diff --git a/hosts/sisyphe/features/fail2ban.nix b/hosts/sisyphe/features/fail2ban.nix index a1ef011..4e7a599 100644 --- a/hosts/sisyphe/features/fail2ban.nix +++ b/hosts/sisyphe/features/fail2ban.nix @@ -5,34 +5,24 @@ ignoreIP = [ "192.168.1.0/24" ]; extraPackages = [ ]; jails = { - /* - nextcloud = '' - enabled = true; - filter = nextcloud - port = http,https - ''; - */ - }; - sshd = '' - enabled = true - port = ssh - logpath = %(sshd_log)s - backend = %(sshd_backend)s - ''; + nextcloud = '' + enabled = true; + filter = nextcloud + port = http,https + ''; + }; }; environment.etc = { - /* "fail2ban/filter.d/nextcloud.conf".text = '' - [Definition] - _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) - datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" - failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: - ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. - ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: - journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service - ''; - */ - }; + [Definition] + _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) + datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. + ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed: + journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service + ''; + }; } diff --git a/hosts/sisyphe/features/services/akkoma.nix b/hosts/sisyphe/features/services/akkoma.nix index 4bc91df..82c34ab 100644 --- a/hosts/sisyphe/features/services/akkoma.nix +++ b/hosts/sisyphe/features/services/akkoma.nix @@ -26,8 +26,24 @@ let "${theme}": "/static/themes/${theme}.json" } ''; + akkoma-overlay = self: super: { + akkoma = super.akkoma.overrideAttrs (old: { + postPatch = '' + mkdir -p $out/priv/static/themes + + cp ${themeSrc} $out/priv/static/themes/${theme}.json + cp ${pkgs.writeText "styles.json" styles} $out/priv/static/themes + cp ${tosFile} $out/priv/static/terms-of-service.html + ''; + + buildInputs = old.buildInputs ++ [ + pkgs.curl + ]; + }); + }; in { + nixpkgs.overlays = [ akkoma-overlay ]; services.akkoma.enable = true; services.akkoma.initDb.enable = true; services.akkoma.config = { @@ -51,42 +67,21 @@ in base_url = "https://blurb.rougebordeaux.xyz/media"; link_name = true; filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [ - "Pleroma.Upload.Filter.Exiftool.StripMetadata" + "Pleroma.Upload.Filter.Exiftool" "Pleroma.Upload.Filter.Dedupe" "Pleroma.Upload.Filter.AnonymizeFilename" ]; }; ":configurable_from_database" = false; - ":frontend_configurations" = { - "primary" = { + "frontend_configurations" = { + "pleroma_fe" = { "theme" = "${theme}"; }; }; }; }; - services.akkoma.frontends.primary = { - name = "akkoma-fe"; - ref = "stable"; - package = - pkgs.runCommand "akkoma-fe" - { - nativeBuildInputs = with pkgs; [ - xorg.lndir - ]; - } - '' - mkdir $out - lndir ${pkgs.akkoma-fe} $out - cp ${themeSrc} $out/static/themes/${theme}.json - rm $out/static/styles.json - cp ${pkgs.writeText "styles.json" styles} $out/static/styles.json - rm $out/static/terms-of-service.html - cp ${tosFile} $out/static/terms-of-service.html - ''; - }; - - services.caddy.virtualHosts."http://${pleromaUrl}".extraConfig = '' + services.caddy.virtualHosts."${pleromaUrl}".extraConfig = '' log { output file /var/log/caddy/akkoma.log } @@ -95,7 +90,7 @@ in reverse_proxy 127.0.0.1:4000 ''; - services.caddy.virtualHosts."http://${pleromaMediaUrl}".extraConfig = '' + services.caddy.virtualHosts."${pleromaMediaUrl}".extraConfig = '' log { output file /var/log/caddy/akkoma_media.log }