BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vps-2023-12-03-11-02-40

Browse Source
This commit is contained in:
Alexander Szczepanski
2023-12-03 11:02:40 +01:00
parent 13330aeb64
commit 18a03e3786
3 changed files with 63 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configs/user.nix
View File

@ -25,6 +25,7 @@ in
"scanner" "scanner"
"adbusers" "adbusers"
"locatedb" "locatedb"
"davfs2"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski"

24
machine/nixos-vm.nix
View File

@ -34,18 +34,18 @@ in {
}; };
}; };
environment.pantheon.excludePackages = (with pkgs.pantheon; [ environment.pantheon.excludePackages = (with pkgs.pantheon; [
elementary-calculator elementary-calculator
# elementary-calendar # elementary-calendar
elementary-camera elementary-camera
elementary-code elementary-code
elementary-music elementary-music
# elementary-photos # elementary-photos
# elementary-screenshot # elementary-screenshot
# elementary-tasks # elementary-tasks
elementary-videos elementary-videos
epiphany epiphany
]); ]);
system.stateVersion = "23.05"; system.stateVersion = "23.05";

62
machine/vps.nix
View File

@ -70,6 +70,17 @@ in
presharedKey = secrets.wireguard-preshared; presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.6/32" ]; allowedIPs = [ "10.100.0.6/32" ];
} }
{
publicKey = secrets.wireguard-framework-public;
presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.7/32" ];
}
{
publicKey = secrets.wireguard-thinkpad-public;
presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.8/32" ];
}
{ {
publicKey = secrets.wireguard-vps2-public; publicKey = secrets.wireguard-vps2-public;
presharedKey = secrets.wireguard-preshared; presharedKey = secrets.wireguard-preshared;
@ -120,7 +131,14 @@ in
}; };
}; };
environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ]; environment.systemPackages = with pkgs; [
goaccess
xd
nyx
mkp224o
progress
];
programs = { programs = {
mtr.enable = true; mtr.enable = true;
@ -379,6 +397,7 @@ in
}; };
}; };
logLevel = "error";
enableIPv4 = true; enableIPv4 = true;
enableIPv6 = true; enableIPv6 = true;
}; };
@ -396,6 +415,10 @@ in
}; };
}; };
davfs2 = {
enable = true;
};
tor = { tor = {
enable = true; enable = true;
# relay = { # relay = {
@ -439,17 +462,18 @@ in
fail2ban = { fail2ban = {
enable = true; enable = true;
bantime = "7d";
jails.DEFAULT = '' jails = {
bantime = 7d sshd = {
''; settings = {
filter = "sshd";
jails.sshd = '' maxretry = 4;
filter = sshd action = ''iptables[name=ssh, port=ssh, protocol=tcp]'';
maxretry = 4 enabled = true;
action = iptables[name=ssh, port=ssh, protocol=tcp] };
enabled = true };
''; };
}; };
netdata.enable = true; netdata.enable = true;
@ -486,10 +510,24 @@ in
"/var/lib/monero" "/var/lib/monero"
]; ];
}; };
autofs = {
enable = true;
autoMaster =
let
mapConf = pkgs.writeText "auto" ''
nextcloud -fstype=davfs,conf=/path/to/davfs/conf,uid=myuid :https\:nextcloud.domain/remote.php/webdav/
'';
in
''
/home/directory/mounts file:${mapConf}
'';
};
}; };
# Limit stack size to reduce memory usage # Limit stack size to reduce memory usage
systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024;
system.stateVersion = "23.05"; system.stateVersion = "23.11";
} }