rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

networking and security updates

Browse source
This commit is contained in:
Rouven Seifert 2023-11-25 23:22:16 +01:00
parent ccfcd6db3a
commit 2e8e3ada22
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
7 changed files with 29 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.lock
View file

@ -179,11 +179,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700695018, "lastModified": 1700847865,
"narHash": "sha256-MAiPLgBF4GLzSOlhnPCDWkWW5CDx4i7ApIYaR+TwTVg=", "narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "134deb46abd5d0889d913b8509413f6f38b0811e", "rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -295,11 +295,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1700612854, "lastModified": 1700794826,
"narHash": "sha256-yrQ8osMD+vDLGFX7pcwsY/Qr5PUd6OmDMYJZzZi0+zc=", "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "19cbff58383a4ae384dea4d1d0c823d72b49d614", "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/falkenstein/default.nix
View file

@ -54,8 +54,6 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
# clean up the logs a bit
ports = [ 2222 ];
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
programs.mosh.enable = true; programs.mosh.enable = true;

8
hosts/falkenstein/modules/fail2ban/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { lib, ... }:
{ {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
@ -7,11 +7,15 @@
enable = true; enable = true;
}; };
jails = { jails = {
sshd = lib.mkForce ''
enabled = true
port = ssh
filter= sshd[mode=aggressive]
'';
dovecot = '' dovecot = ''
enabled = true enabled = true
# aggressive mode add blocking for aborted connections # aggressive mode add blocking for aborted connections
filter = dovecot[mode=aggressive] filter = dovecot[mode=aggressive]
bantime = 10m
maxretry = 3 maxretry = 3
''; '';
postfix = '' postfix = ''

7
hosts/falkenstein/modules/mail/default.nix
View file

@ -15,10 +15,9 @@ let
in in
{ {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 # insecure SMTP 25 # SMTP
465 465 # SUBMISSONS
587 # SMTP 993 # IMAPS
993 # IMAP
4190 # sieve 4190 # sieve
]; ];
users.users.rouven = { users.users.rouven = {

10
hosts/thinkpad/default.nix
View file

@ -56,6 +56,16 @@
HibernateDelaySec=2h HibernateDelaySec=2h
''; '';
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureUsers = [
{
name = "user1";
}
];
};
services.logind = { services.logind = {
lidSwitch = "suspend-then-hibernate"; lidSwitch = "suspend-then-hibernate";
lidSwitchDocked = "suspend-then-hibernate"; lidSwitchDocked = "suspend-then-hibernate";

4
hosts/thinkpad/modules/networks/default.nix
View file

@ -41,7 +41,9 @@
hostName = "thinkpad"; hostName = "thinkpad";
hostId = "d8d34032"; hostId = "d8d34032";
enableIPv6 = true; enableIPv6 = true;
firewall.allowedTCPPorts = [ 24727 ]; firewall = {
logRefusedConnections = false;
};
wireless = { wireless = {
enable = true; enable = true;
userControlled.enable = true; userControlled.enable = true;

1
hosts/thinkpad/modules/sound/default.nix
View file

@ -9,5 +9,6 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
qpwgraph qpwgraph
easyeffects
]; ];
} }