEnable = true; # why i would want appstore to be disabled ??? autoUpdateApps.enable = true; + cli.memoryLimit = "4G"; }; environment.systemPackages = From e045347a31b556a556b7f7dcdd140e5615b71afa Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 13:59:57 +0100 Subject: [PATCH 3/8] added missing file --- hosts/sisyphe/features/multimedia/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/sisyphe/features/multimedia/default.nix b/hosts/sisyphe/features/multimedia/default.nix index fa082d5..e941af0 100644 --- a/hosts/sisyphe/features/multimedia/default.nix +++ b/hosts/sisyphe/features/multimedia/default.nix @@ -3,6 +3,7 @@ ./arr-suite.nix ./calibre-web.nix ./slskd.nix + ./sabnzbd.nix ./transmission.nix ./jellyfin.nix ]; From 5c53e37af6e8066ae36c3c6e96d650efe71e7e22 Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 14:07:00 +0100 Subject: [PATCH 4/8] fix: 2fa does not seems to exists anymore on nc30?? --- hosts/sisyphe/features/services/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index b9600ed..6749aae 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -68,7 +68,6 @@ contacts calendar previewgenerator - twofactor_nextcloud_notification ; memories = pkgs.fetchNextcloudApp { From 9414a560c040691ae7fa4e85e60221dba4d43485 Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 14:09:17 +0100 Subject: [PATCH 5/8] fix: sabnzbd needs unfree pkg --- hosts/sisyphe/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix index 716f722..977b5eb 100644 --- a/hosts/sisyphe/configuration.nix +++ b/hosts/sisyphe/configuration.nix @@ -142,6 +142,11 @@ in "dotnet-sdk-wrapped-6.0.428" ]; + # seems like sabnzbd needs some unfree pkgs... + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "unrar" + ]; + # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. From 2c17ed2d3ea39304e53af4f102bcddde07a8ec04 Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 14:17:56 +0100 Subject: [PATCH 6/8] fix: use nextcloud30 pkgs --- hosts/sisyphe/features/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index 6749aae..dbd83dd 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -64,7 +64,7 @@ phpOptions."opcache.interned_strings_buffer" = "23"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) + inherit (pkgs.nextcloud30Packages.apps) contacts calendar previewgenerator From 0b6399027c0a97d903e51001746587db33289d97 Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 14:25:14 +0100 Subject: [PATCH 7/8] fix: fail2ban config & try to fix extraApps problem --- hosts/sisyphe/features/fail2ban.nix | 21 +++++++++++++- hosts/sisyphe/features/services/nextcloud.nix | 28 ------------------- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/hosts/sisyphe/features/fail2ban.nix b/hosts/sisyphe/features/fail2ban.nix index 347e0c8..4e7a599 100644 --- a/hosts/sisyphe/features/fail2ban.nix +++ b/hosts/sisyphe/features/fail2ban.nix @@ -4,6 +4,25 @@ enable = true; ignoreIP = [ "192.168.1.0/24" ]; extraPackages = [ ]; - jails = { }; + jails = { + nextcloud = '' + enabled = true; + filter = nextcloud + port = http,https + ''; + }; }; + + environment.etc = { + "fail2ban/filter.d/nextcloud.conf".text = '' + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + }; + } diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index dbd83dd..a37407f 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -63,34 +63,6 @@ ]; phpOptions."opcache.interned_strings_buffer" = "23"; - extraApps = { - inherit (pkgs.nextcloud30Packages.apps) - contacts - calendar - previewgenerator - ; - - memories = pkgs.fetchNextcloudApp { - sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo="; - url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; - license = "agpl3Only"; - }; - /* - not useful for me - registration = pkgs.fetchNextcloudApp { - sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y="; - url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz"; - license = "agpl3Only"; - }; - */ - facerecognition = pkgs.fetchNextcloudApp { - sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE="; - url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz"; - license = "agpl3Only"; - }; - - }; - extraAppsEnable = true; appstoreEnable = true; # why i would want appstore to be disabled ??? autoUpdateApps.enable = true; cli.memoryLimit = "4G"; From c84a24c2ac6bf8159b213aab4896af36e2839564 Mon Sep 17 00:00:00 2001 From: kity Date: Fri, 27 Dec 2024 14:34:19 +0100 Subject: [PATCH 8/8] added ssh jail --- features/shared/ssh.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/features/shared/ssh.nix b/features/shared/ssh.nix index ed78121..4400ec3 100644 --- a/features/shared/ssh.nix +++ b/features/shared/ssh.nix @@ -8,4 +8,14 @@ PermitRootLogin = "no"; }; }; + + services.fail2ban.jails.sshd.settings = { + ssh = '' + enabled = true + port = ssh + filter = sshd + logpath = %(sshd_log)s + maxretry = 5 + ''; + }; }