wipo

2024-09-29 00:07:18 -05:00 · 2023-08-07 11:19:38 -05:00 · 2023-08-07 11:19:38 -05:00 · 3baa9f9b4f
commit 3baa9f9b4f
parent 7d77335e21
1 changed files with 97 additions and 96 deletions
--- a/hosts/algiz/configuration.nix
+++ b/hosts/algiz/configuration.nix
@ -29,121 +29,122 @@

  # fail2ban config based on:
  # https://www.linode.com/docs/guides/how-to-use-fail2ban-for-ssh-brute-force-protection/
-  services.fail2ban {
-  enable = true;
-  maxretry = 5;
-  bantime = "24h";
-  jails = {
-    sshd = ''
-      port = ssh
-      filter = sshd
-      logpath = /var/log/auth.log
-      maxretry = 3
-      findtime = 300
-      bantime = 3600
-      ignoreip = 127.0.0.1
-    ''
-      }
-      }
-      boot.kernelPackages = pkgs.linuxPackages_latest;
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime = "24h";
+    jails =
+      {
+        sshd = ''
+          port = ssh
+          filter = sshd
+          logpath = /var/log/auth.log
+          maxretry = 3
+          findtime = 300
+          bantime = 3600
+        '';
+      };
+  };

-    # TODO: convert this to a systemd service/timer
-    # services.cron = {
-    #   enable = true;
-    #   systemCronJobs = [
-    #     # update repos
-    #     "0 * * * * make -C /home/daylin/git soft-repos"
-    #     # update container so home page is semi-accurate
-    #     "0 2 * * * make -C /home/daylin/git update-soft-serve"
-    #   ];
-    # };
-    #
-    networking.hostName = "algiz";
+  boot.kernelPackages = pkgs.linuxPackages_latest;

-    # added to make using `pip install` work in docker build
-    networking.nameservers = [
-      "8.8.8.8"
-    ];
+  # TODO: convert this to a systemd service/timer
+  # services.cron = {
+  #   enable = true;
+  #   systemCronJobs = [
+  #     # update repos
+  #     "0 * * * * make -C /home/daylin/git soft-repos"
+  #     # update container so home page is semi-accurate
+  #     "0 2 * * * make -C /home/daylin/git update-soft-serve"
+  #   ];
+  # };
+  #
+  networking.hostName = "algiz";

-    time.timeZone = "America/Chicago";
-    programs.zsh.enable = true;
-    virtualisation.docker.enable = true;
+  # added to make using `pip install` work in docker build
+  networking.nameservers = [
+    "8.8.8.8"
+  ];

-    programs.nix-ld.enable = true;
-    programs.nix-ld.libraries = with pkgs; [
-      stdenv.cc.cc
-      curl # for choosenim
-    ];
+  time.timeZone = "America/Chicago";
+  programs.zsh.enable = true;
+  virtualisation.docker.enable = true;

-    environment.systemPackages = with pkgs; [
-      zsh
+  programs.nix-ld.enable = true;
+  programs.nix-ld.libraries = with pkgs; [
+    stdenv.cc.cc
+    curl # for choosenim
+  ];

-      tmux
-      wget
-      unzip
-      less
-      gnumake
-      gcc
-      gnupg
+  environment.systemPackages = with pkgs; [
+    zsh

-      curl
+    tmux
+    wget
+    unzip
+    less
+    gnumake
+    gcc
+    gnupg

-      git
+    curl

-      vim
-      neovim
+    git

-      starship
-      atuin
-      chezmoi
-      bat
-      fzf
-      delta
-      ripgrep
-      lsd
+    vim
+    neovim

-      gh
-      lazygit
+    starship
+    atuin
+    chezmoi
+    bat
+    fzf
+    delta
+    ripgrep
+    lsd

-      nixpkgs-fmt
-      lazydocker
+    gh
+    lazygit

-      (python3.withPackages (ps: with ps; [ pip ]))
-      micromamba
+    nixpkgs-fmt
+    lazydocker

-      nodejs
-      go
-      rustup
-    ];
+    (python3.withPackages (ps: with ps; [ pip ]))
+    micromamba
+
+    nodejs
+    go
+    rustup
+  ];


-    # Use the GRUB 2 boot loader.
-    boot.loader.grub.enable = true;
-    boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only

-    programs.gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };

-    # allow tcp connections for git.dayl.in (gitea)
-    networking.firewall = {
-      enable = true;
-      allowedTCPPorts = [ 80 443 ];
-    };
+  # allow tcp connections for git.dayl.in (gitea)
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+  };

-    # Enable the OpenSSH daemon.
-    services.openssh.enable = true;
-    services.openssh.settings.PasswordAuthentication = false;
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;

-    users.mutableUsers = false;
+  users.mutableUsers = false;

-    # This value determines the NixOS release from which the default
-    # settings for stateful data, like file locations and database versions
-    # on your system were taken. It‘s perfectly fine and recommended to leave
-    # this value at the release version of the first install of this system.
-    # Before changing this value read the documentation for this option
-    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-    system.stateVersion = "22.11"; # Did you read the comment?
-  }
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}