misschloe/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-08-09 23:20:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: misschloe:72e0ccf47113b41a36e673615bbf25aa8d0ec758
Branches Tags
misschloe:main
misschloe:next
..
compare: misschloe:211e10c0ee07ecb1a1891994ab8b268c156b7fb9
Branches Tags
misschloe:main
misschloe:next

No commits in common. "72e0ccf47113b41a36e673615bbf25aa8d0ec758" and "211e10c0ee07ecb1a1891994ab8b268c156b7fb9" have entirely different histories.
72e0ccf471 ... 211e10c0ee

2 changed files with 36 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

40
hosts/sisyphe/features/fail2ban.nix
View file

@ -5,34 +5,24 @@
ignoreIP = [ "192.168.1.0/24" ];
extraPackages = [ ];
jails = {
/*
nextcloud = ''
enabled = true;
filter = nextcloud
port = http,https
'';
*/
};
sshd = ''
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
'';
nextcloud = ''
enabled = true;
filter = nextcloud
port = http,https
'';
};
};
environment.etc = {
/*
"fail2ban/filter.d/nextcloud.conf".text = ''
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
'';
*/
};
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
'';
};
}

47
hosts/sisyphe/features/services/akkoma.nix
View file

@ -26,8 +26,24 @@ let
"${theme}": "/static/themes/${theme}.json"
}
'';
akkoma-overlay = self: super: {
akkoma = super.akkoma.overrideAttrs (old: {
postPatch = ''
mkdir -p $out/priv/static/themes
cp ${themeSrc} $out/priv/static/themes/${theme}.json
cp ${pkgs.writeText "styles.json" styles} $out/priv/static/themes
cp ${tosFile} $out/priv/static/terms-of-service.html
'';
buildInputs = old.buildInputs ++ [
pkgs.curl
];
});
};
in
{
nixpkgs.overlays = [ akkoma-overlay ];
services.akkoma.enable = true;
services.akkoma.initDb.enable = true;
services.akkoma.config = {
@ -51,42 +67,21 @@ in
base_url = "https://blurb.rougebordeaux.xyz/media";
link_name = true;
filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.Exiftool.StripMetadata"
"Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
};
":configurable_from_database" = false;
":frontend_configurations" = {
"primary" = {
"frontend_configurations" = {
"pleroma_fe" = {
"theme" = "${theme}";
};
};
};
};
services.akkoma.frontends.primary = {
name = "akkoma-fe";
ref = "stable";
package =
pkgs.runCommand "akkoma-fe"
{
nativeBuildInputs = with pkgs; [
xorg.lndir
];
}
''
mkdir $out
lndir ${pkgs.akkoma-fe} $out
cp ${themeSrc} $out/static/themes/${theme}.json
rm $out/static/styles.json
cp ${pkgs.writeText "styles.json" styles} $out/static/styles.json
rm $out/static/terms-of-service.html
cp ${tosFile} $out/static/terms-of-service.html
'';
};
services.caddy.virtualHosts."http://${pleromaUrl}".extraConfig = ''
services.caddy.virtualHosts."${pleromaUrl}".extraConfig = ''
log {
output file /var/log/caddy/akkoma.log
}
@ -95,7 +90,7 @@ in
reverse_proxy 127.0.0.1:4000
'';
services.caddy.virtualHosts."http://${pleromaMediaUrl}".extraConfig = ''
services.caddy.virtualHosts."${pleromaMediaUrl}".extraConfig = ''
log {
output file /var/log/caddy/akkoma_media.log
}