wipo

hosts/algiz/configuration.nix

@@ -29,121 +29,122 @@
 
   # fail2ban config based on:
   # https://www.linode.com/docs/guides/how-to-use-fail2ban-for-ssh-brute-force-protection/
-  services.fail2ban {
+  services.fail2ban = {
-  enable = true;
+    enable = true;
-  maxretry = 5;
+    maxretry = 5;
-  bantime = "24h";
+    bantime = "24h";
-  jails = {
+    jails =
-    sshd = ''
+      {
-      port = ssh
+        sshd = ''
-      filter = sshd
+          port = ssh
-      logpath = /var/log/auth.log
+          filter = sshd
-      maxretry = 3
+          logpath = /var/log/auth.log
-      findtime = 300
+          maxretry = 3
-      bantime = 3600
+          findtime = 300
-      ignoreip = 127.0.0.1
+          bantime = 3600
-    ''
+        '';
-      }
+      };
-      }
+  };
-      boot.kernelPackages = pkgs.linuxPackages_latest;
 
-    # TODO: convert this to a systemd service/timer
+  boot.kernelPackages = pkgs.linuxPackages_latest;
-    # services.cron = {
-    #   enable = true;
-    #   systemCronJobs = [
-    #     # update repos
-    #     "0 * * * * make -C /home/daylin/git soft-repos"
-    #     # update container so home page is semi-accurate
-    #     "0 2 * * * make -C /home/daylin/git update-soft-serve"
-    #   ];
-    # };
-    #
-    networking.hostName = "algiz";
 
-    # added to make using `pip install` work in docker build
+  # TODO: convert this to a systemd service/timer
-    networking.nameservers = [
+  # services.cron = {
-      "8.8.8.8"
+  #   enable = true;
-    ];
+  #   systemCronJobs = [
+  #     # update repos
+  #     "0 * * * * make -C /home/daylin/git soft-repos"
+  #     # update container so home page is semi-accurate
+  #     "0 2 * * * make -C /home/daylin/git update-soft-serve"
+  #   ];
+  # };
+  #
+  networking.hostName = "algiz";
 
-    time.timeZone = "America/Chicago";
+  # added to make using `pip install` work in docker build
-    programs.zsh.enable = true;
+  networking.nameservers = [
-    virtualisation.docker.enable = true;
+    "8.8.8.8"
+  ];
 
-    programs.nix-ld.enable = true;
+  time.timeZone = "America/Chicago";
-    programs.nix-ld.libraries = with pkgs; [
+  programs.zsh.enable = true;
-      stdenv.cc.cc
+  virtualisation.docker.enable = true;
-      curl # for choosenim
-    ];
 
-    environment.systemPackages = with pkgs; [
+  programs.nix-ld.enable = true;
-      zsh
+  programs.nix-ld.libraries = with pkgs; [
+    stdenv.cc.cc
+    curl # for choosenim
+  ];
 
-      tmux
+  environment.systemPackages = with pkgs; [
-      wget
+    zsh
-      unzip
-      less
-      gnumake
-      gcc
-      gnupg
 
-      curl
+    tmux
+    wget
+    unzip
+    less
+    gnumake
+    gcc
+    gnupg
 
-      git
+    curl
 
-      vim
+    git
-      neovim
 
-      starship
+    vim
-      atuin
+    neovim
-      chezmoi
-      bat
-      fzf
-      delta
-      ripgrep
-      lsd
 
-      gh
+    starship
-      lazygit
+    atuin
+    chezmoi
+    bat
+    fzf
+    delta
+    ripgrep
+    lsd
 
-      nixpkgs-fmt
+    gh
-      lazydocker
+    lazygit
 
-      (python3.withPackages (ps: with ps; [ pip ]))
+    nixpkgs-fmt
-      micromamba
+    lazydocker
 
-      nodejs
+    (python3.withPackages (ps: with ps; [ pip ]))
-      go
+    micromamba
-      rustup
+
-    ];
+    nodejs
+    go
+    rustup
+  ];
 
 
-    # Use the GRUB 2 boot loader.
+  # Use the GRUB 2 boot loader.
-    boot.loader.grub.enable = true;
+  boot.loader.grub.enable = true;
-    boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
 
-    programs.gnupg.agent = {
+  programs.gnupg.agent = {
-      enable = true;
+    enable = true;
-      enableSSHSupport = true;
+    enableSSHSupport = true;
-    };
+  };
 
-    # allow tcp connections for git.dayl.in (gitea)
+  # allow tcp connections for git.dayl.in (gitea)
-    networking.firewall = {
+  networking.firewall = {
-      enable = true;
+    enable = true;
-      allowedTCPPorts = [ 80 443 ];
+    allowedTCPPorts = [ 80 443 ];
-    };
+  };
 
-    # Enable the OpenSSH daemon.
+  # Enable the OpenSSH daemon.
-    services.openssh.enable = true;
+  services.openssh.enable = true;
-    services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.settings.PasswordAuthentication = false;
 
-    users.mutableUsers = false;
+  users.mutableUsers = false;
 
-    # This value determines the NixOS release from which the default
+  # This value determines the NixOS release from which the default
-    # settings for stateful data, like file locations and database versions
+  # settings for stateful data, like file locations and database versions
-    # on your system were taken. It‘s perfectly fine and recommended to leave
+  # on your system were taken. It‘s perfectly fine and recommended to leave
-    # this value at the release version of the first install of this system.
+  # this value at the release version of the first install of this system.
-    # Before changing this value read the documentation for this option
+  # Before changing this value read the documentation for this option
-    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-    system.stateVersion = "22.11"; # Did you read the comment?
+  system.stateVersion = "22.11"; # Did you read the comment?
-  }
+}