add tuptime, sshd discord sevice, fail2ban etc

2024-07-03 12:58:48 -04:00 · 2024-07-03 12:58:48 -04:00 · 66caa4375a
commit 66caa4375a
parent 6b4057baef
2 changed files with 33 additions and 5 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -69,6 +69,9 @@

  services.avahi.enable = true;

+  services.tuptime.enable = true;
+  services.tuptime.timer.enable = true;
+
  # Configure keymap in X11
  # services.xserver.xkb.layout = "us";
  # services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -129,7 +132,6 @@
    chezmoi
    czkawka
    delta
-    docker
    fastfetch
    file
    fzf
@ -150,9 +152,11 @@
    nodePackages.nodejs
    nodePackages.pnpm
    ripgrep
+    yazi
    sheldon
    starship
    tmux
+    tealdeer
    viddy
    wget
    zoxide
@ -209,12 +213,21 @@
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
    };
+    allowSFTP = true;
    # extraConfig = ''
    #   Match User git
    #     ForceCommand ssh git@localhost -p 2221 -o StrictHostKeyChecking=no
    # '';
  };
-
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "10.0.0.0/8"
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+    ];
+    bantime-increment.enable = true;
+  };
  virtualisation.docker = {
    storageDriver = "overlay2";
    enableOnBoot = true;
@ -226,8 +239,11 @@
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
+  # TODO:
  networking.firewall = {
    enable = false;
+    allowedUDPPorts = [22 80 443 2222 25565];
+    allowedTCPPorts = [22 80 443 2222 25565];
  };

  systemd.timers."qbittorrent-healthcheck" = {
@ -253,6 +269,18 @@
    };
    wantedBy = ["graphical.target"];
  };
+  systemd.services.sshdAlert = {
+    enable = true;
+    unitConfig = {
+      Requires = "sshd.service";
+    };
+    serviceConfig = {
+      ExecStart = ''
+        ${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
+      '';
+    };
+    wantedBy = ["multi-user.target"];
+  };
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1710272261,
-        "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
+        "lastModified": 1712439257,
+        "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
+        "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
        "type": "github"
      },
      "original": {