many updates

hosts/algiz/configuration.nix

@@ -27,44 +27,46 @@
 
   services.resolved.enable = true;
 
-  # fail2ban config based on:
-  # https://www.linode.com/docs/guides/how-to-use-fail2ban-for-ssh-brute-force-protection/
   services.fail2ban = {
     enable = true;
     maxretry = 5;
     bantime = "24h";
-    jails =
-      {
-        sshd = ''
-          port = ssh
-          filter = sshd
-          logpath = /var/log/auth.log
-          maxretry = 3
-          findtime = 300
-          bantime = 3600
-        '';
-      };
   };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  # TODO: convert this to a systemd service/timer
+  systemd = {
-  # services.cron = {
+    timers.softServe = {
-  #   enable = true;
+      wantedBy = [ "timers.target" ];
-  #   systemCronJobs = [
+      timerConfig = {
-  #     # update repos
+        # every day at 4:AM
-  #     "0 * * * * make -C /home/daylin/git soft-repos"
+        OnCalendar = "*-*-* 4:00:00";
-  #     # update container so home page is semi-accurate
+      };
-  #     "0 2 * * * make -C /home/daylin/git update-soft-serve"
+    };
-  #   ];
+    services.softServe = {
-  # };
+      wantedBy = [ "multi-user.target" ];
-  #
+      description = "update soft serve git repos";
-  networking.hostName = "algiz";
+      serviceConfig = {
+        type = "oneshot";
+        ExecStart =
+          let gitDir = "/home/daylin/git";
+          in
+          ''
+            ${pkgs.python3.interpreter} "${gitDir}/soft/config/update-soft-serve-repos.py" && \
+            ${pkgs.docker} compose --project-directory ${gitDir} restart
+          '';
+      };
+    };
+  };
 
-  # added to make using `pip install` work in docker build
+  networking = {
-  networking.nameservers = [
+    hostName = "algiz";
-    "8.8.8.8"
+
-  ];
+    # added to make using `pip install` work in docker build
+    nameservers = [
+      "8.8.8.8"
+    ];
+  };
 
   time.timeZone = "America/Chicago";
   programs.zsh.enable = true;