diff --git a/configs/user.nix b/configs/user.nix index 87bc9ff..ee865f9 100644 --- a/configs/user.nix +++ b/configs/user.nix @@ -25,6 +25,7 @@ in "scanner" "adbusers" "locatedb" + "davfs2" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski" diff --git a/machine/nixos-vm.nix b/machine/nixos-vm.nix index 8ba3d77..766c9b3 100644 --- a/machine/nixos-vm.nix +++ b/machine/nixos-vm.nix @@ -34,18 +34,18 @@ in { }; }; - environment.pantheon.excludePackages = (with pkgs.pantheon; [ - elementary-calculator - # elementary-calendar - elementary-camera - elementary-code - elementary-music - # elementary-photos - # elementary-screenshot - # elementary-tasks - elementary-videos - epiphany - ]); + environment.pantheon.excludePackages = (with pkgs.pantheon; [ + elementary-calculator + # elementary-calendar + elementary-camera + elementary-code + elementary-music + # elementary-photos + # elementary-screenshot + # elementary-tasks + elementary-videos + epiphany + ]); system.stateVersion = "23.05"; diff --git a/machine/vps.nix b/machine/vps.nix index 3c32f0d..fef69de 100644 --- a/machine/vps.nix +++ b/machine/vps.nix @@ -70,6 +70,17 @@ in presharedKey = secrets.wireguard-preshared; allowedIPs = [ "10.100.0.6/32" ]; } + { + publicKey = secrets.wireguard-framework-public; + presharedKey = secrets.wireguard-preshared; + allowedIPs = [ "10.100.0.7/32" ]; + } + { + publicKey = secrets.wireguard-thinkpad-public; + presharedKey = secrets.wireguard-preshared; + allowedIPs = [ "10.100.0.8/32" ]; + } + { publicKey = secrets.wireguard-vps2-public; presharedKey = secrets.wireguard-preshared; @@ -120,7 +131,14 @@ in }; }; - environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ]; + environment.systemPackages = with pkgs; [ + goaccess + xd + nyx + mkp224o + progress + ]; + programs = { mtr.enable = true; @@ -379,6 +397,7 @@ in }; }; + logLevel = "error"; enableIPv4 = true; enableIPv6 = true; }; @@ -396,6 +415,10 @@ in }; }; + davfs2 = { + enable = true; + }; + tor = { enable = true; # relay = { @@ -439,17 +462,18 @@ in fail2ban = { enable = true; + bantime = "7d"; - jails.DEFAULT = '' - bantime = 7d - ''; - - jails.sshd = '' - filter = sshd - maxretry = 4 - action = iptables[name=ssh, port=ssh, protocol=tcp] - enabled = true - ''; + jails = { + sshd = { + settings = { + filter = "sshd"; + maxretry = 4; + action = ''iptables[name=ssh, port=ssh, protocol=tcp]''; + enabled = true; + }; + }; + }; }; netdata.enable = true; @@ -486,10 +510,24 @@ in "/var/lib/monero" ]; }; + + autofs = { + enable = true; + autoMaster = + let + mapConf = pkgs.writeText "auto" '' + nextcloud -fstype=davfs,conf=/path/to/davfs/conf,uid=myuid :https\:nextcloud.domain/remote.php/webdav/ + ''; + in + '' + /home/directory/mounts file:${mapConf} + ''; + }; + }; # Limit stack size to reduce memory usage systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; }