misschloe/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-08-11 16:10:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: misschloe:72e0ccf47113b41a36e673615bbf25aa8d0ec758
Branches Tags
misschloe:main
misschloe:next
..
compare: misschloe:211e10c0ee07ecb1a1891994ab8b268c156b7fb9
Branches Tags
misschloe:main
misschloe:next

No commits in common. "72e0ccf47113b41a36e673615bbf25aa8d0ec758" and "211e10c0ee07ecb1a1891994ab8b268c156b7fb9" have entirely different histories.
72e0ccf471 ... 211e10c0ee

2 changed files with 36 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

40
hosts/sisyphe/features/fail2ban.nix
View file

@ -5,34 +5,24 @@
ignoreIP = [ "192.168.1.0/24" ]; ignoreIP = [ "192.168.1.0/24" ];
extraPackages = [ ]; extraPackages = [ ];
jails = { jails = {
/* nextcloud = ''
nextcloud = '' enabled = true;
enabled = true; filter = nextcloud
filter = nextcloud port = http,https
port = http,https '';
''; };
*/
};
sshd = ''
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
'';
}; };
environment.etc = { environment.etc = {
/*
"fail2ban/filter.d/nextcloud.conf".text = '' "fail2ban/filter.d/nextcloud.conf".text = ''
[Definition] [Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed: ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
''; '';
*/ };
};
} }

47
hosts/sisyphe/features/services/akkoma.nix
View file

@ -26,8 +26,24 @@ let
"${theme}": "/static/themes/${theme}.json" "${theme}": "/static/themes/${theme}.json"
} }
''; '';
akkoma-overlay = self: super: {
akkoma = super.akkoma.overrideAttrs (old: {
postPatch = ''
mkdir -p $out/priv/static/themes
cp ${themeSrc} $out/priv/static/themes/${theme}.json
cp ${pkgs.writeText "styles.json" styles} $out/priv/static/themes
cp ${tosFile} $out/priv/static/terms-of-service.html
'';
buildInputs = old.buildInputs ++ [
pkgs.curl
];
});
};
in in
{ {
nixpkgs.overlays = [ akkoma-overlay ];
services.akkoma.enable = true; services.akkoma.enable = true;
services.akkoma.initDb.enable = true; services.akkoma.initDb.enable = true;
services.akkoma.config = { services.akkoma.config = {
@ -51,42 +67,21 @@ in
base_url = "https://blurb.rougebordeaux.xyz/media"; base_url = "https://blurb.rougebordeaux.xyz/media";
link_name = true; link_name = true;
filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [ filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.Exiftool.StripMetadata" "Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Dedupe" "Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename" "Pleroma.Upload.Filter.AnonymizeFilename"
]; ];
}; };
":configurable_from_database" = false; ":configurable_from_database" = false;
":frontend_configurations" = { "frontend_configurations" = {
"primary" = { "pleroma_fe" = {
"theme" = "${theme}"; "theme" = "${theme}";
}; };
}; };
}; };
}; };
services.akkoma.frontends.primary = {
name = "akkoma-fe";
ref = "stable";
package =
pkgs.runCommand "akkoma-fe"
{
nativeBuildInputs = with pkgs; [
xorg.lndir
];
}
''
mkdir $out
lndir ${pkgs.akkoma-fe} $out
cp ${themeSrc} $out/static/themes/${theme}.json services.caddy.virtualHosts."${pleromaUrl}".extraConfig = ''
rm $out/static/styles.json
cp ${pkgs.writeText "styles.json" styles} $out/static/styles.json
rm $out/static/terms-of-service.html
cp ${tosFile} $out/static/terms-of-service.html
'';
};
services.caddy.virtualHosts."http://${pleromaUrl}".extraConfig = ''
log { log {
output file /var/log/caddy/akkoma.log output file /var/log/caddy/akkoma.log
} }
@ -95,7 +90,7 @@ in
reverse_proxy 127.0.0.1:4000 reverse_proxy 127.0.0.1:4000
''; '';
services.caddy.virtualHosts."http://${pleromaMediaUrl}".extraConfig = '' services.caddy.virtualHosts."${pleromaMediaUrl}".extraConfig = ''
log { log {
output file /var/log/caddy/akkoma_media.log output file /var/log/caddy/akkoma_media.log
} }