mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add tuptime, sshd discord sevice, fail2ban etc

Browse source
This commit is contained in:
Mira 2024-07-03 12:58:48 -04:00
parent 6b4057baef
commit 66caa4375a
2 changed files with 33 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
configuration.nix
View file

@ -69,6 +69,9 @@
services.avahi.enable = true; services.avahi.enable = true;
services.tuptime.enable = true;
services.tuptime.timer.enable = true;
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.xkb.layout = "us"; # services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape"; # services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -129,7 +132,6 @@
chezmoi chezmoi
czkawka czkawka
delta delta
docker
fastfetch fastfetch
file file
fzf fzf
@ -150,9 +152,11 @@
nodePackages.nodejs nodePackages.nodejs
nodePackages.pnpm nodePackages.pnpm
ripgrep ripgrep
yazi
sheldon sheldon
starship starship
tmux tmux
tealdeer
viddy viddy
wget wget
zoxide zoxide
@ -209,12 +213,21 @@
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
allowSFTP = true;
# extraConfig = '' # extraConfig = ''
# Match User git # Match User git
# ForceCommand ssh git@localhost -p 2221 -o StrictHostKeyChecking=no # ForceCommand ssh git@localhost -p 2221 -o StrictHostKeyChecking=no
# ''; # '';
}; };
services.fail2ban = {
enable = true;
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
bantime-increment.enable = true;
};
virtualisation.docker = { virtualisation.docker = {
storageDriver = "overlay2"; storageDriver = "overlay2";
enableOnBoot = true; enableOnBoot = true;
@ -226,8 +239,11 @@
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# TODO:
networking.firewall = { networking.firewall = {
enable = false; enable = false;
allowedUDPPorts = [22 80 443 2222 25565];
allowedTCPPorts = [22 80 443 2222 25565];
}; };
systemd.timers."qbittorrent-healthcheck" = { systemd.timers."qbittorrent-healthcheck" = {
@ -253,6 +269,18 @@
}; };
wantedBy = ["graphical.target"]; wantedBy = ["graphical.target"];
}; };
systemd.services.sshdAlert = {
enable = true;
unitConfig = {
Requires = "sshd.service";
};
serviceConfig = {
ExecStart = ''
${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
'';
};
wantedBy = ["multi-user.target"];
};
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix. # accidentally delete configuration.nix.

6
flake.lock generated
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1710272261, "lastModified": 1712439257,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=", "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2", "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
"type": "github" "type": "github"
}, },
"original": { "original": {