diff --git a/flake.lock b/flake.lock index bc95544..3c69b4c 100644 --- a/flake.lock +++ b/flake.lock @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1700695018, - "narHash": "sha256-MAiPLgBF4GLzSOlhnPCDWkWW5CDx4i7ApIYaR+TwTVg=", + "lastModified": 1700847865, + "narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=", "owner": "nix-community", "repo": "home-manager", - "rev": "134deb46abd5d0889d913b8509413f6f38b0811e", + "rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700612854, - "narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=", + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "type": "github" }, "original": { diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index 5125175..c3a4108 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -54,8 +54,6 @@ # Enable the OpenSSH daemon. services.openssh = { enable = true; - # clean up the logs a bit - ports = [ 2222 ]; settings.PasswordAuthentication = false; }; programs.mosh.enable = true; diff --git a/hosts/falkenstein/modules/fail2ban/default.nix b/hosts/falkenstein/modules/fail2ban/default.nix index 666bff3..89ca3b2 100644 --- a/hosts/falkenstein/modules/fail2ban/default.nix +++ b/hosts/falkenstein/modules/fail2ban/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { services.fail2ban = { enable = true; @@ -7,11 +7,15 @@ enable = true; }; jails = { + sshd = lib.mkForce '' + enabled = true + port = ssh + filter= sshd[mode=aggressive] + ''; dovecot = '' enabled = true # aggressive mode add blocking for aborted connections filter = dovecot[mode=aggressive] - bantime = 10m maxretry = 3 ''; postfix = '' diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index c9454d5..02bf95b 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -15,10 +15,9 @@ let in { networking.firewall.allowedTCPPorts = [ - 25 # insecure SMTP - 465 - 587 # SMTP - 993 # IMAP + 25 # SMTP + 465 # SUBMISSONS + 993 # IMAPS 4190 # sieve ]; users.users.rouven = { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index bfb830d..0b9b3c6 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -56,6 +56,16 @@ HibernateDelaySec=2h ''; + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureUsers = [ + { + name = "user1"; + } + ]; + }; + services.logind = { lidSwitch = "suspend-then-hibernate"; lidSwitchDocked = "suspend-then-hibernate"; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index b2dc4f7..4a22e70 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -41,7 +41,9 @@ hostName = "thinkpad"; hostId = "d8d34032"; enableIPv6 = true; - firewall.allowedTCPPorts = [ 24727 ]; + firewall = { + logRefusedConnections = false; + }; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/thinkpad/modules/sound/default.nix b/hosts/thinkpad/modules/sound/default.nix index ffc4116..5b3b5d3 100644 --- a/hosts/thinkpad/modules/sound/default.nix +++ b/hosts/thinkpad/modules/sound/default.nix @@ -9,5 +9,6 @@ }; environment.systemPackages = with pkgs; [ qpwgraph + easyeffects ]; }