2024-05-06 15:30:10 -05:00
|
|
|
{ enabled, ... }:
|
2024-04-28 09:12:56 -05:00
|
|
|
{
|
2024-03-21 11:04:01 -05:00
|
|
|
services.resolved = enabled;
|
2024-01-23 11:51:13 -06:00
|
|
|
|
|
|
|
|
services.fail2ban = {
|
|
|
|
|
enable = true;
|
|
|
|
|
maxretry = 5;
|
|
|
|
|
bantime = "24h";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# # added to make using `pip install` work in docker build
|
|
|
|
|
# networking.nameservers = [ "8.8.8.8"];
|
|
|
|
|
|
|
|
|
|
# allow tcp connections for revsere proxy
|
2024-05-06 14:32:00 -05:00
|
|
|
networking.firewall = enabled // {
|
|
|
|
|
allowedTCPPorts = [
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.openssh = enabled // {
|
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
|
};
|
2024-01-23 11:51:13 -06:00
|
|
|
|
2024-03-19 07:37:20 -05:00
|
|
|
# users.mutableUsers = false;
|
2024-01-23 11:51:13 -06:00
|
|
|
|
|
|
|
|
# Use the GRUB 2 boot loader.
|
|
|
|
|
boot.loader.grub.enable = true;
|
2024-03-17 15:13:46 -05:00
|
|
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
2024-01-23 11:51:13 -06:00
|
|
|
|
2024-03-21 11:04:01 -05:00
|
|
|
# don't delete this you foo bar
|
2024-03-17 15:13:46 -05:00
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
2024-01-23 11:51:13 -06:00
|
|
|
}
|
