vps-2023-12-03-11-02-40

2023-12-03 11:02:40 +01:00
parent 13330aeb64
commit 18a03e3786
3 changed files with 63 additions and 24 deletions
--- a/machine/nixos-vm.nix
+++ b/machine/nixos-vm.nix
@ -34,18 +34,18 @@ in {
    };
  };

-   environment.pantheon.excludePackages = (with pkgs.pantheon; [
-        elementary-calculator
-        # elementary-calendar
-        elementary-camera
-        elementary-code
-        elementary-music
-        # elementary-photos
-        # elementary-screenshot
-        # elementary-tasks
-        elementary-videos
-        epiphany
-     ]);
+  environment.pantheon.excludePackages = (with pkgs.pantheon; [
+    elementary-calculator
+    # elementary-calendar
+    elementary-camera
+    elementary-code
+    elementary-music
+    # elementary-photos
+    # elementary-screenshot
+    # elementary-tasks
+    elementary-videos
+    epiphany
+  ]);


  system.stateVersion = "23.05";
--- a/machine/vps.nix
+++ b/machine/vps.nix
@ -70,6 +70,17 @@ in
            presharedKey = secrets.wireguard-preshared;
            allowedIPs = [ "10.100.0.6/32" ];
          }
+          {
+            publicKey = secrets.wireguard-framework-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.7/32" ];
+          }
+          {
+            publicKey = secrets.wireguard-thinkpad-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.8/32" ];
+          }
+
          {
            publicKey = secrets.wireguard-vps2-public;
            presharedKey = secrets.wireguard-preshared;
@ -120,7 +131,14 @@ in
    };
  };

-  environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ];
+  environment.systemPackages = with pkgs; [
+    goaccess
+    xd
+    nyx
+    mkp224o
+    progress
+  ];
+

  programs = {
    mtr.enable = true;
@ -379,6 +397,7 @@ in
        };
      };

+      logLevel = "error";
      enableIPv4 = true;
      enableIPv6 = true;
    };
@ -396,6 +415,10 @@ in
      };
    };

+    davfs2 = {
+      enable = true;
+    };
+
    tor = {
      enable = true;
      # relay = {
@ -439,17 +462,18 @@ in

    fail2ban = {
      enable = true;
+      bantime = "7d";

-      jails.DEFAULT = ''
-        bantime  = 7d
-      '';
-
-      jails.sshd = ''
-        filter = sshd
-        maxretry = 4
-        action   = iptables[name=ssh, port=ssh, protocol=tcp]
-        enabled  = true
-      '';
+      jails = {
+        sshd = {
+          settings = {
+            filter = "sshd";
+            maxretry = 4;
+            action = ''iptables[name=ssh, port=ssh, protocol=tcp]'';
+            enabled = true;
+          };
+        };
+      };
    };

    netdata.enable = true;
@ -486,10 +510,24 @@ in
        "/var/lib/monero"
      ];
    };
+
+    autofs = {
+      enable = true;
+      autoMaster =
+        let
+          mapConf = pkgs.writeText "auto" ''
+            nextcloud -fstype=davfs,conf=/path/to/davfs/conf,uid=myuid :https\:nextcloud.domain/remote.php/webdav/
+          '';
+        in
+        ''
+          /home/directory/mounts file:${mapConf}
+        '';
+    };
+
  };

  # Limit stack size to reduce memory usage
  systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024;

-  system.stateVersion = "23.05";
+  system.stateVersion = "23.11";
 }