vps-2023-12-03-11-02-40

2023-12-03 11:02:40 +01:00
parent 13330aeb64
commit 18a03e3786
3 changed files with 63 additions and 24 deletions
--- a/configs/user.nix
+++ b/configs/user.nix
@ -25,6 +25,7 @@ in
        "scanner"
        "adbusers"
        "locatedb"
+        "davfs2"
      ];
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski"
--- a/machine/vps.nix
+++ b/machine/vps.nix
@ -70,6 +70,17 @@ in
            presharedKey = secrets.wireguard-preshared;
            allowedIPs = [ "10.100.0.6/32" ];
          }
+          {
+            publicKey = secrets.wireguard-framework-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.7/32" ];
+          }
+          {
+            publicKey = secrets.wireguard-thinkpad-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.8/32" ];
+          }
+
          {
            publicKey = secrets.wireguard-vps2-public;
            presharedKey = secrets.wireguard-preshared;
@ -120,7 +131,14 @@ in
    };
  };

-  environment.systemPackages = with pkgs; [ goaccess xd nyx mkp224o ];
+  environment.systemPackages = with pkgs; [
+    goaccess
+    xd
+    nyx
+    mkp224o
+    progress
+  ];
+

  programs = {
    mtr.enable = true;
@ -379,6 +397,7 @@ in
        };
      };

+      logLevel = "error";
      enableIPv4 = true;
      enableIPv6 = true;
    };
@ -396,6 +415,10 @@ in
      };
    };

+    davfs2 = {
+      enable = true;
+    };
+
    tor = {
      enable = true;
      # relay = {
@ -439,17 +462,18 @@ in

    fail2ban = {
      enable = true;
+      bantime = "7d";

-      jails.DEFAULT = ''
-        bantime  = 7d
-      '';
-
-      jails.sshd = ''
-        filter = sshd
-        maxretry = 4
-        action   = iptables[name=ssh, port=ssh, protocol=tcp]
-        enabled  = true
-      '';
+      jails = {
+        sshd = {
+          settings = {
+            filter = "sshd";
+            maxretry = 4;
+            action = ''iptables[name=ssh, port=ssh, protocol=tcp]'';
+            enabled = true;
+          };
+        };
+      };
    };

    netdata.enable = true;
@ -486,10 +510,24 @@ in
        "/var/lib/monero"
      ];
    };
+
+    autofs = {
+      enable = true;
+      autoMaster =
+        let
+          mapConf = pkgs.writeText "auto" ''
+            nextcloud -fstype=davfs,conf=/path/to/davfs/conf,uid=myuid :https\:nextcloud.domain/remote.php/webdav/
+          '';
+        in
+        ''
+          /home/directory/mounts file:${mapConf}
+        '';
+    };
+
  };

  # Limit stack size to reduce memory usage
  systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024;

-  system.stateVersion = "23.05";
+  system.stateVersion = "23.11";
 }